The Web Hacking Incident Database (WHID) Report



Registration | Hotel | Walter E. Washington Convention Center

The presentation
The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from 2010 thus far and provide insight into categories such as:
 * 1) Top Attack Methods
 * 2) Top Compromise Outcomes
 * 3) Top Target Geographic Region
 * 4) Top Vertical Markets Hit.

The presenter will also provide some in-depth analysis for specific WHID entries.

Ryan Barnett
Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Open Proxy Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache. .