New Incident Database Tracks Web Application-Related Security Breaches
Mr. Ofer Shezaf, chief technology officer, Breach Security, and an officer of the Web Application Security Consortium (WASC), will lead the new Web Hacking Incidents Database project, a new initiative designed to track all reported Web application security breaches. WASC is an international group of security experts and industry leaders that develop, adopt, and advocate best-practice security standards for web application security. WASC maintains a number of projects to generate web application security awareness, classify threats against web applications, and provide evaluation criteria for web application security solutions.
The new Web Hacking Incidents Database (WHID) project tracks publicly-reported security incidents that can be associated with Web application security vulnerabilities exploited through targeted attacks. The goal of the new project is to provide a tool to raise awareness of Web application security problems and provide information for statistical analysis of Web applications security incidents.
In the United States and Europe there are privacy laws that require public reporting of security breaches, however these reports do not indicate how the breach has occurred. The new WHID tracks such security breaches assisting IT managers and business leaders in assessing the threat in insecure web applications and better protect their business-critical information assets.
“Understanding the cause of Web application security incidents is vital to defending websites,” said Jeremiah Grossman, founder and CTO, WhiteHat Security and WASC co-founder. “The WHID project enables the community to learn and improve upon our best practice standards.”
“Web-based attacks are on the rise, and the WHID is an ideal tool to alert IT Managers and the business community of the risks they face unless they take the proper precautions to protect their Web applications from targeted attacks,” said Mr. Shezaf. “Effective solutions for Web application security threats can detect and protect against attacks and secure business-critical Web applications in ways that exceed security from network firewalls and IDS/IPS solutions. The CardSystems incident is known to be the worst ever security breach, but how was it performed and how can one protect from a similar attack? WHID provides answers to these questions.”