Websites are as vulnerable as ever, according to a survey of Web application security professionals who test sites for security holes. The survey, conducted by researcher Jeremiah Grossman on his blogsite, polled more than 60 security pros, 63 percent who work for vendors or consultants, 23 percent for enterprises, 5 percent for government, and 10 percent for other types of organizations. These are the guys in the trenches who hammer on Websites regularly -- 53 percent said all or almost all of their job is dedicated to Web app security (versus development, general security, and incident response); 28 percent said about half; and 20 percent said "some."

Not much has changed in Web security, according to the survey respondents. The average Website's level of security has stayed the same this year as in 2005, 50 percent of the respondents said. And 28 percent said Websites are slightly more secure, and 20 percent said they are worse. Only 3 percent said they are "way more secure." According to 53 percent of the respondents, the main reason organizations conduct vulnerability assessments is to measure how secure they are (or aren't), and only 25 percent said it's for regulatory and compliance reasons. Ten percent said the organizations' customers or partners had asked them for independent validation. (See The Web App Security Gap and Review: Web Application Firewalls.)

The link for this article located at Dark Reading is no longer available.