Slashdot Mirror

← Back to Users

User: shezaf

shezaf's activity in the archive.

Stories
0
Comments
2
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 2

  1. Re:Number of hacking attempts on Number of Web Application Hacks Up · · Score: 1
    If you are aware of incidents that are not in WHID I would appreciate it if you took the time to write to us about them. There might be a reason that they are not there (in most cases we cannot establish that they are web hacks) or we just missed them. Also, as the FAQ states, if you feel that a reported incident is not classified correctly or should not be included in the database, please write.

    As to the statistical value of the database: the numbers are indeed too small to conclude any accurate conclusion, but I think that they do show a direction.

  2. Re:Number of hacking attempts on Number of Web Application Hacks Up · · Score: 1
    As the person behind WHID, let me try to clarify: the criteria for inclusion in WHID are very strict. The goal is to list only incidents that are related to web application layer vulnerabilities and can publicly proved to be so. We do that in order to show that application layer security is an issue without getting into FUD.

    Specifically addressing the defacement incidents reported in zone-h, bear in mind that in nearly all of these incidents there is no public information on the way in which they where carried. A hacked web site does not imply that the hacking utilized an application layer vulnerability. Additionally, many defacements are not targeted and are the result of a wide scan for vulnerable sites and therefore we do not normally include defacements in WHID.

    You can read more about the criteria for inclusion in WHID in the FAQ http://www.webappsec.org/projects/whid/faq.shtml