Application Attacks (Buffer Overflows, Cross-Site Scripting)

MUST READ Web Application Attacks Learning Guide LEARNING GUIDE - This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. Quiz: Web application threats and vulnerabilities SECURITY QUIZ - This quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills. Automate SQL injection testing TIP - Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. Instead, run automated SQL injection tests.

NEWS: 1 - 3 of 127

	IronPort feature detects exploited websites SearchSecurity.com | 23 Sep 2008 ARTICLE - IronPort's cloud scanning feature classifies sites based on the risk they pose.

	SaaS startups enter Web security gateway market SearchSecurity.com | 04 Aug 2008 ARTICLE - Web security vendors Zscaler Inc., Purewire Inc. enter growing Software as a Service (SaaS) space dominated by appliance vendors

	Microsoft warns of attacks against Microsoft Access zero-day flaw SearchSecurity.com | 07 Jul 2008 ARTICLE - Microsoft is investigating active attacks against its Snapshot Viewer ActiveX control for Microsoft Access.

	VIEW ALL NEWS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

EXPERT TECHNICAL ADVICE: 1 - 3 of 50

APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING) EXPERTS
			John Strand ASK A QUESTION

	How can an enterprise-wide network remain resilient against denial-of-service (DoS) attacks? 16 Jul 2008 EXPERT ANSWER - Denial-of-service (DoS) attacks are often associated only with one type of flood attack, but there are many to look out for. Information security threats expert John Strand weighs in.

	New defenses for automated SQL injection attacks 12 Jun 2008 TIP - By automating SQL injection attacks, hackers have found a way to expedite the process of finding and exploiting vulnerable websites. The old defenses may not be enough.

	Are social networking sites an easy target for malicious hackers? 10 Jul 2008 EXPERT ANSWER - With the rise of social networking giants like MySpace and Facebook, it makes sense that there would also be a rise in malware to attack them.

	VIEW ALL EXPERT TECHNICAL ADVICE ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

REFERENCE & LEARNING: 1 - 3 of 20

	Information security book excerpts and reviews SearchSecurity.com | 22 May 2008 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Network-based attacks By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - The second tip in our series, "How to assess and mitigate information security threats".

	VIEW ALL REFERENCE & LEARNING ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

WEBCASTS: 1 - 3 of 6

How to Defend Your Organization from Web-Based Threats while Hackers Move into Business Mode - Vendor Webcast VIEW WEBCAST PREMIERED:   16 NOV 2006, 12:00 EST (17:00, GMT) SUMMARY:   This webcast takes a glance ahead at the types of threats expected in 2007, what you can expect and how to be prepared to meet the challenge of these evolving threats. Prepare your company to defend against future web and hacker threats and attend this webcast today.

	Web-Borne Attacks: Security Audits Expose the Silent Threat to Corporate Networks - Vendor Webcast VIEW WEBCAST PREMIERED:   23 MAY 2006, 14:00 EDT (18:00, GMT) SUMMARY:   Check out this webcast and discover effective strategies to defend Web-based threats and protect your company's valuable data.

	Aware Defense: Trends in Spyware, Adware, and Potentially Unwanted Applications - Vendor Webcast VIEW WEBCAST PREMIERED:   11 MAY 2006, 14:00 EDT (18:00, GMT) SUMMARY:   Join Peter Firstbrook, Gartner Research Director, as he examines the latest trends and issues in spyware, adware and potentially unwanted applications (PUAs).

	VIEW ALL WEBCASTS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

DEFINITIONS: 1 - 3 of 13

	JavaScript hijacking 20 Jun 2007 WORD - JavaScript hijacking is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML). Nearly all ...

	cache poisoning 03 May 2005 WORD - Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. ...

	dictionary attack 21 Apr 2005 WORD - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key ...

	VIEW ALL DEFINITIONS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

	SEE ALSO - Topics Related to Application Attacks (Buffer Overflows, Cross-Site Scripting):  Mobile Code