Number of Web Application Hacks Up

An anonymous reader writes "According to an article at Information Week, 'Web site hacks are on the rise and pose a greater threat than the broad-based network attacks...' Citing statistics from the Web Hacking Incidents Database, 'Web hacking attacks numbered 58 in 2005, up from 16 in 2004 and 9 in 2003. Another 20 attacks have been reported this year against sites including open-source repository Sourceforge.net and social network MySpace.com, putting 2006 on pace to be the worst year yet.'"

Re:Number of hacking attempts

[mysqlrocks]

Even if only a small percentage of all web attacks are reported, if that percentage stays stable then a rise in the number reported implies a rise in the total number of attacks.

Let's assume for a second that 1% of all attacks are reported. That would mean that 16 out of 1600 were reported in 2004 and 58 out of 5800 were reported in 2005. Now, let's say that the percentage of reports increased by 1% point in 2005. So, 1% reported in 2004 and 2% reported in 2005. That would mean that 16 out of 1600 were reported in 2004 and 58 out of 2900 were reported in 2005. So, in this scenario what looked look a 362.5% increase in attacks is actually only a 181.25% increase in attacks. So, a small change in the reported percentage could make a huge difference in the apparent increase. These numbers are so ridiculously low to begin with, I wouldn't be surprised if less than 1% of web attacks are reported. I looked through the list and can think of some attacks I know of to some pretty big sites that weren't reported. Plus, some incidents are pretty generic and don't address a specific attack while others do address specific attacks. So, their definition of a "Web hacking attacks" seems to be quite fluid. Basically what I'm saying is that these numbers are absolutely meaningless.