Important! You can find updates to WHID at the new WHID site

• The drivers, business or other, behind Web hacking.
• The vulnerabilities hackers exploit.
• The types of organizations attacked most often.

• Attack Method - The technical vulnerability exploited by the attacker to perform the hack.
• Outcome - the real-world result of the attack.
• Country - the country in which the attacked web site (or owning organization) resides.
• Origin - the country from which the attack was launched.
• Vertical - the field of operation of the organization that was attacked.

• 67% percent of the attacks in 2007 were "for profit" motivated. Ideological hacking came second.
• With 20%, good old SQL injections dominated as the most common techniques used in the attacks. XSS finished 4th with 12 percent and the young and promising CSRF is still only seldom exploited out there and was included in the "others" group.
• Over 44% percent of incidents were tied to non-commercial sites such as Government and Education. We assume that this is partially because incidents happen more in these organizations and partially because these organizations are more inclined to report attacks.
• On the commercial side, internet-related organizations top the list. This group includes retail shops, comprising mostly e-commerce sites, media companies and pure internet services such as search engines and service providers. It seems that these companies do not compensate for the higher exposure they incur, with proper security procedures.
• In incidents where records leaked or where stolen the average number of records affected was 6,000.