Encoded SQL injection and cross-site scripting (XSS) attacks are becoming all the rage as Web defenses are getting better at catching these popular scripting attacks, according to WhiteHat Security’s Website security statistics report released today. Attackers have begun hiding the malicious code by encoding so they can keep using these old-school attacks, which organizations are getting better at detecting in the clear, says Grossman. Mary Landesman, senior security researcher at ScanSafe, says her Web security services firm is also seeing more obfuscation, including encryption, of malicious code being injected into Websites.