Distribution of Attacks on Web apps

Here is the link I was referring to in my post on cross site scripting. Long story short, XSS attacks are now accounting for 21.5%, SQL injections are 14%, php "includes" a whopin 9.5% and buffer overflow 7.9%.  After all it's much easier to perform an XSS attack or SQL injection than figure a buffer overflow.