diff --git a/site/data/charts/check-for-updates.json b/site/data/charts/check-for-updates.json index 2cfe2400d..978dc8038 100644 --- a/site/data/charts/check-for-updates.json +++ b/site/data/charts/check-for-updates.json @@ -108,6 +108,8 @@ ["2024-06-01", 8, 28, 32, 651, 334, 1166, 5711, 382, 2162, 4677, 5654, 42935, 66254, 19047, 34613, 36566, 11873, 677091, 392085, 97995, 113097, ""], ["2024-07-01", 8, 56, 37, 596, 311, 955, 4061, 388, 2405, 5037, 5091, 29589, 61731, 16729, 51161, 39709, 10877, 783813, 440675, 180971, 142966, ""], ["2024-08-01", 4, 16, 19, 596, 269, 1282, 4087, 430, 2851, 4188, 4880, 31462, 70335, 15066, 38558, 44921, 10214, 945063, 448655, 207247, 182789, ""], - ["2024-09-01", 17, 26, 12, 481, 183, 1020, 3151, 293, 1419, 3584, 3355, 26725, 78210, 13581, 21400, 38657, 9518, 789838, 366952, 710356, 305501, ""] + ["2024-09-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 78210, 13581, 21400, 38657, 9518, 789838, 366952, 710356, 305501, ""], + ["2024-09-01", 17, 26, 12, 481, 183, 1020, 3151, 293, 1419, 3584, 3355, 26725, 0, 0, 0, 0, 0, 0, 0, 0, 0, ""], + ["2024-10-01", 6, 52, 20, 736, 307, 839, 3276, 435, 2590, 3263, 4497, 30496, 0, 0, 0, 0, 0, 0, 0, 0, 0, ""] ] } diff --git a/site/data/charts/container-last-month.json b/site/data/charts/container-last-month.json index b52d54f08..0760a2400 100644 --- a/site/data/charts/container-last-month.json +++ b/site/data/charts/container-last-month.json @@ -1,20 +1,20 @@ { - "title": "News Pings by Container in August 2024", - "description": "The number of News pings from ZAP by container in August 2024", + "title": "News Pings by Container in September 2024", + "description": "The number of News pings from ZAP by container in September 2024", "data": [ ["Container", "Count"], - ["zap2docker-stable", 5460693], - ["None", 857136], - ["zap2docker-weekly", 83685], - ["Unknown", 62922], - ["zap2docker-bare", 19761], - ["zap2docker-live", 12201], - ["snapcraft", 7183], - ["zap2docker-stable.webswing", 2466], - ["flatpak", 1452], - ["zap2docker-weekly.webswing", 71], - ["conquest/zap-weekly", 62], - ["zap", 49], - ["zap2docker-live.webswing", 19] + ["zap2docker-stable", 4498734], + ["None", 1035986], + ["zap2docker-weekly", 84826], + ["Unknown", 56350], + ["zap2docker-bare", 23468], + ["zap2docker-live", 14035], + ["snapcraft", 10674], + ["zap2docker-stable.webswing", 3729], + ["flatpak", 2385], + ["conquest/zap-weekly", 305], + ["zap2docker-weekly.webswing", 67], + ["zap", 38], + ["zap2docker-live.webswing", 5] ] } diff --git a/site/data/charts/countries-desktop-last-month.json b/site/data/charts/countries-desktop-last-month.json index 978cb124a..77e53ef0c 100644 --- a/site/data/charts/countries-desktop-last-month.json +++ b/site/data/charts/countries-desktop-last-month.json @@ -1,27 +1,27 @@ { - "title": "Desktop News Pings by Country in August 2024", - "description": "The number of News pings from ZAP Desktops by country in August 2024", + "title": "Desktop News Pings by Country in September 2024", + "description": "The number of News pings from ZAP Desktops by country in September 2024", "data": [ ["Country", "Count"], - ["US", 44585], - ["IN", 41182], - ["JP", 12685], - ["BR", 11318], - ["ID", 10121], - ["GB", 7750], - ["DE", 7673], - ["CN", 7297], - ["TW", 7046], - ["AU", 6403], - ["CA", 6074], - ["RU", 5462], - ["FR", 5320], - ["MX", 5257], - ["CO", 5218], - ["ES", 4493], - ["TR", 4147], - ["PL", 4127], - ["NL", 3937], - ["TH", 3907] + ["US", 75174], + ["IN", 64924], + ["JP", 18244], + ["BR", 16943], + ["ID", 15066], + ["DE", 12430], + ["GB", 11977], + ["FR", 11286], + ["TW", 11233], + ["AU", 10871], + ["NL", 10022], + ["RU", 9642], + ["CO", 9603], + ["CN", 9296], + ["NO", 9029], + ["CA", 8492], + ["ES", 8468], + ["MX", 7430], + ["PL", 6835], + ["IT", 6566] ] } diff --git a/site/data/charts/countries-last-month.json b/site/data/charts/countries-last-month.json index 8995ef0bd..304643cb3 100644 --- a/site/data/charts/countries-last-month.json +++ b/site/data/charts/countries-last-month.json @@ -1,27 +1,27 @@ { - "title": "News Pings by Country in August 2024", - "description": "The number of News pings from ZAP by country in August 2024", + "title": "News Pings by Country in September 2024", + "description": "The number of News pings from ZAP by country in September 2024", "data": [ ["Country", "Count"], - ["JP", 1991478], - ["GR", 1620678], - ["US", 1608204], - ["CA", 167443], - ["NL", 115512], - ["IE", 109603], - ["DE", 92721], - ["GB", 83183], - ["IN", 76668], - ["FR", 72188], - ["CH", 48519], - ["SE", 45486], - ["BE", 44971], - ["RU", 42279], - ["IT", 38541], - ["SG", 38178], - ["TW", 27761], - ["BR", 26078], - ["AU", 24826], - ["ES", 16862] + ["GR", 1563301], + ["US", 1536165], + ["JP", 916684], + ["CA", 166805], + ["IE", 163643], + ["NL", 127948], + ["IN", 114922], + ["DE", 107002], + ["FR", 98983], + ["GB", 92722], + ["BE", 87645], + ["RU", 85062], + ["TW", 71746], + ["SE", 54490], + ["SG", 44072], + ["AU", 36948], + ["BR", 36789], + ["CH", 36075], + ["ES", 32889], + ["IT", 30228] ] } diff --git a/site/data/charts/docker.json b/site/data/charts/docker.json index f1d58a42a..55089ed9f 100644 --- a/site/data/charts/docker.json +++ b/site/data/charts/docker.json @@ -31,6 +31,7 @@ ["2024-05-01", 0, 0, 0, 0, 2193, 350, 65308, 1704, 0, 0, 0, 0, 0, ""], ["2024-06-01", 0, 0, 0, 0, 3309, 583, 124015, 2135, 422, 211, 13148, 1849, 184536, ""], ["2024-07-01", 0, 0, 0, 0, 3842, 1834, 99453, 3026, 442, 1516, 19004, 3795, 166520, ""], - ["2024-08-01", 0, 0, 0, 0, 4271, 1538, 89718, 2696, 432, 2383, 24987, 2141, 186036, ""] + ["2024-08-01", 0, 0, 0, 0, 4271, 1538, 89718, 2696, 432, 2383, 24987, 2141, 186036, ""], + ["2024-10-01", 0, 0, 0, 0, 3502, 818, 30953, 1288, 479, 842, 32681, 1785, 754399, ""] ] } diff --git a/site/data/charts/downloads.json b/site/data/charts/downloads.json index add92a81b..29f7a8f32 100644 --- a/site/data/charts/downloads.json +++ b/site/data/charts/downloads.json @@ -105,6 +105,7 @@ ["2024-05-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1442, 72301, 0, ""], ["2024-06-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 24682, 73415, ""], ["2024-07-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7956, 