This tip reviews five of the most common attacks against Web applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcation and session management, insecure direct object references and security misconfiguration. Expert Michael Cobb explains how each one works and the damage they're capable of doing.
He also provides specific countermeasures for each of these attacks, including security policies and security defense technologies worth considering for safeguarding applications against each attack; plus, he details how to improve incident response in the event of an attack.
Read the full tip here.
This was first published in November 2005