According to the new report from the SANS Institute (published on November 28, 2007), web application attacks are growing and becoming more sophisticated. Commercially available and open source Web applications, and also custom-built Web applications have been actively attacked and exploited. Read the complete SANS document here.