74930, ""], - ["2024-08-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7925, 74241, ""] + ["2024-08-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 7925, 74241, ""], + ["2024-10-01", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 333723, 376818, ""] ] } diff --git a/site/data/charts/headline.yaml b/site/data/charts/headline.yaml index cabe193c0..aa5fc07ee 100644 --- a/site/data/charts/headline.yaml +++ b/site/data/charts/headline.yaml @@ -1,5 +1,5 @@ -month: August 2024 -zap_runs: 6,507,700 -zap_ascans: 2,234,326 -zap_alerts: 1,413,090,759 -zap_attacks: 3,988,827,556 +month: September 2024 +zap_runs: 5,730,602 +zap_ascans: 16,845,458 +zap_alerts: 1,382,221,245 +zap_attacks: 4,248,458,646 diff --git a/site/data/charts/os-desktop-last-month.json b/site/data/charts/os-desktop-last-month.json index 39637a2aa..137acf36f 100644 --- a/site/data/charts/os-desktop-last-month.json +++ b/site/data/charts/os-desktop-last-month.json @@ -1,13 +1,13 @@ { - "title": "Desktop News Pings by OS in August 2024", - "description": "The number of News pings from ZAP Desktops by OS in August 2024", + "title": "Desktop News Pings by OS in September 2024", + "description": "The number of News pings from ZAP Desktops by OS in September 2024", "data": [ ["OS", "Count"], - ["Windows", 149243], - ["Kali", 79335], - ["Linux", 47408], - ["MacOS", 24534], - ["BackBox", 506], - ["Unknown", 47] + ["Windows", 267817], + ["Kali", 120403], + ["Linux", 66873], + ["MacOS", 37205], + ["BackBox", 744], + ["Unknown", 28] ] } diff --git a/site/data/charts/os-last-month.json b/site/data/charts/os-last-month.json index 59e5e45d2..fc05d292f 100644 --- a/site/data/charts/os-last-month.json +++ b/site/data/charts/os-last-month.json @@ -1,13 +1,13 @@ { - "title": "News Pings by OS in August 2024", - "description": "The number of News pings from ZAP by OS in August 2024", + "title": "News Pings by OS in September 2024", + "description": "The number of News pings from ZAP by OS in September 2024", "data": [ ["OS", "Count"], - ["Linux", 6200062], - ["Windows", 184248], - ["Kali", 96422], - ["MacOS", 26415], - ["BackBox", 506], - ["Unknown", 47] + ["Linux", 5246137], + ["Windows", 307459], + ["Kali", 137172], + ["MacOS", 39062], + ["BackBox", 744], + ["Unknown", 28] ] } diff --git a/site/data/charts/top_addons_last_month.yaml b/site/data/charts/top_addons_last_month.yaml index bc725c74c..389ec2e04 100644 --- a/site/data/charts/top_addons_last_month.yaml +++ b/site/data/charts/top_addons_last_month.yaml @@ -6,16 +6,16 @@ - id: "authhelper" - id: "postman" - id: "pscanrulesBeta" -- id: "pscanrulesAlpha" +- id: "pscan" - id: "ascanrulesBeta" +- id: "pscanrulesAlpha" - id: "accessControl" - id: "plugnhack" - id: "sequence" +- id: "grpc" - id: "custompayloads" - id: "ascanrulesAlpha" -- id: "grpc" - id: "sqliplugin" - id: "wappalyzer" - id: "fuzzdb" -- id: "pscan" - id: "jython" diff --git a/site/data/charts/top_ascan_rules_last_month.yaml b/site/data/charts/top_ascan_rules_last_month.yaml index 808132e29..806cb558e 100644 --- a/site/data/charts/top_ascan_rules_last_month.yaml +++ b/site/data/charts/top_ascan_rules_last_month.yaml @@ -2,240 +2,240 @@ - id: 10104 name: "User Agent Fuzzer" status: "release" - alerts: "39637893" - fps: 0.072 - num: 169611 - time: 95 + alerts: "38282392" + fps: 0.09 + num: 172421 + time: 128 + +- id: 40035 + name: "Hidden File Found" + status: "release" + alerts: "747015" + fps: 0.036 + num: 267537 + time: 51 - id: 90027 name: "Cookie Slack Detector" status: "beta" - alerts: "662415" - fps: 0.054 - num: 34702 + alerts: "587803" + fps: 0.045 + num: 36420 time: 10 - id: 40025 name: "Proxy Disclosure" status: "beta" - alerts: "632845" - fps: 0.01 - num: 34345 - time: 75 - -- id: 40035 - name: "Hidden File Found" - status: "release" - alerts: "501994" - fps: 0.106 - num: 268113 - time: 50 + alerts: "549102" + fps: 0.004 + num: 35830 + time: 51 - id: 40040 name: "CORS Header" status: "beta" - alerts: "375857" + alerts: "286989" + fps: 0.003 + num: 46341 + time: 35 + +- id: 10095 + name: "Backup File Disclosure" + status: "beta" + alerts: "266363" + fps: 0.54 + num: 72964 + time: 24 + +- id: 20012 + name: "Anti-CSRF Tokens Check" + status: "beta" + alerts: "261518" + fps: 0.6 + num: 39797 + time: 11 + +- id: 40032 + name: ".htaccess Information Leak" + status: "release" + alerts: "251173" fps: 0.002 - num: 44761 - time: 58 + num: 270561 + time: 11 - id: 40018 name: "SQL Injection" status: "release" - alerts: "281047" - fps: 0.244 - num: 309028 - time: 140 + alerts: "235662" + fps: 0.2 + num: 293984 + time: 157 -- id: 90028 - name: "Insecure HTTP Method" - status: "beta" - alerts: "255911" - fps: 0.005 - num: 35615 - time: 17 +- id: 90017 + name: "XSLT Injection" + status: "release" + alerts: "226889" + fps: 0.231 + num: 239380 + time: 58 - id: 10058 name: "GET for POST" status: "release" - alerts: "192925" + alerts: "194639" fps: 0.0 - num: 286469 + num: 268262 time: 11 -- id: 20012 - name: "Anti-CSRF Tokens Check" - status: "beta" - alerts: "185059" - fps: 1.633 - num: 38312 - time: 11 +- id: 40024 + name: "SQL Injection - SQLite" + status: "release" + alerts: "166814" + fps: 0.027 + num: 216877 + time: 34 - id: 0 name: "Directory Browsing" status: "release" - alerts: "166669" + alerts: "161199" fps: 0.0 - num: 297164 - time: 44 + num: 280082 + time: 46 -- id: 40032 - name: ".htaccess Information Leak" - status: "release" - alerts: "164398" - fps: 0.008 - num: 290845 - time: 11 - -- id: 40024 - name: "SQL Injection - SQLite" - status: "release" - alerts: "137922" - fps: 0.025 - num: 230431 - time: 33 - -- id: 10095 - name: "Backup File Disclosure" +- id: 90028 + name: "Insecure HTTP Method" status: "beta" - alerts: "127703" - fps: 1.166 - num: 88278 - time: 28 + alerts: "88898" + fps: 0.003 + num: 36684 + time: 11 - id: 40012 name: "Cross Site Scripting (Reflected)" status: "release" - alerts: "119672" - fps: 0.004 - num: 238253 - time: 62 + alerts: "87332" + fps: 0.015 + num: 240370 + time: 57 -- id: 90017 - name: "XSLT Injection" +- id: 90034 + name: "Cloud Metadata Potentially Exposed" status: "release" - alerts: "108735" - fps: 0.876 - num: 237065 - time: 59 + alerts: "80695" + fps: 0.043 + num: 229412 + time: 