The Web Hacking Incidents Database 2009 Bi-Annual Report
by Breach Security

> View this White Paper now

Published on: 08/03/2009
Type of content: White Paper
Length: 6
Price: FREE

Overview
The web hacking incident database (WHID) is a project dedicated to maintaining a list of web application-related security incidents. The WHID's purpose is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web application security incidents. Unlike other resources covering website security, which focus on the technical aspect of the incident, the WHID focuses on the impact of the attack. To be included in WHID an incident must be publicly reported, be associated with web application security vulnerabilities and have an identified outcome.


An analysis of recent web hacking incidents performed by Breach Security Labs shows that Web 2.0 sites are becoming a premier target for hackers. Based on analysis of recent 'web hacking incidents of importance,' Breach Security Labs found that:


  • The first half of 2009 showed a steep rise in attacks against Web 2.0 sites. This is the most targeted vertical market with 19% of the incidents.
  • Organizations have not implemented proper web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities.
  • Attack vectors exploiting Web 2.0 features such as user-contributed content were commonly employed.


Check out this brief report to learn more about recent web hacking incidents and Web 2.0 vulnerabilities.

> View this White Paper now

Solution Center

Microsoft is attempting to reshape responsible disclosure by security researchers, announcing a new model that it says could provide a more coordinated response to zero-day vulnerabilities.

Called "Coordinated Vulnerability... More...

Jul 22, 2010

Network security architecture expert Robert Bird saw the difficulties universities have protecting their systems while maintaining an open and collaborative environment.

As director of network services at the University of Florida... More...

Jul 22, 2010