This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

The Web Hacking Incident Database (WHID) Report

Jump to: navigation, search


Registration | Hotel | Walter E. Washington Convention Center

The presentation

Ryan Barnett-headshot.jpg
The web hacking incident database (WHID) is a Web Application Security Consortium project dedicated to maintaining a list of web applications related security incidents. WHID goal is to serve as a tool for raising awareness of the web application security problem and provide information for statistical analysis of web applications security incidents. The database is unique in tracking only media reported security incidents that can be associated with a web application security vulnerability. This presentation will highlight the statistics gathered from 2010 thus far and provide insight into categories such as:
  1. Top Attack Methods
  2. Top Compromise Outcomes
  3. Top Target Geographic Region
  4. Top Vertical Markets Hit.

The presenter will also provide some in-depth analysis for specific WHID entries.

Ryan Barnett

Ryan C. Barnett is a senior security researcher on Trustwave's SpiderLabs Team. He is a SANS Institute certified instructor and a member of both the Top 20 Vulnerabilities and CWE/SANS Top 25 Most Dangerous Programming Errors teams. In addition to working with SANS, he is also a WASC Member where he leads the Web Hacking Incidents Database (WHID) and Distributed Open Proxy Honeypots Projects and is also the OWASP ModSecurity Core Rule Set (CRS) project leader. Mr. Barnett has also authored a Web security book for Addison/Wesley Publishing entitled Preventing Web Attacks with Apache. .