6 - id: 6 name: "Path Traversal" status: "release" - alerts: "81819" - fps: 0.279 - num: 309768 - time: 186 - -- id: 90026 - name: "SOAP Action Spoofing" - status: "beta" - alerts: "78934" - fps: 0.0 - num: 195752 - time: 15 - -- id: 10051 - name: "Relative Path Confusion" - status: "beta" - alerts: "69603" - fps: 0.0 - num: 38169 - time: 19 + alerts: "72130" + fps: 0.026 + num: 289996 + time: 206 - id: 40021 name: "SQL Injection - Oracle" status: "release" - alerts: "65854" - fps: 0.046 - num: 177281 - time: 30 - -- id: 90034 - name: "Cloud Metadata Potentially Exposed" - status: "release" - alerts: "59782" - fps: 0.071 - num: 243657 - time: 8 + alerts: "67611" + fps: 0.052 + num: 179969 + time: 34 - id: 40034 name: ".env Information Leak" status: "release" - alerts: "49443" - fps: 0.028 - num: 234396 + alerts: "62615" + fps: 0.011 + num: 233587 time: 12 +- id: 10051 + name: "Relative Path Confusion" + status: "beta" + alerts: "60518" + fps: 0.0 + num: 39677 + time: 18 + - id: 40029 name: "Trace.axd Information Leak" status: "release" - alerts: "46536" - fps: 0.031 - num: 235832 + alerts: "55533" + fps: 0.013 + num: 234367 time: 14 - id: 40038 name: "Bypassing 403" status: "beta" - alerts: "35140" - fps: 0.249 - num: 39812 - time: 31 + alerts: "46074" + fps: 0.187 + num: 41589 + time: 13 - id: 10047 name: "HTTPS Content Available via HTTP" status: "beta" - alerts: "34461" - fps: 0.0 - num: 87971 - time: 7 - -- id: 40026 - name: "Cross Site Scripting (DOM Based)" - status: "release" - alerts: "30562" + alerts: "36870" fps: 0.0 - num: 180084 - time: 190 + num: 72765 + time: 10 - id: 30002 name: "Format String Error" status: "release" - alerts: "26715" - fps: 0.629 - num: 199563 - time: 16 + alerts: "31383" + fps: 0.605 + num: 199480 + time: 17 + +- id: 90026 + name: "SOAP Action Spoofing" + status: "beta" + alerts: "28156" + fps: 0.0 + num: 197324 + time: 14 - id: 30001 name: "Buffer Overflow" status: "release" - alerts: "25805" - fps: 0.008 - num: 199412 - time: 11 + alerts: "23547" + fps: 0.01 + num: 199235 + time: 12 - id: 30003 name: "Integer Overflow Error" status: "beta" - alerts: "19066" - fps: 0.014 - num: 35815 - time: 16 + alerts: "21621" + fps: 0.007 + num: 37391 + time: 20 - id: 40045 name: "Spring4Shell" status: "release" - alerts: "18703" - fps: 0.01 - num: 227162 - time: 41 + alerts: "20330" + fps: 0.019 + num: 194618 + time: 43 - id: 43 name: "Source Code Disclosure - File Inclusion" status: "beta" - alerts: "15380" - fps: 0.127 - num: 36199 - time: 6 + alerts: "17576" + fps: 0.1 + num: 37684 + time: 7 + +- id: 40026 + name: "Cross Site Scripting (DOM Based)" + status: "release" + alerts: "14133" + fps: 0.0 + num: 182739 + time: 352 diff --git a/site/data/charts/top_false_positives_last_month.yaml b/site/data/charts/top_false_positives_last_month.yaml index 7128a4ef1..0d9e76f59 100644 --- a/site/data/charts/top_false_positives_last_month.yaml +++ b/site/data/charts/top_false_positives_last_month.yaml @@ -7,38 +7,42 @@ name: "Cross-Domain Misconfiguration" status: "release" type: "Passive" +- id: 10021 + name: "X-Content-Type-Options