Web applications are becoming more ubiquitous. All manner of physical devices
are now connected and often have a variety of web applications and
web-interfaces. This proliferation of web applications has been accompanied by
an increase in reported software vulnerabilities. The objective of this
analysis of vulnerability data is to understand the current landscape of
reported web application flaws. Along those lines, this work reviews ten years
(2011 - 2020) of vulnerability data in the National Vulnerability Database.
Based on this data, most common web application weaknesses are identified and
their profiles presented. A weakness ontology is developed to capture the
attributes of these weaknesses. These include their attack method and attack
vectors. Also described is the impact of the weaknesses to software quality
attributes. Additionally, the technologies that are susceptible to each
weakness are presented, they include programming languages, frameworks,
communication protocols, and data formats