Web site hacks are on the rise and pose a greater threat than the broad-based network attacks that have been giving IT departments fits. Whereas attacks against networks disrupt Internet service and negatively impact companies trying to do business over the Web or private networks, attacks against Web applications threaten to steal critical customer, employee, and business partner information stored in applications and databases linked to the Web.
Generally, “people who build Web applications are optimistic people,” says Gary McGraw, chief technology officer with Cigital Inc., a maker of risk management software. “They don’t consider that someone would try to break their programs.”
Incident by WASC threat classification
Web Application Security Resources