Home > Attacks targeted to specific applications
Book Chapter:
EMAIL THIS LICENSING & REPRINTS

Attacks targeted to specific applications

26 Jan 2007 | By Dan Sullivan, Realtimepublishers

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   

This is tip No. 4 in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by Realtimepublishers.

An emerging threat is the threat of specialized attacks against targeted applications. These attacks are focused on a particular database or application with the objective of gaining access to information or services. Economics is the primary driver of these types of attacks. Well-defined and enforced access controls, secure software development practices, and detailed monitoring of applications are required to combat these specialized attacks.


How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Application Attacks (Buffer Overflows, Cross-Site Scripting)
Microsoft warns of attacks against Microsoft Access zero-day flaw
Tips for SQL injection protection
Microsoft addresses XSS in Internet Explorer
Internet Explorer open to spoofing, scripting attacks
Software still plagued with security holes, researcher says
Microsoft tools won't be quick fix for SQL injection attacks
Microsoft identifies tools to address SQL injection attacks
New defenses for automated SQL injection attacks
Alarming SQL injection attacks
Adobe Flash Player flaw previously patched, Symantec says
Application Attacks (Buffer Overflows, Cross-Site Scripting) Research

Database Security
Oracle releases 45 database, application fixes
Microsoft to issue Windows, SQL Server updates
Fortinet acquires database vulnerability scanner from IPLocks
Information security book excerpts and reviews
Product review: Symantec Database Security 3.1
New SQL injection technique threatens Oracle databases
Oracle fixes 41 flaws in April CPU
The ins and outs of database encryption
Product Review: Imperva's SecureSphere Database Gateway
Product review: Application Security Inc.'s DbProtect
Database Security Research

Secure Software Development
Security issues found in the Spring Framework
Software still plagued with security holes, researcher says
Microsoft tools won't be quick fix for SQL injection attacks
Which automated quality assurance tools can be used to test software?
Gary McGraw on secure software development
Product review: Mu-4000 Security Analyzer
Product review: Klocwork Insight 8.0
HP aims at IBM with application vulnerability scanning as service
Information security book excerpts and reviews
7 Security Questions to Ask Your SaaS Provider

RELATED GLOSSARY TERMS
Terms from Whatis.com − the technology online dictionary
cache poisoning  (SearchSecurity.com)
cyberterrorism  (SearchSecurity.com)
dictionary attack  (SearchSecurity.com)
directory harvest attack  (SearchSecurity.com)
distributed denial-of-service attack  (SearchSecurity.com)
JavaScript hijacking  (SearchSecurity.com)
ping of death  (SearchSecurity.com)
script kiddy  (SearchSecurity.com)
stack smashing  (SearchSecurity.com)
SYN flooding  (SearchSecurity.com)

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary


TechTarget Security Media
Information Security View this month\\'s issue and subscribe today.
Information Security Decisions Apply online for free conference admission.
SearchSecurity.com
HomeNewsMagazineWebcastsWhite PapersLearningAdviceTopicsEventsAbout Us

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Reprints  |  Site Map




All Rights Reserved, Copyright 2003 - 2008, TechTarget | Read our Privacy Policy
  TechTarget - The IT Media ROI Experts