Information weekly has written an article entitled "Web App Vulnerabilities Are Getting More Attention; Now's The Time For IT To Get Defensive"
"Attacks designed to bring down networks are largely under control, even though companies still spend plenty of time defending against them. The latest addition to IT teams' worry lists: keeping Web apps from being hijacked and forced to give up data that can be used to commit identity theft or other crimes.
The number of Web sites with applications vulnerable to these attacks appears to be small--58 were reported last year to the Web Application Security Consortium, a group that tracks flaws found in custom Web apps. But that's a big leap from the 16 in 2004 and nine in 2003. This year, at least 20 vulnerabilities have been reported, including cross-site scripting vulnerabilities at eBay, Microsoft MSN Hotmail, and open source repository SourceForge.net, all of which have since been fixed. And the reported number of vulnerable sites could be just a starting point, since the vulnerabilities aren't easy to spot, and attackers try to get in and out without leaving a trail. So victims may not know their sites were attacked and data compromised or stolen." - Information Week