Home
Research Library
The Web Hacking Incidents Database 2009 Bi-Annual Report

Information Security Research Library

Powered by Bitpipe.com

The Web Hacking Incidents Database 2009 Bi-Annual Report

sponsored by Breach Security

Breach Security

ABSTRACT:

The web hacking incident database (WHID) is a project dedicated to maintaining a list of web application-related security incidents. The WHID's purpose is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web application security incidents. Unlike other resources covering website security, which focus on the technical aspect of the incident, the WHID focuses on the impact of the attack. To be included in WHID an incident must be publicly reported, be associated with web application security vulnerabilities and have an identified outcome.

An analysis of recent web hacking incidents performed by Breach Security Labs shows that Web 2.0 sites are becoming a premier target for hackers. Based on analysis of recent 'web hacking incidents of importance,' Breach Security Labs found that:

The first half of 2009 showed a steep rise in attacks against Web 2.0 sites. This is the most targeted vertical market with 19% of the incidents.
Organizations have not implemented proper web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities.
Attack vectors exploiting Web 2.0 features such as user-contributed content were commonly employed.

Check out this brief report to learn more about recent web hacking incidents and Web 2.0 vulnerabilities.

(THIS RESOURCE IS NO LONGER AVAILABLE.)

Browse Related: Hackers | Security Threats | Social Networking | Web 2.0 | Web Application Security | Web Development | Web Identities | Web Site Monitoring

Bitpipe Definitions: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Other

What's Popular at Bitpipe? Daily Top 50 Reports | Daily Top 100 Topics | Popular Report Topics

Information Security Research Library Copyright © 1998-2012 Bitpipe, Inc. All Rights Reserved.

Designated trademarks and brands are the property of their respective owners.

Use of this web site constitutes acceptance of the Bitpipe Terms and Conditions and Privacy Policy.

More from Related TechTarget Sites

Cloud Security
Security Channel
SMB Security
Financial Security
Security UK
Security AU
Security IN

Cloud Security
- Leveraging Microsoft Azure security features for PaaS security
  
  Organizations can boost PaaS security late in the game by implementing these stopgap measures.
- Quiz: Understanding cloud-specific security technologies
  
  Think you understand cloud-specific security technologies as well as expert Joseph Granneman does? Test your knowledge with this quiz.
- CSA launches cloud security certification initiative for service providers
  
  Plan calls for working with certification bodies, government agencies, as well as an independent CSA certification.
Security Channel
- Biometric authentication methods: Comparing smartphone biometrics
  
  Biometric authentication helps ensure only authorized smartphone users can access a network. David Jacobs weighs the pros and cons of three methods.
- F5 Vault program embraces incentives for F5 firewall, security sales
  
  The Vault partner program uses incentives to increase visibility for F5 firewalls and its architecture bundle.
- Using DMARC to improve DKIM and SPF email antispam effectiveness
  
  DMARC aids the DKIM and SPF protocols that help keep spam out and let legitimate emails in. David Jacobs explains how.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Microsoft attempts legal action to disrupt some Zeus botnets
  
  Legal and technical actions could disrupt some Zeus botnet operations by seizing command-and-control servers in Pennsylvania and Illinois.
- More than hype: Security big data helps bank to boost security program
  
  At RSA Conference 2012, Zions Bancorporation detailed how it harvested security big data using a Hadoop-based security data warehouse.
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
Security UK
- ICO fines Welsh health board £70,000 for patient record loss
  
  For the first time, the ICO fines an NHS organisation for sending patient data to the wrong person.
- With mobile payments, security teams must move quickly
  
  As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.
- SOCA takes its website offline in DDoS response
  
  Just days after SOCA shut down carder sites, the agency was the victim of a DDoS attack, leading SOCA to takes its website offline.
searchSecurityAU
- With mobile payments, security teams must move quickly
  
  As employees make payments on their mobile devices, the security team must act quickly to ensure corporate assets remain secure.
- PCI virtualization compliance still a challenge
  
  No black and white when it comes to PCI compliance in virtualized environments, experts say.
- Examining Kindle Fire security, Silk browser security in the enterprise
  
  Do Kindle Fire security issues, combined with weak Silk browser security, make the red-hot consumer device too risky for enterprises? Michael Cobb explains.
Information Security
- POS terminal security: Best practices for point of sale environments
  
  Securing point of sale (POS) environments can be tricky. Shobitha Hariharan and Nitin Bhatnagar share comprehensive POS terminal security best practices.
- Burp Suite Tutorial PDF compendium: WebApp tester’s ready reference
  
  Our Burp Suite tutorial PDF compendium is a collection of our Burp Suite guides in PDF format made available to you for free offline reference.
- PCI virtualization compliance still a challenge
  
  No black and white when it comes to PCI compliance in virtualized environments, experts say.

All Rights Reserved, Copyright 2000 - 2012, TechTarget