The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from June - Sept of 2009 and provide insight into categories such as: 1) Top Attack Methods, 2) Top Compromise Outcomes, 3) Top Target Geographic Region, 4) Top Vertical Markets Hit. The presenter will also provide some in-depth analysis for specific WHID entries.
Ryan C. Barnett is the Director of Application Security Research at Breach Security where he leads Breach Security Labs. He is a frequent speaker at industry conferences such as Blackhat and is a Faculty Member for the SANS Institute and Team Lead for the Center for Internet Security Apache Benchmark Project. He is the OWASP ModSecurity Core Rule Set (CRS) Project Leader and a member of the Web Application Security Consortium where he leads the Distributed Open Proxy Honeypot Project. Mr. Barnett has also authored a web security book for Addison/Wesley Publishing entitled "Preventing Web Attacks with Apache".