[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[WEB SECURITY] analyzing web application attack data

From: Jeremiah Grossman <jeremiah@xxxxxxxxxxxxxxx>
Subject: [WEB SECURITY] analyzing web application attack data
Date: Wed, 19 Jul 2006 10:13:06 -0700

For those interested in statistics and research on real web application attacks, Fortify and SecureWorks have posted good data. They placed devices in front of some number of public websites and logged the results. I'd imagine this is very similar to the work Ryan Barnett has been doing. Most information contained won't be a shocker, attacks mostly predominated by SQL Injection and XSS issued by bot-nets using well-known exploits. There also the more directed one-off's attacks.


Web Applications Under Attack – Four Eye-Opening Findings
http://www.fortifysoftware.com/reports/threatreport.jsp

SQL injection attacks against banks on the rise
http://www.net-security.org/secworld.php?id=4076

SecureWorks Finds SQL Injection Hacker Attacks on the Rise against Banks, Credit Unions and Utilities http://www.secureworks.com/press/20060718-sql.html


Regards,

Jeremiah Grossman
Founder and CTO
WhiteHat Security, Inc.
www.whitehatsec.com
----------------------------------------------------------------------------
The Web Security Mailing List:
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives:
http://www.webappsec.org/lists/websecurity/archive/
http://www.webappsec.org/rss/websecurity.rss [RSS Feed]

Follow-Ups:
- Re: [WEB SECURITY] analyzing web application attack data
  - From: Ryan Barnett

Prev by Date: Re: [WEB SECURITY] Data Validation
Next by Date: Re: [WEB SECURITY] analyzing web application attack data
Previous by thread: [WEB SECURITY] Data Validation
Next by thread: Re: [WEB SECURITY] analyzing web application attack data
Index(es):
- Date
- Thread

Brought to you by http://www.webappsec.org
Search this site