New & Notable
Application Attacks (Buffer Overflows, Cross-Site Scripting) News
July 01, 2014
A new online archive is allowing researchers to anonymously submit and expose cross-site scripting vulnerabilities uncovered across the Web.
May 01, 2014
Microsoft's out-of-band patch for the 'use-after-free' IE zero day offered a fix for Windows XP, which is now being actively targeted.
April 28, 2014
The IE zero-day, first spotted by FireEye, is being actively exploited in the wild. US-CERT recommends avoiding IE until a fix is released.
February 14, 2014
FireEye first reported that the zero-day exploit affecting IE 9 and 10 is part of a watering hole attack utilizing the U.S. VFW's website.
Application Attacks (Buffer Overflows, Cross-Site Scripting) Get Started
Bring yourself up to speed with our introductory content
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Continue Reading
This security school lesson details the myriad of Web application attacks in circulation today, providing detailed explanations of SQL injection attacks, clickjacking, cross-site scripting and cross-site request forgery attacks and other Web-based ... Continue Reading
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or ... Continue Reading
Evaluate Application Attacks (Buffer Overflows, Cross-Site Scripting) Vendors & Products
Weigh the pros and cons of technologies, products and projects you are considering.
Microsoft Silverlight has been in the spotlight due to an increase in the number of exploit kits it is included in. Expert Nick Lewis explains the threat's severity and how to mitigate it. Continue Reading
Cross-scripting or XSS flaws have been major website vulnerabilities for the past two decades. So why are major sites still falling victim? Expert Michael Cobb explains. Continue Reading
The OWASP Top Ten Proactive Controls can reduce Web application vulnerabilities, but are they difficult and expensive to implement? Continue Reading
Manage Application Attacks (Buffer Overflows, Cross-Site Scripting)
Learn to apply best practices and optimize your operations.
Enterprise threats expert Nick Lewis reveals two key ways to prevent SQL injection attacks without breaking the bank on an expensive code review. Continue Reading
Enterprise threats expert Nick Lewis examines how the BREACH attack exploits HTTPS traffic and what enterprises can do to mitigate the attack risk. Continue Reading
In this issue, find out who won this year’s Security 7 Award, Also, we examine the pros and cons of the Metasploit penetration testing framework. Continue Reading
Problem Solve Application Attacks (Buffer Overflows, Cross-Site Scripting) Issues
We’ve gathered up expert advice and tips from professionals like you so that the answers you need are always available.
SQL injection attacks continue to plague enterprises. However, performing audit code validation when using outsourced developers can be a challenge. Expert Nick Lewis explains how to prevent these attacks. Continue Reading
A vulnerability found in Web browsers allows malware to bypass XSS filters. Michael Cobb explains how to address the issue. Continue Reading
Learn how DOM-based XSS attacks differ from typical cross-site scripting attacks, and learn best practices for defending against them. Continue Reading