-
PING with Mark Odiorne
In this exclusive interview Mark Odiorne, CISO at Scottish Re, provides insights on pen testing procedures, prioritizing security for senior management and keeping compliant. Information Security maga
-
Attacks targeted to specific applications
This is the fourth tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage," pu... Book Chapter
-
Balancing the cost and benefits of countermeasures
The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
-
How to assess and mitigate information security threats
Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage. Book Chapter
-
Network-based attacks
The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published by ... Book Chapter
-
Implementing Multiple Solutions
Book Chapter
-
Attacking Web authorization: Web authorization-Session token security
This excerpt from Chapter 5: Attacking Web Authorization of "Hacking Exposed Web Applications, Second Edition," by Joel Scambray, Mike Schema and Caleb Sima provides authorization and session management technique best practices Book Chapter
-
Application layer logging quiz answers
Application layer logging quiz answers Quiz
-
Answers: Could you detect an application attack?
SearchSecurity Retention
-
Quiz: Prevent phone phishing scams
SearchSecurity Retention
- See More: Essential Knowledge on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
New GrayWolf tool sheds light on Microsoft .NET application security
Black Hat 2011: A free Microsoft .NET application security tool helps programmers reverse-engineer .NET applications to manipulate and control them. News | 04 Aug 2011
-
Cross-site scripting vulnerability discovered in Adobe Flash Player
Adobe issued an update Sunday repairing the Flash Player flaw in the wake of targeted email attacks attempting to exploit the flaw. News | 06 Jun 2011
-
Software code analysis firm gives security vendors poor marks
The latest study of application code by Veracode found many applications submitted by software makers are of “unacceptable security quality.” News | 20 Apr 2011
-
Hackers use blind SQL injection attack to crack Oracle-Sun, MySQL.com
Attack enabled hackers to gain access to various databases containing account credentials associated with the website. Article | 28 Mar 2011
-
Researcher breaks Adobe Flash sandbox security feature
Adobe is responding to a new method that breaks a security feature and prevents Flash files from passing data to remote systems; it is classified as "moderate" security threat. Article | 06 Jan 2011
-
Mozilla extends bug bounty to Web application vulnerabilities
Mozilla will reward vulnerability hunters for critical flaws found on a dozen Mozilla websites. Article | 15 Dec 2010
-
Cross-site scripting Twitter attack causes chaos
A cross-site scripting Twitter attack could have been exploited to spread dangerous malware and steal user data, experts said. Article | 21 Sep 2010
-
Adobe issues warning about zero-day vulnerability in Flash Player
Alert follows last week's warning of a critical flaw in Reader, Acrobat. Article | 13 Sep 2010
-
Adobe warns of critical zero-day flaw in Reader, Acrobat
No patch yet available for zero-day vulnerability that is reportedly being exploited in the wild. Article | 08 Sep 2010
-
Microsoft issues advisory on DLL load hijacking flaw
Software giant addresses application vulnerability after remote attack vector surfaces. Article | 23 Aug 2010
- See More: News on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps. Tip
-
Enterprise PDF attack prevention best practices
Malicious PDF exploits are at an all-time high. Should enterprises dump PDFs altogether? Expert Michael Cobb answers that question and offers his key enterprise PDF attack prevention tactics. Tip
-
Improving software with the Building Security in Maturity Model (BSIMM)
Learn about the Building Security in Maturity Model (BSIMM), a software security framework that emphasizes attack models, software security testing, code review and compliance policies. Also, does your company have a software security group (SSG)? Tip
-
Distributed denial-of-service protection: How to stop DDoS attacks
In this tip, which is a part of our Web Application Attacks Security Guide, you will learn what a distributed denial-of service (DDoS) attack is, and learn how to stop and prevent DDoS attacks by using intrusion prevention technologies and products. Tip
-
Preventing and stopping SQL injection hack attacks
In this tip, which is a part of our Web Application Attack Security Guide, you will learn methods, tools and best practices for preventing, avoiding and stopping SQL injection hack attacks. Tip
-
Prevent cross-site scripting hacks with tools, testing
In this tutorial, learn how to prevent cross-site scripting (XSS) attacks, how to avoid a hack, and how to fix vulnerabilities and issues with cross-site scripting prevention tools, system and application testing and several other defense and prevent... Tip
-
How to stop buffer-overflow attacks and find flaws, vulnerabilities
In this tip, which is part of our Web Application Attack Security Guide, learn how to stop buffer-overflow attacks from infiltrating your systems and learn how to find buffer-overflow flaws and vulnerabilities with protection and defense methods and ... Tip
-
Black box and white box testing: Which is best?
