[WEB SECURITY] analyzing web application attack data

Jeremiah Grossman jeremiah at whitehatsec.com
Wed Jul 19 13:13:06 EDT 2006


For those interested in statistics and research on real web  
application attacks, Fortify and SecureWorks have posted good data.  
They placed devices in front of some number of public websites and  
logged the results. I'd imagine this is very similar to the work Ryan  
Barnett has been doing. Most information contained won't be a  
shocker, attacks mostly predominated by SQL Injection and XSS issued  
by bot-nets using well-known exploits. There also the more directed  
one-off's attacks.


Web Applications Under Attack – Four Eye-Opening Findings
http://www.fortifysoftware.com/reports/threatreport.jsp

SQL injection attacks against banks on the rise
http://www.net-security.org/secworld.php?id=4076

SecureWorks Finds SQL Injection Hacker Attacks on the Rise against  
Banks, Credit Unions and Utilities
http://www.secureworks.com/press/20060718-sql.html


Regards,

Jeremiah Grossman
Founder and CTO
WhiteHat Security, Inc.
www.whitehatsec.com
----------------------------------------------------------------------------
The Web Security Mailing List: 
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives: 
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]



More information about the websecurity mailing list