SpamAssassin reports are nearly completed. Daily reports have been added.

There are many ways to hack your website. Some are using framework vulnerabilties and they can be logged in your web server.
I'm thinking about adding such feature in w3perl. They are already some basic strings which may be filtered as a request for password file.

Here is a list of useful informations about web security :

http://www.watchguard.com/infocenter/editorial/135142.asp
http://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet
http://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/cross-site-malicious-content.html
http://www.cgisecurity.com/xss-faq.html
http://www.ibm.com/developerworks/web/library/wa-secxss/
http://www.dwheeler.com/secure-programs/Secure-Programs-HOWTO/cross-site-malicious-content.html
http://www.webreference.com/programming/perl/taint/
http://www.technicalinfo.net/papers/CSS.html

Preliminary support for SpamAssassin logfile have been added. The package can now parse your mail logfile (or syslog) and detect spam entries or you can specify a spamassassin logfile. Only SpamAssassin logfile version 3 is supported.
You can choose also to parse only spam entries.

Spam report - Remote emails flaged as spam - Local emails flaged as spam - Highest sender/receiver spam - Number of spam by day - Spam rank histogram - Number of spam flag histogram - Spam sorted by domain - Stats over flag spam