« Tangible ROI of a Web Application Firewall (WAF) | Main | ModSecurity 2.5 Released »

Web Hacking Incidents Database Annual Report for 2007

Posted by ofer on February 17, 2008.

Breach Labs which sponsors WHID has issued an analysis of the Web Hacking landscape in 2007 based on the incidents recorded at WHID. It took some time as we added the new attributes introduced lately to all 2007 incidents and mined the data to find the juicy stuff:

• The drivers, business or other, behind Web hacking.
• The vulnerabilities hackers exploit.
• The types of organizations attacked most often.

To be able to answer those questions, WHID tracks the following key attributes for each incident:

• Attack Method - The technical vulnerability exploited by the attacker to perform the hack.
• Outcome - the real-world result of the attack.
• Country - the country in which the attacked web site (or owning organization) resides.
• Origin - the country from which the attack was launched.
• Vertical - the field of operation of the organization that was attacked.

Key findings were:

• 67% percent of the attacks in 2007 were "for profit" motivated. Ideological hacking came second.
• With 20%, good old SQL injections dominated as the most common techniques used in the attacks. XSS finished 4th with 12 percent and the young and promising CSRF is still only seldom exploited out there and was included in the "others" group.
• Over 44% percent of incidents were tied to non-commercial sites such as Government and Education. We assume that this is partially because incidents happen more in these organizations and partially because these organizations are more inclined to report attacks.
• On the commercial side, internet-related organizations top the list. This group includes retail shops, comprising mostly e-commerce sites, media companies and pure internet services such as search engines and service providers. It seems that these companies do not compensate for the higher exposure they incur, with proper security procedures.
• In incidents where records leaked or where stolen the average number of records affected was 6,000.

The full report can be found at Breach Security Network.

Posted by ofer at February 17, 2008 10:11 PM