Header Missing" + status: "release" + type: "Passive" - id: 3 name: "Session ID in URL Rewrite" status: "release" type: "Passive" -- id: 10021 - name: "X-Content-Type-Options Header Missing" +- id: 10054 + name: "Cookie without SameSite Attribute" status: "release" type: "Passive" - id: 10096 name: "Timestamp Disclosure - Unix" status: "release" type: "Passive" -- id: 10038 - name: "Content Security Policy (CSP) Header Not Set" - status: "release" - type: "Passive" - id: 10050 name: "Retrieved from Cache" status: "release" type: "Passive" -- id: 10035 - name: "Strict-Transport-Security Header" +- id: 10038 + name: "Content Security Policy (CSP) Header Not Set" status: "release" type: "Passive" -- id: 10054 - name: "Cookie without SameSite Attribute" +- id: 10035 + name: "Strict-Transport-Security Header" status: "release" type: "Passive" - id: 10015 name: "Re-examine Cache-control Directives" status: "release" type: "Passive" +- id: 10104 + name: "User Agent Fuzzer" + status: "release" + type: "Active" - id: 10017 name: "Cross-Domain JavaScript Source File Inclusion" status: "release" @@ -47,22 +51,22 @@ name: "Absence of Anti-CSRF Tokens" status: "release" type: "Passive" -- id: 10104 - name: "User Agent Fuzzer" - status: "release" - type: "Active" - id: 10020 name: "Anti-clickjacking Header" status: "release" type: "Passive" -- id: 10055 - name: "CSP" - status: "release" - type: "Passive" - id: 90033 name: "Loosely Scoped Cookie" status: "release" type: "Passive" +- id: 10036 + name: "HTTP Server Response Header" + status: "release" + type: "Passive" +- id: 10055 + name: "CSP" + status: "release" + type: "Passive" - id: 10109 name: "Modern Web Application" status: "release" @@ -71,10 +75,6 @@ name: "Cookie No HttpOnly Flag" status: "release" type: "Passive" -- id: 10011 - name: "Cookie Without Secure Flag" - status: "release" - type: "Passive" - id: 10063 name: "Permissions Policy Header Not Set" status: "beta" diff --git a/site/data/charts/user-group.json b/site/data/charts/user-group.json index c524bb40e..9ad3d408b 100644 --- a/site/data/charts/user-group.json +++ b/site/data/charts/user-group.json @@ -152,6 +152,9 @@ ["2024-03-01", 550, 133, ""], ["2024-04-01", 362, 103, ""], ["2024-05-01", 355, 92, ""], - ["2024-06-01", 264, 94, ""] + ["2024-06-01", 311, 94, ""], + ["2024-07-01", 376, 97, ""], + ["2024-08-01", 271, 81, ""], + ["2024-09-01", 273, 84, ""] ] } diff --git a/site/data/charts/zaptype-last-month.json b/site/data/charts/zaptype-last-month.json index a5f29c955..b18ce3c53 100644 --- a/site/data/charts/zaptype-last-month.json +++ b/site/data/charts/zaptype-last-month.json @@ -1,10 +1,10 @@ { - "title": "News Pings by ZAP Run Type in August 2024", - "description": "The number of News pings from ZAP by run type in August 2024", + "title": "News Pings by ZAP Run Type in September 2024", + "description": "The number of News pings from ZAP by run type in September 2024", "data": [ ["ZAPtype", "Count"], - ["cmdline", 4510356], - ["daemon", 1696271], - ["desktop", 301073] + ["cmdline", 3357911], + ["daemon", 1879621], + ["desktop", 493070] ] }