100,000 Security Vulnerabilities and Counting

Tinfoil Security's scanner runs 24 hours a day, poking and prodding at all kinds of web applications. In our goal to make each website we use a safer place, we're pleased to announce that we've discovered and catalogued over One Hundred Thousand security issues from all over the web. 

Though we scan for a myriad of issues, we've found there are some that tend to crop up frequently. Here are some highlights from what we've found:

We found an average of 33 vulnerabilities per website:

  • 20% of the issues were Misconfigured Cookies.
  • 16% of the issues were Cross Site Scripting.
  • 4% of the issues were Unencrypted Password Forms.
  • 2.5% of the issues were SQL Injection.
  • 0.25% of the issues were YAML Injection (10% of Rails sites we've scanned, and we only started checking this a few months ago!).

We're going to keep on scanning and we're excited to introduce you to some of the new features of our service over the next few weeks. As always, please let us know what you think!

Want to join in the fun and get secure?

Ben Sedat

Ben Sedat is the Engineering Wizard of Tinfoil Security. He's a bit of a blend between a traditional software engineer (builder) and security engineer (breaker). He spends a lot of time thinking about security: both detection as well as creating solutions for the security issues that exist in software and the internet. He also plays lots of video games. Lots.