A new report on Web threats released today by the Web Application Security Consortium says that in-depth manual and automated assessments found nearly 97 percent of sites carry a severe vulnerability. “About 7.72% [of] applications had a high-severity vulnerability detected during automated scanning,” according to the WASC report. The pervasive cross-site request forgery (CSRF) vulnerability didn’t get a high ranking in the report (it was found in only 1.43 percent of the apps) however — even though it’s “the most prevalent vulnerability,” according to WASC. That’s because “it is difficult to detect automatically and because a lot of experts take its existence for granted.”