Security publications

security resources

Security reports

Key statistics and trends.

Adults' Media Use and Attitudes Report 2014

Report from OFCOM, the UK communications sector's regulator and competition authority

Annual Security Report 2013

Overview of information security intelligence from Cisco.

Application Security Trends Report

Cenzic's overview of the web application security market, key findings, top 10 vulnerabilities, and breakdowns of web application vulnerabilities.

Application Usage & Threat Report

Enterprise application usage and threat activity from Palo Alto Networks.

The Cost of Cyber Crime

Estimate of the cost of cyber crime to the UK economy, produced by Detica in partnership with the Office of Cyber Security and Information Assurance in the Cabinet Office.

Cyber Vulnerability Index 2012

An assessment of information leakage from the Forbes 2000 list of companies.

Data Breach Investigations Report 2014

Security breach information and analysis from Verizon.

Financial Services Global Security Study 2013

Drivers, issues and trends from a survey of the world's financial industry by Deloitte.

Fraud Index 2014Q1

Analysis of online payment scans by country, IP address, card type, etc by 2Checkout.

Global Security Report 2014

Detailed analysis of actual incident investigations and penetration tests, and global trends from Trustwave.

Global Phishing Survey: Domain Name Use and Trends, 2H2013

Comprehensive analysis of phishing from the Anti-Phishing Working Group (APWG). See also Phishing Attack Trends Report, below.

Global State of Information Security Survey 2014

Results from a survey conducted by PricewaterhouseCoopers.

The Internet in Britain 2009

Internet usage and demographics from the Oxford Internet Institute. See also OFCOM report above.

Information Security Breaches Survey 2013

Business information security survey, including controls, incidents and exposures. Produced for the UK government's Department for Business, Innovation and Skills (BIS) by PricewaterhouseCoopers.

Internet Security Threat Report Volume 19, 2014

Symantec's analysis of internet attacks, vulnerabilities, malicious code, phishing, spam and security risks.

M-Trends 2014

Information on the changing threat landscape from Mandiant.

Mobile Threat Report Q1 2014

Summary of mobile application threat data from F-Secure.

Payment Card Industry Compliance Report 2014

Payment card data threats, PCI DSS compliance, validation and information from QSA assessments and forensic investigations of breaches from Verizon.

Payment Card Industry Data Security Standards Trends Study 2011

Survey of IT and IT security practitioners in the US of their views about the Payment Card Industry Data Security Standard (PCI DSS) by the Ponemon Institute and Imperva.

Phishing Attack Trends Report, Q4 2013

Phishing statistics, trends and analysis from the Anti-Phishing Working Group (APWG) and its members. See also Global Phishing Survey: Trends and Domain Name Use, above.

Security Spending Benchmarks, Q2 2009

Benchmarking to justifying overall web application security spending from OWASP. This quarter's report has a special focus on cloud computing.

Security Threat Report 2014

Current and predicted cybercrime trends including some useful statistics on web site/server threats from Sophos.

State of the Internet, Q4 2013

Data on attack traffic, average & maximum connection speeds, Internet penetration and broadband adoption, and mobile usage from Akamai.

State of Software Security Report - The Intractable Problem of Insecure Software, Volume 5, April 2013

Security intelligence derived from multiple testing methodologies on the full spectrum of application types and programming languages across the software supply chain.

Threat Report 2014

An analysis of web and email threats seen in the year by Websense Security Labs.

Trend and Risk Report Mid-Year 2012 & Threat Insight Report Q1 2011

Analysis of threat trends from IBM X-Force.

UK Cyber Vulnerability Index 2013

Short research report about profiling FTSE350 companies via their online presences.

Web Application Security Statistics Project 2007

Compilation of web application security assessment project testing data to identify the prevalence and probability of different vulnerability classes and to compare automated and manual testing methodologies.

Web Hacking Incidents Database Report 2010

The Web Application Security Consortium's list of web application security incidents. Now reported in Trustwave's Global Security Report (above).

Website Security Statistics Report 13th Edition

This report from WhiteHat Security Inc provides a comparison of website vulnerabilities by industry sector and size of organisation.

Training and awareness

See also security organisations.

Action Fraud

Definition of fraud, how to protect yourself and fraud reporting from the National Fraud Authority.

