[Owasp-cincinnati] Fw: WHID Report

Wed Jun 3 07:54:20 EDT 2009

List

this is the WHID report and the analysis of  2008. IIt is interesting because it takes into account the attacker motives that is a threat agent factor in the threat analysis.
Also provides metrics on the most used vulnerabilities for the attacke motives and the most popular targets (e.g. companies, organizations) for the attacks.

The June presentation will cover the first six months of 2009 with a slightly different analysis more targeting the type of attacks and impact (e.g. top compromise outcomes) as well as target factors by geography and market.

Hope this is useful

Marco
OWASP Chapter Lead
----- Original Message ----- 
From: Mark Hanson 
To: Marco M. Morana 
Sent: Tuesday, June 02, 2009 9:16 PM
Subject: RE: Upcoming June Meeting Updates

Marco,

I am not sure I sent you the report. See attached.

Mark Hanson 
Regional Sales Manager-Breach Security Inc. 
608-831-8001 Office 
608-438-5918 Cell 
mhanson at breach.com Email 
www.breach.com WWW 

Forrester webinar: "Web Application Firewalls: A Cost Effective Way to Improve Web Application Security" www.breach.com/forresterwebinar 
NOTICE OF CONFIDENTIALITY:
The information contained in this email transmission is confidential information which may contain information that is legally privileged and prohibited from disclosure under applicable law or by contractual agreement. The information is intended solely for the use of the individual or entity named above. If you are not the intended recipient, you are hereby notified that any disclosure, copying, distribution or taking of any action in reliance on the contents of this email transmission is strictly prohibited. If you have received this email transmission in error, please notify us immediately by telephone to arrange for the return of the original transmission to us.

--------------------------------------------------------------------------------
From: Marco M. Morana [mailto:marco.m.morana at gmail.com] 
Sent: Tuesday, June 02, 2009 7:22 PM
To: owasp-cincinnati at lists.owasp.org
Cc: Mark Hanson; Ryan Barnett
Subject: Upcoming June Meeting Updates

OWASP Cincinnati members

I have the pleasure to announce the upcoming June meeting details:
  a.. When: Tuesday, June 23rd, 12.00 - 1.30 PM 
  If you plan to attend the meeting please RSVP by email to Marco Morana (marco[dot]m[dot]morana[at]gmail[dot]com) 
  a.. The Web Hacking Incidents Database (WHID) - 2009 Analysis Ryan Barnett -Breach Security Inc 
  The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from the 1st half of 2009 (January - June) and provide insight into categories such as: 1) Top Attack Methods, 2) Top Compromise Outcomes, 3) Top Target Geographic Region, 4) Top Vertical Markets Hit. The presenter will also provide some in-depth analysis for emerging threats/attack techniques such as planting of malware on websites and reflected cross-site scripting through sql injection. 
  a.. Presenter Bio 
  Ryan Barnett is the Director of Application Security Research at Breach Security where he leads Breach Security Labs. He is a Member of the Web Application Security Consortium (WASC) where he leads the Distributed Open Proxy Honeypot Project. He is also the leader of the OWASP ModSecurity Core Rule Set (CRS) Project which provides web application firewall rules to the public. Mr. Barnett is a frequent speaker at industry conferences such as Blackhat and he has also authored a web security book for Pearson Publishing entitled "Preventing Web Attacks with Apache." 
  a.. Location / Venue Sponsor: Citibank 9997 Carver Road, Bldg. 1, Cincinnati, Ohio, 45242-5537 
  For help with directions contact Citi Blue Ash help desk at (513) 979-9000 or check directions herein. 
  Please access the building from the visitor lobby. OWASP meetings are held at the "Buckeyes" lecture room. 
  a.. Agenda 
    a.. 12:00 - 12:30 Registration & Lunch (Courtesy of Breach Security) 
    b.. 12:30 - 1:30 Presentation 
  a.. Proof of ID is required to attend the meeting 
  Citi guards verify that you pre-registered to the meeting by checking the RSVP list. Once you are checked and identified (please bring a proof of ID) you will be granted visitor access to the training facilities. 
  a.. Presenter logistics 
  The lecture room is equipped with video and audio system to be used with the presenter's laptop. Presentations ( e.g. powerpoint, flash demos) can be uploaded and ran on a MS Windows XP loaded Citi owned laptop upon request. External internet connection is only provided from Citi owned laptops. 
Please help spread the word about our OWASP chapter to collegues and anyone interested to learn more about application security.

Thanks

Marco M.
OWASP Chapter Lead
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20090603/c94b06f4/attachment-0001.html 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: WHID 2008.pdf
Type: application/pdf
Size: 639651 bytes
Desc: not available
Url : https://lists.owasp.org/pipermail/owasp-cincinnati/attachments/20090603/c94b06f4/attachment-0001.pdf 