New studies have gone a long way in confirming that certain web application security trends are accelerating. The SANS Top Cyber Security Risks report reveals that a full 60% of Internet attacks are now conducted against web applications. It's no longer unpatched operating systems that provide attackers with their main point of entry. In fact, patches for known flaws in operating systems are installed twice as fast as those for web application security vulnerabilities. Apparently, there are so many custom and open-source applications on a typical network that most admins can't even catalog them, let alone update them. And with more than 80% of newly-reported software flaws in common web applications, the numbers will only get worse. Despite the rise in web application attacks, organizations are not doing the simple things to improve their security by scanning for common flaws such as SQL Injection and Cross-Site Scripting. Scanning can go a long way towards preventing your servers from hosting malicious content which can infect users with malware--yet many organizations still bypass this critical step. And it's legitimate websites that have been compromised and are serving as malware servers that are now doing the most damage. Just ask the New York Times.

 The SANS report is available at http://www.sans.org/top-cyber-security-risks/.