[security-alerts] FW: [WEB SECURITY] analyzing web application attack data

["Kazennov, Vladimir" <Vladimir.Kazennov@xxxxxxxxxx>]

> -----Original Message-----
> From: Jeremiah Grossman [mailto:jeremiah@xxxxxxxxxxxxxxx] 
> Sent: Wednesday, July 19, 2006 9:13 PM
> To: Web Security
> Subject: [WEB SECURITY] analyzing web application attack data
> 
> For those interested in statistics and research on real web  
> application attacks, Fortify and SecureWorks have posted good data.  
> They placed devices in front of some number of public websites and  
> logged the results. I'd imagine this is very similar to the 
> work Ryan  
> Barnett has been doing. Most information contained won't be a  
> shocker, attacks mostly predominated by SQL Injection and XSS issued  
> by bot-nets using well-known exploits. There also the more directed  
> one-off's attacks.
> 
> 
> Web Applications Under Attack - Four Eye-Opening Findings
> http://www.fortifysoftware.com/reports/threatreport.jsp
> 
> SQL injection attacks against banks on the rise
> http://www.net-security.org/secworld.php?id=4076
> 
> SecureWorks Finds SQL Injection Hacker Attacks on the Rise against  
> Banks, Credit Unions and Utilities
> http://www.secureworks.com/press/20060718-sql.html
> 
> 
> Regards,
> 
> Jeremiah Grossman
> Founder and CTO
> WhiteHat Security, Inc.
> www.whitehatsec.com
> --------------------------------------------------------------
> --------------
> The Web Security Mailing List: 
> http://www.webappsec.org/lists/websecurity/
> 
> The Web Security Mailing List Archives: 
> http://www.webappsec.org/lists/websecurity/archive/
> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> 
>