In this report, we’re going to give you an overview of the credential stuffing attacks in 2018 against the aforementioned sectors and look at the risks these attacks pose. We’ll also explore some of the ways adversaries conduct these attacks.

From the report, “With its customer base of over 4,000 organizations, Alert Logic has first-hand insight into the state of threat detection and response. Drawing from more than a billion security anomalies, millions of security events, and over a quarter million verified security incidents from April 2017 to June 2018, our research has identified five key insights that every business leader, IT leader, and IT practitioner should be aware of: 1. The initial phases of the cyber killchain are merging to accelerate targeted attacks 2. Industry and size are no longer reliable predictors of threat risk 3. Attack automation and “spray and pray” techniques are aiming at everything with an IP address 4. Cryptojacking is now rampant 5. Web applications remain the primary point of initial attack” Read on to find out more.

From the report, “On November 26th, Slovakian Anonymous leader ‘Abaddon’ posted in the deep web message board ‘Hidden Answers’, looking to recruit accomplices for an operation targeting NATO and EU websites. The proposed attacks would potentially arrive by means of XSS (cross-site scripting), SQL injection, or a combination of both. And by DDoS (distributed denial of service), a type of attack that is intended to make an online resource unavailable to its legitimate users by overwhelming it with traffic. It is not yet clear what the motives for the operation are, or what the official name will be.”

“For a long time now, SOSS has provided a reliable yardstick for the most common vulnerabilities found in software, as well as how organizations are measuring up to security industry benchmarks throughout the software development lifecycle (SDLC). One thing we’ve always wanted to understand better, though, is how quickly these organizations are actually fixing flaws once they’ve been identified in application security scans. This year, we turned our data analysis up a notch by working with the data scientists at Cyentia Institute, so that we could gain better visibility into the factors that go into fixing flaws. Readers will find valuable insight on how factors like flaw severity, business criticality of applications, and exploitability of the flaws change the rate at which certain vulnerabilities are fixed.”

This is Akamai’s State of The Internet Security report from the fourth quarter of 2017

This technical white paper describes a new approach to identifying your most critical web application vulnerabilities faster and at lower cost.

Contributors to this paper include security professionals, including the Security Intelligence Response Team (SIRT), the Threat Research Unit, Information Security, and the Custom Analytics group.

This paper begins with a review of data sources available for building or improving decision models for vulnerability remediation. It then discusses the vulnerability lifecycle and examine timelines and triggers surrounding key milestones. Identifying attributes of vulnerabilities that correlate with exploitation comes next on the docket. The last section measures the outcomes of several remediation strategies and develops a model that optimizes overall effectiveness.

This report is intended to help you get up to speed on the latest developments in the WAF space, to better understand how you can incorporate and integrate WAF technology with your existing and planned technology deployments, including cloud, on-premises, and hybrid topologies.

In the Akamai State of the Internet - Security Report, you’ll get detailed cloud security insights about DDoS and web application attack trends observed across the Akamai Intelligent Platform™ for Q3 2016.

This is the 12th annual WhiteHat Security Statistics Report. This year they’ve added some real metrics around DevSecOps. They’ve also added a new SAST section and a mobile security section.

This paper represents analysis and research based on data from Akamai’s global infrastructure and routed Distributed Denial of Service (DDoS) solution.

Get detailed cloud security insights about DDoS and web application attack trends observed across the Akamai Intelligent Platform™ for Q1 2016. Highlights include: 1) A 23% increase in DDoS attacks and a 26% increase in web application attacks, compared with Q4 2015, setting new records for the number of attacks in the quarter 2) The rise in repeat DDoS attacks, with an average of 29 attacks per targeted customer – including one customer who was targeted 283 times 3) The continued rise in multi-vectored attacks (56% of all DDoS attacks mitigated in Q1 2016), making mitigation more difficult

This report gives a detailed breakdown of DDoS attacks in Q4 of 2015.

Readers are encouraged to use this report to get a better understanding of the current threat landscape, including trends specific to different contexts like region, time of day, industry, and more, in order to better fine-tune defenses for meeting the security needs of their unique environments.

Veracode’s intention is to provide security practitioners with tangible AppSec benchmarks with which to measure their own programs against. They’ve sliced and diced the numbers to offer a range of perspectives on the risk of applications throughout the entire software lifecycle. This includes statistics on policy pass rates against security standards, the statistical mix of common vulnerability types found in applications, flaw density and average fix rate.

This Report takes a look at the top 5 data security threats and analyzes what a company can do about them.

In this, the eighth volume of this report, they present metrics that are based on real application risk postures, drawn from code-level analysis of nearly 250 billion lines of code across 400,000 assessmnets performed over a period of 12 months between April 1, 2016 and March 31, 2017.

This report includes research on the evolving state of cloud security.

This is an annual report that provides an inside look into the economics and emerging trends of bug bounties, with data collected from Bugcrowd’s platform and other sources throughout 2016. This report is published on a yearly basis for CISOs and other security decision makers to provide a transparent look at the evolving bug bounty market.

The Threat Intelligence Index outlines the security threat landscape based on data gathered for the entire year of 2016. It uses data developed by analyzing “billions" of events, monitored by IBM security services, in more than 100 countries.