Sunday, February 17, 2008

CS805 Doctor Howard Carol Project #1

Tai Cleveland
Class CS 805
Project # 1 Hacker Attacks
Dr. Carol Howard
Due Monday Oct 29th, 2007



Hacker Attacks
Aside from DUI incidents, the war on terrorism and the continuous propagation of viruses on the internet, web server attacks has been one of the most serious crimes as to date. It has not been given considerable attention unlike the aforementioned crimes and incidents. According to a recent survey conducted by Zone-H (2005), web server attacks and web defacements grew about 36% in 2004 – this is about 400,000 reported incidents in that year alone. Christmas holidays are the most popular time for malicious hackers to attack sites.
Meanwhile, Web Application Security Consortium reported the following statistics from 1999 to 2007 (2007):
Year
Total
Security Breaches
Vulnerability Disclosures
1999
1

1
2000
5
2
3
2001
6
1
5
2002
4
3
1
2003
9
3
6
2004
17
6
11
2005
62
31
31
2006
44
18
26
2007
45
42
3













On the other hand, the following table summarizes the number of incidents recorded based on attack classification (2007). It must be noted that such data falls under the rule of small numbers.

Class
Total
Security Breaches
Vulnerability Disclosures
Cross-site Scripting
54
16
38
Unknown
41
38
3
SQL Injection
25
16
9
Insufficient Authorization
22
9
13
Credential/Session Prediction
16
3
13
Insufficient Authentication
14
6
8
OS Commanding
10
9
1
Predictable Resource Location
7
3
4
Other
7
6
1
Weak Password Recovery Validation
4
1
3
Information Leakage
4

4
Content Spoofing
4
4

Abuse of Functionality
4
3
1
Misconfiguration
3
3

Worm
2
2

Insufficient Anti-automation
2
2

Known Vulnerabity
2
1
1
Denial of Service
1
1

Brute Force
1
1

Defacement
1
1

Directory Indexing
1

1
HTTP Response Splitting
1

1
Insufficient Session Expiration
1
1

Path Traversal
1

1
Phishing
1
1

Redirection
1

1
Insufficient Process Validation
1
1




References

BBC News. (2005). “Web server attacks 'growing fast': More than 2,500 web servers every day are being hacked, reveals a report.” Retrieved November 2007 from website: .
Web Application Consortium. (2007). “Web Hacking Statistics.” Retrieved November 2007 from website: .

Posted by Dr.Tai Cleveland at 7:12 AM

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)