Verizon's 2014 Data Breach Investigations Report finds that 35 percent of data breaches in 2013 targeted Web apps, making these types of attacks the most common type of security incident. And unfortunately, enterprises are doing a poor job of finding these attacks themselves. In incidents with a financial motive, only 9 percent of organizations identified the problem internally; in incidents with an ideological motive, only 1 percent did so.
Enterprise Web development teams are advised to keep software up to date and to pay attention to secure coding practices.
After Web app attacks, cyberespionage and POS attacks were the most common types of security incident leading to data breach, according to the report.