There's no question that testing application security is essential for enterprises, but which is better: black box security testing or white box security testing? Learn more in this expert tip. Tip
-
PCI management: The case for Web application firewalls
Expert Michael Cobb lays out the compliance and security benefits of Web application firewalls. Tip
-
Vulnerability test methods for application security assessments
Learn what to do when you have a huge portfolio of potentially insecure applications, limited resources and an overwhelming sense of urgency. Tip
- See More: Tips on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention
The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response. Answer
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits. Answer
-
Why it's important to turn on DEP and ASLR Windows security features
In the quest for application security, many developers are disabling or incorrectly implementing two important Windows security features. In this expert response, Michael Cobb explains why ASLR and DEP should always be turned on. Ask the Expert
-
Should black-box, white-box testing be used together?
Learn why black-box, white-box testing should be used together when searching for Web application code vulnerabilities. Ask the Expert
-
Adobe Acrobat Reader security: Can patches be avoided?
Security expert Michael Cobb counters recent advice from Fiserv not to install Adobe Reader patches and says these updates are vital to security and must trump user functionality. Ask the Expert
-
SANS Top 25 programming errors: Application security best practices
Learn the SANS Top 25 programming errors and the best practices for application security. Ask the Expert
-
How to detect input validation errors and vulnerabilities
Expert John Strand reviews how to spot input validation flaws on your websites. Ask the Expert
-
How to secure SSL following new man-in-the-middle SSL attacks
Man-in-the-middle SSL attacks at Black Hat D.C. exposed a flaw in the https structure, so how can you avoid such an attack at your enterprise? Find out in Mike Chapple's expert response. Ask the Expert
-
How to secure a website containing badware (banner82)
In an expert Q&A, John Strand reviews how SQL injection attacks can lead to banner82 attacks and a "badware" label for your website. Ask the Expert
- See More: Expert Advice on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
JavaScript hijacking
JavaScript hijacking is a technique that an attacker can use to read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML)... (Continued) Word
-
dictionary attack
A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key necessary to decrypt an e... Word
-
cache poisoning (domain name system poisoning or DNS cache poisoning)
Word
-
directory harvest attack (DHA)
Word
-
SYN flooding
Word
-
stack smashing
Stack smashing is causing a stack in a computer application or operating system to overflow. Word
-
ping of death
Word
-
cyberterrorism
Word
-
distributed denial-of-service attack (DDoS)
On the Internet, a distributed denial-of-service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. Word
- See More: Definitions on Application Attacks (Buffer Overflows, Cross-Site Scripting)
-
Exploit Intelligence Project: Rethinking information security threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
-
Balancing security and performance: Protecting layer 7 on the network
This video will explain options for securing application-layer traffic using network security technologies, architectures and processes, including Layer 7 switches, firewalls, IDS/IPS, NBAD and more. Video
-
Defending against Internet security threats and attacks
From buffer overflows to cross-site scripting, Web threats are many. Security researchers at Information Security Decisions 2008 discuss how to keep enterprises safe from these attacks (part 2 of 4). Video
-
Dangerous applications: Time to ban Internet Explorer, Adobe in the enterprise?
CSIS says five dangerous applications are to blame for 99% of malware. Is it time to ban Internet Explorer, Flash and the others in the enterprise? Answer
-
Exploit Intelligence Project: Rethinking information security threat analysis
Information security threat analysis is fundamentally flawed, said Dan Guido of iSEC Partners. He says the Exploit Intelligence Project hopes to change that. Video
-
Internet Explorer 8 XSS filter: Setting the bar for cross-site scripting prevention
The Internet Explorer 8 XSS filter can assist in cross-site scripting prevention. Michael Cobb explains how it works in this expert response. Answer
-
application blacklisting
Application blacklisting, sometimes just referred to as blacklisting, is a network administration practice used to prevent the execution of undesirable programs. Such programs include not only those known to contain security threats or vulnerabiliti... Definition
-
How to use OWASP Broken Web Apps to prevent vulnerabilities
OWASP Broken Web Apps allows pen testers to attack applications that are intentionally insecure to hone their skills at securing their own apps. Tip
-
Free Web application vulnerability scanners to secure your apps
Expert Michael Cobb points to several free Web application vulnerability scanners to help prevent SQL injection or XSS exploits. Answer
-
New GrayWolf tool sheds light on Microsoft .NET application security
Black Hat 2011: A free Microsoft .NET application security tool helps programmers reverse-engineer .NET applications to manipulate and control them. News
-
Cross-site scripting vulnerability discovered in Adobe Flash Player
Adobe issued an update Sunday repairing the Flash Player flaw in the wake of targeted email attacks attempting to exploit the flaw. News
-
Information security book excerpts and reviews
Visit the Information Security Bookshelf for book reviews and free chapter downloads. Information Security Book
-
Software code analysis firm gives security vendors poor marks
The latest study of application code by Veracode found many applications submitted by software makers are of “unacceptable security quality.” News
- See More: All on Application Attacks (Buffer Overflows, Cross-Site Scripting)
About Application Attacks (Buffer Overflows, Cross-Site Scripting)
Hackers have moved away from the operating system and are now concentrating much of their efforts on applications. Get the best news and information on recognizing vulnerabilities and defending against Web application and Web 2.0 attacks and threats such as buffer overflows and cross site scripting, denial-of service (DOS) attacks and SQL injections.