VCU - Technology Services
Web App Hack Incidents Are Up As Businesses Take Cover
Web site hacks are on the rise and pose a greater threat than the broad-based network attacks that have been giving IT departments fits. Whereas attacks against networks disrupt Internet service and negatively impact companies trying to do business over the Web or private networks, attacks against Web applications threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the Web.
Generally, "people who build Web applications are optimistic people," says Gary McGraw, chief technology officer with Cigital Inc., a maker of risk management software. "They don't consider that someone would try to break their programs."
Web App Hack Incidents Are Up As Businesses Take Cover
Incident by WASC threat classification
| Class | Count |
| Cross-site Scripting | 32 |
| Unknown | 23 |
| Insufficient Authorization | 15 |
| Credential/Session Prediction | 14 |
| Insufficient Authentication | 11 |
| SQL Injection | 11 |
View complete list by the Web Application Security Consortium
Web Application Security Resources
The Cross Site Scripting FAQ
Scripts for testing your site to see if it is vulnerable to XSS
SQL Injection Walkthrough
SQL Injection Attacks by Example
About This Entry
Need Help?
If you need immediate assistance, please contact the Help Desk at (804) 828-2227 or submit a ticket online. You can also submit feedback through our Feedback form above or leave a comment on specific blog entries.
Don't Get Phished
Don't be a phishing victim - VCU and other reputable organizations will never use email to request that you reply with your password, social security number or confidential personal information. Learn more about phishing »
Last updated: Jun 23, 2009