Web Application Security

MUST READ Web Application Attacks Learning Guide LEARNING GUIDE - This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them.

VIDEO: 1 - 3 of 4

	WASC Web Honeypot Project enters next phase SearchSecurity.com | 30 Jul 2009 VIDEO - Ryan Barnett of Breach Security and leader of the WASC Honeypot Project talks about phase three of the project, which uses an open proxy server to analyze Web attack data.

	PCI compliance requirement 6: Systems and applications SearchSecurity.com | 01 Jun 2009 VIDEO - Diana Kelley and Ed Moyle of Security Curve review PCI compliance requirement 6: "Develop and maintain secure systems and applications."

	Defending against Internet security threats and attacks SearchSecurity.com | 24 Dec 2008 VIDEO - From buffer overflows to cross-site scripting, Web threats are many. Security researchers at Information Security Decisions 2008 discuss how to keep enterprises safe from these attacks (part 2 of 4).

	VIEW ALL VIDEO ON WEB APPLICATION SECURITY

NEWS: 1 - 3 of 122

	InZero Systems launches hardware-based security gateway SearchSecurity.com | 17 Nov 2009 ARTICLE - New InZero gateway uses hardware to halt malware by separating the endpoint from the network and isolating desktop software.

	Web application vulnerability assessment shows patching progress SearchSecurity.com | 12 Nov 2009 ARTICLE - White Hat founder and CEO Jeremiah Grossman said more improvements are needed, but companies can learn from firms taking website security seriously.

	Cisco acquires SaaS security vendor ScanSafe SearchSecurity.com | 27 Oct 2009 ARTICLE - Move complements Cisco line of IronPort appliances by offering customers Web security gateway services in the cloud.

	VIEW ALL NEWS ON WEB APPLICATION SECURITY

EXPERT TECHNICAL ADVICE: 1 - 3 of 95

WEB APPLICATION SECURITY EXPERTS
			Michael Cobb, featured expert Founder and Managing Director, Cobweb Applications Ltd. ASK A QUESTION

	Using unique device identification for bank website security 08 Dec 2009 TIP - Almost everyone has been asked a password challenge question on a website. Learn how to prevent identity fraud with unique device identification.

	Black box and white box testing: Which is best? 18 Nov 2009 TIP - There's no question that testing application security is essential for enterprises, but which is better: black box or white box security testing? Learn more in this expert tip.

	Preventing SQL injection attacks: A network admin's perspective 03 Nov 2009 TIP - Your database administrators should certainly be following best practices to avoid SQL injections, but network admins can do their part to fight the security exploits, too.

	VIEW ALL EXPERT TECHNICAL ADVICE ON WEB APPLICATION SECURITY

REFERENCE & LEARNING: 1 - 3 of 16

	Information security book excerpts and reviews SearchSecurity.com | 07 Dec 2009 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Quiz: Could you detect an application attack? SearchSecurity.com | 10 Jul 2006 SECURITY QUIZ - Test your application security awareness, review common application attacks and learn how to improve application layer logging to detect and protect against these attacks.

	Web Application Attacks Learning Guide SearchSecurity.com | 11 May 2006 LEARNING GUIDE - This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them.

	VIEW ALL REFERENCE & LEARNING ON WEB APPLICATION SECURITY

MAGAZINE CONTENT (free subscription required): 1 - 3 of 17

	Choosing the right Web application firewall Information Security Magazine | 05 Mar 2009 FEATURES - PCI DSS is requiring companies to buy Web application firewalls. We'll show how you how to pick the WAF that's right for you.

	How to Secure Cloud Computing Information Security Magazine | 05 Mar 2009 FEATURES - On-demand computing services can save large enterprises and small businesses a lot of money, but security and regulatory compliance become difficult.

	Product Review: Cenzic Hailstorm Enterprise ARC 5.7 Information Security Magazine | 10 Jan 2009 HOT PICK & PRODUCT REVIEWS - Web application security has moved from a niceto- have to a must-have requirement, for data protection and compliance. Cenzic's Hailstorm, which we last reviewed in 2005, reflects the growth in the depth and maturity of Web ...

	VIEW ALL MAGAZINE CONTENT ON WEB APPLICATION SECURITY

WEBCASTS: 1 - 1 of 1

Simplify Your Security Decision - Vendor Webcast VIEW WEBCAST PREMIERED:   05 OCT 2004, 12:00 EDT (16:00, GMT) SUMMARY:   Today's security threats are more sophisticated, frequent and dangerous than ever before. Traditional antivirus and firewall point products are no longer capable of providing adequate protection. Learn how to simplify this decision with a unified, proactive approach to internet security.

	VIEW ALL WEBCASTS ON WEB APPLICATION SECURITY

DEFINITIONS: 1 - 3 of 12

	JavaScript hijacking 20 Jun 2007 WORD - JavaScript hijacking is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML). Nearly all ...

	threat modeling 14 Feb 2006 WORD - Threat modeling is a procedure for optimizing network security by identifying objectives and vulnerabilities, and then defining countermeasures to prevent, or mitigate the effects of, threats to the system. In this context, a ...

	dictionary attack 21 Apr 2005 WORD - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key ...

	VIEW ALL DEFINITIONS ON WEB APPLICATION SECURITY

	SEE ALSO - Topics Related to Web Application Security:  Web Server Threats and Countermeasures, Web Browser Security, Web Services Security and SOA Security, Web Application and Web 2.0 Threats