The SANS Institute just released its Top 20 Internet Security Risks of 2007 Annual update. TippingPoint's own Rohit Dhamankar was the Project Director for this effort another year running.
Quoting Rohit in their official press release:
"Although half the total vulnerabilities reported in 2007 are in Web applications, its only the tip-of-the-iceberg. These data exclude vulnerabilities in custom developed Web applications. Compromised Web sites provide avenues for massive client-side compromises via Web browser, office documents, and media player exploits. This vicious circle of compromise is proving to be harder to break each day."For those of you who don't want to read through the entire document, a decent executive summary is available here.
