My belief: 70% of websites are vulnerable

When I was searching for a ticket in nationalrail.co.uk website, I suddenly found an XSS and also a SQL Injection vulnerabilities in it.

I reported these two vulns. to its website just for having more security. And, I think these two vulnerabilities are fixed now.

However, I believe that still 70% of webistes are vulnerable against the OWASP TOP 10!

Also, I think you should read “Survey: Majority of Web sites vulnerable” as well.

Cheers,

Soroush