Web App Hack Incidents Are Up As Businesses Take Cover
Web site hacks are on the rise and pose a greater threat than the broad-based network attacks that have been giving IT departments fits. Whereas attacks against networks disrupt Internet service and negatively impact companies trying to do business over the Web or private networks, attacks against Web applications threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the Web.
Generally, “people who build Web applications are optimistic people,” says Gary McGraw, chief technology officer with Cigital Inc., a maker of risk management software. “They don’t consider that someone would try to break their programs.”
Web App Hack Incidents Are Up As Businesses Take Cover
Incident by WASC threat classification
Class | Count |
Cross-site Scripting | 32 |
Unknown | 23 |
Insufficient Authorization | 15 |
Credential/Session Prediction | 14 |
Insufficient Authentication | 11 |
SQL Injection | 11 |
View complete list by the Web Application Security Consortium
Web Application Security Resources
The Cross Site Scripting FAQ
Scripts for testing your site to see if it is vulnerable to XSS
SQL Injection Walkthrough
SQL Injection Attacks by Example