I'm giving you some information first.
Just the basic facts:
Can you show me where it hurts?
This post has embedded music !!!
Today I watched a old presentation of Mike Andrews for Google Tech Talks: techniques for exploiting weak spots in Web applications.
In this video he show us statistics of web vulnerabilities in the year 2006, if you compare these numbers with the web vulnerabilities of year 2008 we are worst.
These are some graphs from Web Application Security Trends Report for the last quarter of 2008 , a excellent report of Cenzic
80% of web technology
79% of web vulnerabilities belongs to web application
SQL injection in the first place with 24%
ActiveX and Remote File Inclusion in the top of Miscellaneous attacks.
Meanwhile Managers are Comfortably Numb.
The complete report here.
Comfortably Numb - Pink Floyd