2007 Security Report

The Web Hacking Incidents Database 2007 reports that:

Key findings were:
  • 67% percent of the attacks in 2007 were "for profit" motivated. Ideological hacking came second.
  • With 20%, good old SQL injections dominated as the most common techniques used in the attacks. XSS finished 4th with 12 percent and the young and promising CSRF is still only seldom exploited out there and was included in the "others" group.
  • Over 44% percent of incidents were tied to non-commercial sites such as Government and Education. We assume that this is partially because incidents happen more in these organizations and partially because these organizations are more inclined to report attacks.
  • On the commercial side, internet-related organizations top the list. This group includes retail shops, comprising mostly e-commerce sites, media companies and pure internet services such as search engines and service providers. It seems that these companies do not compensate for the higher exposure they incur, with proper security procedures.
  • In incidents where records leaked or where stolen the average number of records affected was 6,000.
Another statistics shows that the majority of critical vulnerabilities (20 of 28 flaws) found in 2007 in Internet Explorer were memory corruption issues, similar to 2006.


Lastly, comparing from year 2000 to 2007....last year the number of vulnerabilities reduced a bit. Well done.


P/s: Don't use IE...hahahhahha
Posted by wanrulez at 9:59 AM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)
Lilypie Kids Birthday tickers
Lilypie Second Birthday tickers