95% of attacks target web servers and applications through SQL injection and other injection attacks, which were used to install malware over 60% of the time. Solutions include secure coding training, code reviews, log monitoring, and awareness of new attacks.