miércoles, 15 de julio de 2009

The Web Hacking Incidents Database 2008: Breach Annual Report (Febrero 2009)

The much anticipated Breach Security Lab’s Web Hacking Incidents Database (WHID) 2008 Annual Report is ready for download.

The WHID project is dedicated to maintaining a record of web application-related security incidents. The WHID’s purpose is to serve as a tool for raising awareness of web application security problems and provide information for statistical analysis of web application security incidents.

This year the report findings prove that no company or market sector is immune from attack. One of the largest discoveries was that web attackers have unleashed a new type of SQL Injection attack that successfully compromised 500,000 web sites. Download this white paper today to learn more about the latest in web application security.


Algunos datos:

Attack / Vulnerability Used %

SQL Injection 30%
Unknown 29%
Cross-Site Scripting (XSS) 8%
Insufficient Anti-
Automation 5%
Insufficient Authentication 3%
Cross-Site Request Forgery
(CSRF) 3%
OS Commanding 3%
Denial of Service 3%
Drive By Pharming 3%
Known Vulnerability 2%
Brute Force 2%
Credential / Session 2%

Link relacionado:
- Reporte 2007: The Web Hacking Incidents Database (WHID)

No hay comentarios: