Home > Web Application Attacks Learning Guide
Learning Guide:
EMAIL THIS

Web Application Attacks Learning Guide

11 May 2006 | SearchSecurity.com

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This guide explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them. As a bonus, this learning guide is also available as a PDF download.

TABLE OF CONTENTS
   Introduction to Web application attacks
   Buffer-overflow attacks
   Cross-site scripting attacks
   SQL injection attacks
   Denial-of-service attacks
   Other application attacks
   Web application security strategies
   More security learning resources
   Security IT Downloads

  Introduction to Web application attacks Return to Table of Contents

  • Article: Spyware, application attacks to be biggest 2006 threats
  • Quiz: Web application threats and vulnerabilities
  • Technical paper: Know your enemy: Why your Web site is at risk, part 1
  • Technical paper: Know your enemy: Why your Web site is at risk, part 2

    •   Buffer-overflow attacks Return to Table of Contents

  • Glossary definition: Buffer-overflow
  • Article: Drowning in buffer-overflow vulnerabilities
  • Article: Buffer-overflow attacks: How do they work?
  • Article: You can prevent buffer-overflow attacks
  • Book chapter: Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflows
  • Expert advice: How buffer-overflows vulnerabilities occur
  • Expert advice: Using OS Security's OSsurance
  • Technical tip: Defining and preventing buffer overflows

    •   Cross-site scripting Return to Table of Contents

  • Glossary definition: Cross-site scripting
  • Book chapter: Content Spoofing
  • Expert advice: How to prevent cross-site scripting
  • Technical tip: XSS - Are you aware you may be vulnerable
  • Technical tip: Deal with cross-site scripting
  • Technical tip: Securing Web apps against authenticated users

    •   SQL Injection attacks Return to Table of Contents

  • Glossary definition: SQL injection
  • Article: Automated SQL Injections: What your enterprise needs to know, Part 1
  • Article: Automated SQL Injections: What your enterprise needs to know, Part 2
  • Article: Raising risk prospects with a new SQL injection threat
  • Book chapter: Under Siege: How SQL Server is Hacked
  • Expert advice: Authenticating Web applications to SQL
  • Technical tip: Preventing SQL Injections
  • Technical tip: Defense tactics for SQL injection attacks
  • Technical tip: Automate SQL injection testing
  • Technical tip: Don't hide sensitive information in hidden form fields
  • Technical tip: Preventing blind SQL injection attacks

    •   Denial-of-service Return to Table of Contents

  • Glossary definition: Denial-of-service
  • Glossary definition: Distributed denial-of-service attack
  • Article: Grid computing and security uncertainties
  • Expert advice: How to protect the network from the new strain of DoS attacks
  • Technical tip: Block and reroute denial-of-service attacks
  • Technical tip: How to repair a compromised VPN
  • Technical tip: How to protect your company against cybercrime
  • Technical tip: Avoiding the scourge of DNS amplification attacks
  • Webcast: Five common application-level attacks and the countermeasures to beat them

    •   Other application attacks Return to Table of Contents

  • Book chapter: State-based attacks: Session management
  • Book chapter: Attacking Web authorization: Web authorization-Session token security
  • Expert advice: Binary over JPEG
  • Expert advice: Web application variable manipulation
  • Expert advice: How to prevent input validation attacks
  • Technical tip: Protect your Web site against path traversal attacks
  • Technical tip: Avoid the hazards of unvalidated Web application input
  • Technical tip: How to avoid authentication bypass attacks
  • Technical tip: XML-based attacks and how to guard against them
  • Technical tip: Improper error handling
  • Technical tip: Evolution: Rise of the bots
  • Technical tip: Five steps for beating back the bots
  • Technical tip: Protecting the network from Web-based service attacks with defense-in-depth
  • Technical tip: HTTP attacks: Strategies for prevention
  • Technical tip: CRLF injection attacks: How they work and what to do about them
  • Webcast: Web attacks and how to defeat them

      Web application security strategies Return to Table of Contents

  • Book chapter: Gaining access using application and operating system attacks
  • Checklist: Checklist of known IIS vulnerabilities
  • Checklist: Windows tools for investigating an attack
  • Checklist: Essential fortification checklist
  • Expert advice: How to develop an effective application security strategy
  • Expert advice: How to prevent application attacks and reduce network vulnerabilities
  • Expert advice: The pros and cons of application firewalls
  • Expert advice: Application development best practices
  • Technical tip: Web application isolation
  • Technical tip: Six steps to securing your Web server
  • Technical tip: Tips for securing Web-based applications
  • Technical tip: Application firewall tips and tricks
  • Technical tip: Best practices for pen testing Web applications
  • Technical tip: Ten dos and don'ts for secure coding
  • Technical tip: Static and dynamic code analysis: A key factor for application security success
  • Technical tip: Application logging is critical in detecting hack attacks
  • Webcast: Locking down Web applications
  • Webcast: Tools for securing the software development lifecycle

    • More security learning resources
    SECURITY SCHOOL LEARNING GUIDES CHECKLISTS GLOSSARY ASK THE EXPERTS


    BROWSE BY TAG
    Web Security Tools and Best Practices,   Web Application Security,   Application and Platform Security,   Application Attacks (Buffer Overflows, Cross-Site Scripting),   Network Intrusion Detection and Analysis,   Enterprise Network Security,   Denial of Service (DoS) Attack Prevention,   VIEW ALL TAGS

    Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   



    RELATED CONTENT
    Web Application Security
    Black box and white box testing: Which is best?
    InZero Systems launches hardware-based security gateway
    Web application vulnerability assessment shows patching progress
    Preventing SQL injection attacks: A network admin's perspective
    Cisco acquires SaaS security vendor ScanSafe
    Web application firewall use goes beyond compliance, company finds
    Gumblar Trojan drive-by exploits spike following Adobe update
    Some Facebook applications lead to Russian attack sites
    Barracuda acquires Purewire expanding Web security reach
    An enterprise strategy for Web application security threats

    Application Attacks (Buffer Overflows, Cross-Site Scripting)
    Quiz: How to build secure applications
    Black box and white box testing: Which is best?
    Adobe warns of critical update for Reader, Acrobat 9.1.3
    9 Ways to Improve Application Security After an Incident
    Developers Need Help with Security Errors
    Buffer overflow tutorial: How to find vulnerabilities, prevent attacks
    SQL injection protection: A guide on how to prevent and stop attacks
    Experts rebuke programmers who use SQL injection as feature
    SANS: Application threats, website flaws pose biggest security threats
    Mozilla helps Adobe push out faster patches
    Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

    Denial of Service (DoS) Attack Prevention
    VeriSign extends DDoS attack protection service
    Conficker authors prepping for next stage, researcher says
    Latest DDoS attacks extremely unsophisticated, experts say
    DDoS attacks hit U.S., South Korean government websites
    How to prevent a denial-of-service (DoS) attack
    I'll be watching you: Wireless IPS
    How to prevent DDoS attacks on websites
    How to prevent network denial-of-service attacks
    What are 'phlashing' attacks?
    Could someone place a rootkit on an internal network through a router?
    Denial of Service (DoS) Attack Prevention Research

    RELATED GLOSSARY TERMS
    Terms from Whatis.com − the technology online dictionary
    anonymous Web surfing  (SearchSecurity.com)
    buffer overflow  (SearchSecurity.com)
    cache cramming  (SearchSecurity.com)
    cookie poisoning  (SearchSecurity.com)
    dictionary attack  (SearchSecurity.com)
    distributed denial-of-service attack  (SearchSecurity.com)
    JavaScript hijacking  (SearchSecurity.com)
    National Computer Security Center  (SearchSecurity.com)
    threat modeling  (SearchSecurity.com)
    trigraph  (SearchSecurity.com)

    RELATED RESOURCES
    2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
    Search Bitpipe.com for the latest white papers and business webcasts
    Whatis.com, the online computer dictionary




    Search Additional Security Research and Solutions
    TechTarget Security Media
    Information Security View this month\\'s issue and subscribe today.
    Information Security Decisions Apply online for free conference admission.
    		SearchSecurity.com
    HomeNewsMagazineMultimediaWhite PapersLearningAdviceTopicsEventsAbout Us
    SEARCH :     Site Index Powered by: Search Powered by Google

    About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
    TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

    TechTarget Corporate Web Site  |  Media Kits  |  Site Map




    All Rights Reserved, Copyright 2003 - 2009, TechTarget | Read our Privacy Policy     		  TechTarget - The IT Media ROI Experts