The Web Hacking Incidents Database 2008: Annual Report
Source: Breach Security
The Web Hacking Incident Database (WHID) is a project dedicated to maintaining a list of web application-related security incidents. The WHID's purpose is to serve as a tool for raising awareness of web application security problems and provide information for statistical analysis of web application security incidents. Unlike other resources covering web site security, which focus on the technical aspect of an incident, the WHID focuses on the impact of the attack. To be included in the WHID, an incident must be publicly reported, be associated with web application security vulnerabilities and have an identified outcome.