OWASP AppSec DC 2012/State of Web Security

The Presentation
I will cover the current state of web based attacks as we see them monitored on our network. In total somwhere around 1 million+ domains are attacked and monitored on our network, so the sample of data provided should be acceptably accurate. The data will be provided in the presentation using statistical data of logged attacks against our network and customer's sites (and can be provided to security researchers in a raw formet). This will provide the audience with a knowledge of how severe a new exploit can become once attackers utilize it, as well as details on what types of attacks are popular with malicious parties. If there is time, I think the crowd would also enjoy a detailed dissection of a handful of common backdoors we see on our network (of course choosing the most unique and interesting backdoors we encounter.) This is not to help the audience on how to design backdoors, but instead provides a basic overview of these attacker's knowledge and intent (why the bad guys do the things they do.) This presentation would fit well most any track you have (45 minute, 20 minute turbo talk, or a panel if I can bring in more presenters from other hosting providers/services.) I will tailor the presentation to fit the target audience (more overview of the threat model for management and more technical details for the end users, etc...)