Breaches and attack methods

In the previous post I listed some of the high profile attacks and breaches, let's look at some of the attack methods used in some of these and other recent attacks. This information was taken from the Web Hacking Incident Database 

TopAttackMethods

SQL injection continues to be at the top and over the last year or so, we have started seeing more denial of service type of attacks

Top Application Weaknesses

Input validation is the major weakness we see in the applications. Proper input validation is one of the major checks prescribed by many standards such as OWASP and SANS.

Top Outcomes

Leakage of information is a direct outcome of the SQL injection and in many cases it results in monitory loss and loss of reputation and business. The other major outcome is the downtime, which directly impacts the business bottom-line and it is something the business person will understand.

This is a nice way to categorize the incidents and organizations should come up with a list of incidents within their organization and present it to the senior management and Board as part of the metrics to show them the impact.