Application Attacks (Buffer Overflows, Cross-Site Scripting)

MUST READ Web Application Attacks Learning Guide LEARNING GUIDE - This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them. Quiz: Web application threats and vulnerabilities SECURITY QUIZ - This quiz will help you determine how knowledgeable you are about securing your Web apps and whether you need to hone your Web security skills. Automate SQL injection testing TIP - Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. Instead, run automated SQL injection tests.

NEWS: 1 - 3 of 114

	Yahoo, McAfee to warn users of dangerous websites SearchSecurity.com | 06 May 2008 ARTICLE - Websites suspected of spreading malicious programs or spamming and phishing campaigns will be highlighted in search results.

	SQL injection attack infects hundreds of thousands of websites SearchSecurity.com | 30 Apr 2008 ARTICLE - Security experts are watching massive numbers of automated SQL injection attacks from Chinese domains. Attackers use simple search engine queries to build a list of targets.

	HP customers vulnerable to software update tool flaw SearchSecurity.com | 29 Apr 2008 ARTICLE - Several flaws in HP Software Update could allow an attacker to read system information or gain access to a machine.

	VIEW ALL NEWS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

EXPERT TECHNICAL ADVICE: 1 - 3 of 44

APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING) EXPERTS
			Ed Skoudis Founder and Senior Security Consultant with Intelguardians ASK A QUESTION

	What are the dangers of cross-site request forgery attacks (CSRF)? 02 Apr 2008 EXPERT ANSWER - Ed Skoudis defines the threats posed by cross-site request forgery attacks (CSRF), and explains how they are similar and different from cross-site scripting attacks.

	Stopping malware in its tracks Submitted By: SearchSecurity.com | 11 Mar 2008 TIP - Expert Lenny Zeltser offers a malware-defense blueprint every enterprise can follow, plus plenty of free tools to help along the way.

	What is the most secure way for application developers to manage cookies? 11 Feb 2008 EXPERT ANSWER - Cookies hold data, such as user preferences and session tracking credentials. In this expert Q&A, Ed Skoudis explains how application developers can define and manage the cookies appropriately.

	VIEW ALL EXPERT TECHNICAL ADVICE ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

REFERENCE & LEARNING: 1 - 3 of 18

	Information security book excerpts and reviews SearchSecurity.com | 20 Sep 2006 INFORMATION SECURITY BOOKSHELF - Visit the Information Security Bookshelf for book reviews and free chapter downloads.

	Attacks targeted to specific applications By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - This is the fourth tip in our series, "How to assess and mitigate information security threats".

	Network-based attacks By Dan Sullivan, Realtimepublishers | 26 Jan 2007 BOOK CHAPTER - The second tip in our series, "How to assess and mitigate information security threats".

	VIEW ALL REFERENCE & LEARNING ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

WEBCASTS: 1 - 2 of 2

	Proactive Strategies for Securing your Network - Vendor Webcast VIEW WEBCAST PREMIERED:   15 DEC 2004, 09:00 EST (14:00, GMT) SUMMARY:   Find out how to implement solutions that can prevent or minimize network disruptions automatically, and help you quickly restore mission-critical services if a disruption does occur.

Simplify Your Security Decision - Vendor Webcast VIEW WEBCAST PREMIERED:   05 OCT 2004, 12:00 EDT (16:00, GMT) SUMMARY:   Today's security threats are more sophisticated, frequent and dangerous than ever before. Traditional antivirus and firewall point products are no longer capable of providing adequate protection. Learn how to simplify this decision with a unified, proactive approach to internet security.

	VIEW ALL WEBCASTS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

DEFINITIONS: 1 - 3 of 13

	JavaScript hijacking 20 Jun 2007 WORD - JavaScript hijacking is a technique that an attacker can use to masquerade as a valid user and read sensitive data from a vulnerable Web application, particularly one using Ajax (Asynchronous JavaScript and XML). Nearly all ...

	cache poisoning 03 May 2005 WORD - Cache poisoning, also called domain name system (DNS) poisoning or DNS cache poisoning, is the corruption of an Internet server's domain name system table by replacing an Internet address with that of another, rogue address. ...

	dictionary attack 21 Apr 2005 WORD - A dictionary attack is a method of breaking into a password-protected computer or server by systematically entering every word in a dictionary as a password. A dictionary attack can also be used in an attempt to find the key ...

	VIEW ALL DEFINITIONS ON APPLICATION ATTACKS (BUFFER OVERFLOWS, CROSS-SITE SCRIPTING)

	SEE ALSO - Topics Related to Application Attacks (Buffer Overflows, Cross-Site Scripting):  Mobile Code