Attacks targeted to specific applications

An emerging threat is the threat of specialized attacks against targeted applications. These attacks are focused on a particular database or application with the objective of gaining access to information or services. Economics is the primary driver of these types of attacks. Well-defined and enforced access controls, secure software development practices, and detailed monitoring of applications are required to combat these specialized attacks.

How to Assess and Mitigate Information Security Threats
  Introduction
  Malware: The ever-evolving threat
  Network-based attacks
  Information theft and cryptographic attacks
  Attacks targeted to specific applications
  Social engineering
  Threats to physical security
  Balancing the cost and benefits of countermeasures

This chapter excerpt from the free eBook The Shortcut Guide to Protecting Business Internet Usage, by Dan Sullivan, is printed with permission from Realtimepublishers, Copyright 2006.

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Application Attacks (Buffer Overflows, Cross-Site Scripting) Microsoft warns of attacks against Microsoft Access zero-day flaw Tips for SQL injection protection Microsoft addresses XSS in Internet Explorer Internet Explorer open to spoofing, scripting attacks Software still plagued with security holes, researcher says Microsoft tools won't be quick fix for SQL injection attacks Microsoft identifies tools to address SQL injection attacks New defenses for automated SQL injection attacks Alarming SQL injection attacks Adobe Flash Player flaw previously patched, Symantec says Application Attacks (Buffer Overflows, Cross-Site Scripting) Research Database Security Oracle releases 45 database, application fixes Microsoft to issue Windows, SQL Server updates Fortinet acquires database vulnerability scanner from IPLocks Information security book excerpts and reviews Product review: Symantec Database Security 3.1 New SQL injection technique threatens Oracle databases Oracle fixes 41 flaws in April CPU The ins and outs of database encryption Product Review: Imperva's SecureSphere Database Gateway Product review: Application Security Inc.'s DbProtect Database Security Research Secure Software Development Security issues found in the Spring Framework Software still plagued with security holes, researcher says Microsoft tools won't be quick fix for SQL injection attacks Which automated quality assurance tools can be used to test software? Gary McGraw on secure software development Product review: Mu-4000 Security Analyzer Product review: Klocwork Insight 8.0 HP aims at IBM with application vulnerability scanning as service Information security book excerpts and reviews 7 Security Questions to Ask Your SaaS Provider

RELATED GLOSSARY TERMS Terms from Whatis.com − the technology online dictionary cache poisoning  (SearchSecurity.com) cyberterrorism  (SearchSecurity.com) dictionary attack  (SearchSecurity.com) directory harvest attack  (SearchSecurity.com) distributed denial-of-service attack  (SearchSecurity.com) JavaScript hijacking  (SearchSecurity.com) ping of death  (SearchSecurity.com) script kiddy  (SearchSecurity.com) stack smashing  (SearchSecurity.com) SYN flooding  (SearchSecurity.com)

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary