lunes, 28 de septiembre de 2009

The Web Hacking Incidents Database 2009: Bi-Annual Report

Al igual que para el año 2008 Breach publico el reporte "The Web Hacking Incidents Database".

An analysis of recent web hacking incidents performed by Breach Security Labs shows that Web 2.0 sites are becoming a premier target for hackers. Based on analysis of recent ‘web hacking incidents of importance,’ Breach Security Labs found that:
• The first half of 2009 showed a steep rise in attacks against Web 2.0 sites. This is the most targeted vertical market with 19% of the incidents.
• Organizations have not implemented proper web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities. This resulted in the number 2 “Unknown” attack category.
• Attack vectors exploiting Web 2.0 features such as user-contributed content were commonly employed: Authentication abuse was the 2nd most active attack vector, accounting for 11% of the attacks, and Cross Site Request Forgery (CSRF) rose to number 5 with 5% of the reported attacks.
• Defacements, which combined both Planting of Malware and standard overt changes, remains the most common outcome of web attacks (28%), while Leakage of sensitive information came in 2nd with 26% and Disinformation came in 3rd with 19%, mostly due to the hacking of celebrity online identities.

Descarga: THE WEB HACKING - INCIDENTS DATABASE 2009 BI-ANNUAL REPORT - AUGUST 2009 (requiere registro)

No hay comentarios: