The Web Hacking Incident Database (Whid) Report presented at OWASP Appsec 2010

by Ryan Barnett (SpiderLabs @ Trustwave),

Tags: Security Web Application Security


Summary : The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from 2010 thus far and provide insight into categories such as:

1. Top Attack Methods
2. Top Compromise Outcomes
3. Top Target Geographic Region
4. Top Vertical Markets Hit.

The presenter will also provide some in-depth analysis for specific WHID entries.