Verizon's annual data breach investigation report came out last week, and I finally had a chance to read through it. I read others security bloggers synopsis of it but none of them seemed to point out anything that was interesting to me.
Here is the interesting bit that I found: Verizon actually recorded someone using XSS as an attack vector.
Typically, it is very difficult to find anything online that points to people using XSS maliciously. Most of the time, XSS is used to increase page views (recent Mikeyy worm) or for popularity (Sammy Worm).
We, the security community, now have some type of hard evidence to explain how XSS could potentially be an issue for companies. Is this enough to bring awarness to management?
Technorati Tags: Verizon 2009 Data Breach Investigation report 2009 XSS Sammy Worm Mikeyy