Imperva issued its annual attack report, which includes very interesting findings regarding web application security. They analyzed 297,954 attacks and 22,850,023 alerts on 198 of the applications protected by Imperva WAF.
Last year researchers spotted usual interest in vulnerabilities in WordPress installations, as well as other content management systems. Typically, WordPress and other CMS applications are derived from a common template, enabling automated scanning attacks that work effectively on multiple sites.
In general websites with CMS were targeted 3 time more than websites without CMS. WordPress was targeted 3.5 times more than other content management systems.
According to research, Shellshock attacks were detected in 100% of the applications in very similar numbers, indicating blind scanning of the Internet.
Report indicates, that attackers used 3 times more attempts to exploit SQL injection attacks than in previous year. Also number of XSS attacks increased 2,5 times.
The original report can be downloaded from here: https://www.imperva.com/docs/HII_Web_Application_Attack_Report_Ed6.pdf
