Study Title: 2015 Trustwave Global Security Report
Study Publisher: Trustwave
Study Date: June 9 2015
Study URL: https://www2.trustwave.com/rs/815-RFM-693/images/2015_TrustwaveGlobalSecurityReport.pdf
"Trustwave examined a sample of passwords gathered in the thousands of penetration tests we performed over the past year. The majority of the sample came from Windows Active Directory environments. The sample consisted of 499,556 hashed passwords. We "cracked," or revealed the underlying plain text for, 51 percent of those passwords within 24 hours and 88 percent (or nearly 442,000) within two weeks."
"Trustwave SpiderLabs investigated 574 compromised locations across 15 countries in 2014."
"Specifically we collected and analyzed the most common application vulnerabilities we discovered as part of our managed Dynamic Application Security Testing (DAST) services. We also discuss the findings from our mobile application penetration testing engagements. Finally, we reveal the Top 10 ''critical'' or ''high''-risk findings determined through our pen testing, as well as unveil the always-popular list of most commonly used business passwords." They state on page 4 that they conducted "thousands of penetration tests across databases, networks and applications."
Statistics From This Study: