Web applications are attacked every two minutes and at some times can experience upwards to 25,000 attacks an hour according to a report published by security firm Imperva today.
As part of its continuing Hacker Intelligence initiative, Imperva’s Application Defense Center (ADC) released their Web Application Attack Report after analyzing six months of web traffic and more than 10 million attacks from December 2010 to May 2011. The study also followed onion router (TOR) traffic.
The ADC categorized the attacks four ways and found that 75 percent of the attacks were done via directory traversal, cross-site scripting, SQL injection or remote file inclusion (RFI). Over 61 percent of the attacks emanated from bots in the United States while the second highest origin point, China, made up 10 percent of the attacks.
Imperva makes a point in the report to mention that the Lulzsec attacks, including hacks on Sony, the CIA and the U.S. Senate, are not part of their study as they were conducted throughout the month of June after their study had concluded.
The full report, available in PDF form, is available to view here.