Have Things Changed Now - an Empirical Study on Input Validation Vulnerabilities in Web Applications

Web applications have become important services in the people daily lives. Millions of users use web applications to obtain information, perform financial transactions, have fun, socialize, and communicate. Unfortunately, web applications are also frequently targeted by attackers. Recent data from SANS institute estimates that up to 60% of Internet attacks target web applications. In this paper, the authors perform an empirical analysis of a large number of web vulnerability reports with the aim of understanding how input validation flaws have evolved in the last decade. In particular, they are interested in finding out if developers are more aware of web security problems today than they used to be in the past.