The Web Hacking Incident Database, or WHID for short, is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. WHID has been featured in Information Week and slash dot.
"Thanks so much for the WHID, having a public repository such as this makes it easier for security practitioners to justify what they do for their colleagues. You make my job easier, thanks!"
-Erik Cabetas, Security Officer for a large E-Commerce website.
The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. We also try to limit the database to targeted attacks only. Please refer to the FAQ for further information on what you will find and what you will not find in WHID.
If you have additional information on those or other web hacking incidents, you are more than welcome to share this information with us (rcbarnettgmail.com).
Project Leader
If you would like to be involved with the project, please contact the project leader - Ryan Barnett (rcbarnettgmail.com).
Keep Track of the Latest Entries With our RSS and Twitter Feeds
Real-Time Statistics
The default views show all Attack, Weakness and Outcomes for all Vertical Markets. If you prefer, you may optionally apply two filters:
WHID ID - default is to show all entries. You can optionally specify a YEAR (example - enter "2009") to see all results from that year.
Attacked Entity Field - this applies a Vertical Market-View by selecting an Attacked Entity Field option from the drop-down lists. This will then show you the data for your chosen market field.
Top Attack Methods
Top Application Weaknesses
Top Outcomes
Search the WHID Database
WHID Views
Geographic View
Calendar View
Management View
Use the search filtering below to select the "Outcome" of interest to you and your business and then review which Attack Methods and Application Weaknesses lead to this Outcome.
Security Analyst View
Use the search filtering below to select the "Attack Method" of interest to you and your business (perhaps you know that your sites are vulnerable to SQL Injection) and then review the underlying Application Weakness and potential Outcomes. This data will help to facilitate discussions with both Management and Developers.
Developer View
Use the search filtering below to select the "Application Weakness" of interest to you and your business and then review the various Attack Methods that may exploit the weakness and the different potential Outcomes.
Analysis of the Web Hacking Incident Database (WHID) 2008 by Ofer Shezaf at the OWASP AppSec NYC Conf 2008
Disclaimers
WHID is based entirely on public information. All the incidents listed here where reported publicly before on other web sites and each incident includes references to those sites. Please also note that unless mentioned otherwise all the vulnerabilities listed have already been fixed.
gmail.com).
Comments (0)
You don't have permission to comment on this page.