Search blog for


Imperva Web Application Attack Report (WAAR) #5

Today, we are proud to release the 5th installment of our annual Web Application Attack Report.
For those of you new to this report, Imperva’s Web Application Attack Report (WAAR) is a thorough analysis of the web application attack surface and attacker behavior trends over a specific period of time – in this case, from August 1, 2013 to April 30, 2014. The findings covered in this report come from an analysis of the data collected by our Community Defense crowdsourced threat intelligence capability (free to all ThreatRadar users), which tracks actual attacks that hit our web application firewalls all over the globe, as well as from our Honeypots and various other intelligence systems.
This year, we have decided to increase the breadth of the report by providing meta-analysis on top of the statistical information, correlating to system types, verticals, technologies as well as to geographical information.
Why WAAR Matters?
One of the things that keep us intrigued about the data that we gather, is there’s still tons of data to gather. While many other security vendors and products claim to deal with application security problems such as SQL Injection, Cross Site Scripting, Remote File Inclusion and more, there’s still plenty for WAFs to catch. The findings in our report come directly from our customers’ web application firewalls, which are always placed as a last line of defense in front of the application itself. This means that our WAF is behind the firewalls, intrusion prevention systems, and other security products intended to protect an organization’s data assets. If these other products had solved the web application security problem, our report would have been empty.
WAAR #5 Highlights
While we encourage you to read the report, here are some key highlights from the report itself:

  1. Web application attack campaigns are 44% longer than they were during the time period covered by the previous report
  2. There is a 24% increase in RFI (remote file inclusion) attacks since the previous report
  3. Retail websites were targeted by 48.1% of all attack campaigns
  4. PHP applications suffer three times more Cross Site Scripting attacks than .NET applications
  5. WordPress CMS is attacked 24% more than all other CMS systems combined
  6. AWS servers were the origin of 20% of all known vulnerability (CVE) exploitation attempts

Download the report
Please download the report here.