I wanted to share some exciting news with everyone. I have taken over as the Project Leader for the WASC Web Hacking Incident Database (WHID) Project. First of all I wanted to thank Ofer Shezaf for starting WHID and for all of the great work he has done with it. It is a tremendous resource for real-world web application security awareness as it helps to prioritize attacks/vulnerabilities that are currently being used by cyber-criminals to compromise sites. I am excited to keep it going and to hopefully increase its value to the community.
Changes to WHID
- The WHID data has been uploaded to a new DabbleDB account which will help to allow for multiple WHID authors. If you would like to participate in this capacity, please let me know and I will get you setup.
- The project page has been updated to embed the DabbleDB data, with search filters, into the existing WHID Project page. This makes searching and filtering much easier. You can also access it directly here.
- We also added an Incident Entry Submittal Form directly on the page so it will be easier for the community to send in links to web hack stories. This will then place the link in a queue and email me for a follow-up.
- Lastly, we also added a new RSS feed and Twitter account so you can keep track of WHID entries as they happen.
If you have any comments about WHID or recommendations for making it more useful, please let me know.