I wanted to let you all know that we have released the new WHID report for 2010 -
A few Report Summary Findings -
- A steep rise in attacks against the financial vertical market is occurring in 2010, and is currently the no. 3 targeted vertical at 12 percent. This is mainly a result of cybercriminals targeting small to medium businesses’ (SMBs) online banking accounts.
- Corresponding to cybercriminals targeting online bank accounts, the use of Banking Trojans (which results in stolen authentication credentials) made the largest jump for attack methods (Banking Trojans + Stolen Credentials).
- Application downtime, often due to denial of service attacks, is a rising outcome.
- Organizations have not implemented proper Web application logging mechanisms and thus are unable to conduct proper incident response to identify and correct vulnerabilities. This resulted in the no. 1 “unknown” attack category.
We also have a new Top 10 Web Application Risks listing – which is an interesting contrast to the OWASP Top 10.
I would also like to point out that we have added the Real-Time Statistics feature on the WHID project site - http://projects.webappsec.org/Web-Hacking-Incident-Database#RealTimeStatistics
With this new capability, you can now get live stats based on either the Year and/or your Vertical Market of choice.
WASC WHID Project Lead"