Web Hacking Incident Database annual report released

• Attack Method - The technical vulnerability exploited by the attacker
  to perform the hack.
• Outcome - the real-world result of the attack.
• Country - the country in which the attacked web site (or owning
  organization) resides.
• Origin - the country from which the attack was launched.
• Vertical - the field of operation of the organization that was
  attacked.

Key findings where:

• 67% percent of the attacks in 2007 were "for profit" motivated.
  Ideological hacking came second.
• With 20%, good old SQL injections dominated as the most common
  techniques used in the attacks. XSS finished 4th with 12 percent and the
  young and promising CSRF is still only seldom exploited out there and was
  included in the "others" group.
• Over 44% percent of incidents were tied to non-commercial sites such as
  Government and Education. We assume that this is partially because
  incidents happen more in these organizations and partially because these
  organizations are more inclined to report attacks.
• On the commercial side, internet-related organizations top the list.
  This group includes retail shops, comprising mostly e-commerce sites,
  media companies and pure internet services such as search engines and
  service providers. It seems that these companies do not compensate for
  the higher exposure they incur, with proper security procedures.
• In incidents where records leaked or where stolen the average number of
  records affected was 6,000.