Bank Safe Online

The UK banking industry's initiative to help online banking users stay safe. Good description of the types of scams, how to identify scams and how website users can help to protect themselves. Also facility to report a scam or request advice.


Guidance, advice and tips for retailers and card holders on the types of debit and credit card fraud. Some information from the police and Home Office.

Cyber Streetwise

Online safety guidance from UK government for small businesses and homes, including simple "health check" forms.

Digital Parenting checklists

Aged-based checklists from Vodafone.


Awareness and understanding about digital citizenship for educators, parents, carers and young people, from Childnet International.


Practical advice for consumers in the UK who are victims of e-incidents such as e-crime.

Get Safe Online

Advice to UK consumers and small businesses on protecting their computer, their own and their family's privacy and computer systems when online. The excellent 10-minute guide for internet beginners should be read by all internet users.

Identity Theft

Home Office's guide to identity theft. Information on how to protect yourself and what to do if you think you are a victim.

OnGuard Online

US federal/industry site with advice for adults and children on using the internet safely - "stop, think, click".

Stay Safe Online

International (US) website like the UK Get Safe Online from the National Cyber Security Alliance (NCSA). Content quite North American orientated, but useful as a comparison.

Think U Know

Internet help and advice for young people, parents and teachers including ability to report abuse from the UK's Child Exploitation and Online Protection Centre (CEOP).

Wise Kids

Promoting safe and positive use of the internet by children. Includes resources for parents, communities, educators and businesses.


Website white papers, research and other documents.

Automatic Security Scanning vs. OWASP Top Ten

Discussion of how automated scanning products can tackle common website vulnerabilities.

Cloud Computing Benefits, Risks and Recommendations

ENISA's excellent analysis of cloud computing for SMEs.
November 2009

The Cyber-Crime Market Uncovered

Definition of the black market, how it works and the sales process.
January 2011


The most critical web application security flaws, published as one of the Open Web Application Security Project (OWASP) projects.
Updated periodically

The Psychology of Security

An essay on the difference between what we perceive as security and the reality.
7th February 2007

SANS Top-20 Internet Security Attack Targets

Detailed information and references on the most common attack targets.
Updated regularly

Security Guidance for Critical Areas of Focus in Cloud Computing

Security recommendations from the CSA
v2.1, December 2009

Security Economics and the Internal Market

Identification, assessment and analysis of the economic barriers to an e-communication internal market for ENISA.
29th January 2008

Security and the Software Development Lifecycle: Secure at the Source

Description of the stretegic approach of building security in to the software development lifecycle, with an analysis of the return on investment (ROI).
January 2011

State of Application Security: Immature Practices Fuel Inefficiencies, but Positive ROI Is Attainable

Results from a survey of North American companies that develop software, examining their security practices in the software development lifecycle.
19th January 2011

Magazines and journals

Security related printed publications.

Card Technology Today

Smart card technologies, applications, manufacturers, legislation and industry initiatives.

Computer Fraud & Security

Monthly threat reports, news and technical features.

Financial Sector Technology (FST)

Business IT issues for the financial services sector, including regular items on compliance and risk.


Print and digital editions with security news, features and comment.


Security news and product information with UK, US, Asia-Pacific and Australia-New Zealand editions, from Haymarket Publishing.

Other web application security resources

Web application security legislation, standards and codes of practice and organisations.

Contact Watson Hall

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.

Act now

Watson Hall works with your business and information systems staff, partners and suppliers, including professional advisors such as accountants, auditors, insurers and solicitors. We guide, assist and build security and skills in organisations to reduce security and compliance risk.

To discuss security matters in confidence and without obligation, telephone us on 020 7183 3710 or complete the enquiry form

© 2007-2015 Watson Hall Ltd, last reviewed 3 March 2015

These pages contain general information only. Nothing in these pages constitutes professional advice. Please read the website's terms of use, and consult a suitably qualified professional on any specific problem or matter.

© 2007-2015 Watson Hall Ltd, last reviewed 3 March 2015

Watson Hall Ltd is a company registered in England no 6004969 at North Bastle, Gatehouse, NE48 1NG, United Kingdom.
Watson Hall Ltd - Publications
Requested by: on Tuesday, 1 December 2015 at 05:37 hrs