An analysis of recent web hacking incidents performed by Breach Security Labs shows that Web 2.0 sites are becoming a premier target for hackers. Based on analysis of recent ‘web hacking incidents of importance,’ Breach Security Labs found that:
• The first half of 2009 showed a steep rise in attacks against Web 2.0 sites. This is the most targeted vertical market with 19% of the incidents.
• Organizations have not implemented proper web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities. This resulted in the number 2 “Unknown” attack category.
• Attack vectors exploiting Web 2.0 features such as user-contributed content were commonly employed: Authentication abuse was the 2nd most active attack vector, accounting for 11% of the attacks, and Cross Site Request Forgery (CSRF) rose to number 5 with 5% of the reported attacks.
• Defacements, which combined both Planting of Malware and standard overt changes, remains the most common outcome of web attacks (28%), while Leakage of sensitive information came in 2nd with 26% and Disinformation came in 3rd with 19%, mostly due to the hacking of celebrity online identities.
Descarga: THE WEB HACKING - INCIDENTS DATABASE 2009 BI-ANNUAL REPORT - AUGUST 2009 (requiere registro)