Due to the popularity of computers and networks and the rapid progress of attacker skills, computer and network security become a more and more important issue. In the latest 2010 top 10 version, injection style attacks, instead of Cross-Site Scripting (XSS), become the number one threat to web applications. However, due to the easiness to launch a XSS attack, Cross-Site Scripting is still in the second place among various dangerous web threats. The report shows more thorough and reliable input confirmation mechanisms should be provided to web-related programs. Besides, new attack types, like Security Misconfiguration and Unvalidated Redirects and Forwards, are also serious threats to web applications. Along with the development of attack skills, attacks originating from the other side of Taiwan Strait also increase. These attacks either change the appearance of compromised web servers or inject vicious code into web pages to attack web browsers displaying them. Even though these attacks may have different origins and motivation, they clearly show the serious threats creating by the Chinese Net-force.