A meta-analysis of industry reports on the variety and forms of application exploits used in security incidents.

A review of the threat volume and characteristics affecting e-commerce.

The 2020 edition of this annual report uses results of software scan patterns and results across thousands of global customers. A focus for this edition is the effects of nature (the corporate environment of applications) vs. (more available)

This edition of the State of the Internet (SOTI)/Security report series focuses on the retail and hospitality sectors. An extensive review of how credential abuse attacks are carried out from both a methodology perspective and a volumetric angle is given. (more available)

A review of web application vulnerabilities as seen through Acuentix’s web scans between March 2019 and February 2020.

Using Akamai’s global visibility and content delivery networks, this report covers the security threats present in the gaming industry. An exploration of how gamers are a growing lucrative target for criminals, including methods, geography, and recommendations. (more available)

A report from aggregate telemetry on Contrast Security customers' applications between June 2019 and May 2020. Covers application vulnerability prevalence, time to remediation, attacks, and composition, among other themes. (more available)

The annual report from Snyk on the state of open source software from a security perspective. Includes survey data from 500+ developers, internal Snyk vulnerability data from the projects monitored by Snyk, and additional aggregated source code repository data. (more available)

The fifth edition of Edgescan’s vulnerability statistics report. Uses both scan data and survey data to report on vulnerability management, with a special focus on web application vulnerabilities. (more available)

Akamai’s annual overview of security traffic trends for 2019.

This is the 6th annual SOTI from Akamai. The Key findings are: • Between November 2017 and October 2019, more than 40% of the unique DDoS targets were in the financial services industry • Traditional logins (username and password) still account for the majority (74%) of access methods to applications and services • From May to October 2019, credential stuffing attacks targeting the financial services industry have targeted APIs, often accounting for 75% or more of the total login attacks against financial services

This report outlines the state of open source security, including open source adoption, known vulnerabilities, and vulnerability identification.

From the report, “From January 2018 through June 2019, Akamai recorded more than 61 billion credential stuffing attempts and more than 4 billion web application attacks. (more available)

This installment of State of the Internet / Security examines credential stuffing and web application attack trends over the last 17 months, with a focus on the gaming industry. (more available)

In this report, we’re going to give you an overview of the credential stuffing attacks in 2018 against the aforementioned sectors and look at the risks these attacks pose. (more available)

From the report, “With its customer base of over 4,000 organizations, Alert Logic has first-hand insight into the state of threat detection and response. (more available)

From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. (more available)

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). (more available)

This is Akamai’s State of The Internet Security report from the fourth quarter of 2017

This technical white paper describes a new approach to identifying your most critical web application vulnerabilities faster and at lower cost. (more available)

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group. (more available)