Features

Features

Application attacks (buffer overflows, cross-site scripting)

• 5 application security threats and how to prevent them

  The most widely known application security threats are sometimes the most common exploits. Here is a list of the top app threats and their appropriate security responses.  Continue Reading

• CISSP online training: Software Development Security domain

  Spotlight article: Shon Harris explains the core concepts in the CISSP domain on software development security, including models, methods, database systems and security threats.  Continue Reading

• Information security book excerpts and reviews

  Visit the Information Security Bookshelf for book reviews and free chapter downloads.  Continue Reading

• Balancing the cost and benefits of countermeasures

  The final tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book "The Shortcut Guide to Protecting Business Internet Usage published by...  Continue Reading

• Network-based attacks

  The second tip in our series, "How to assess and mitigate information security threats," excerpted from Chapter 3: The Life Cycle of Internet Access Protection Systems of the book The Shortcut Guide to Protecting Business Internet Usage published ...  Continue Reading

• How to assess and mitigate information security threats

  Learn how to assess and mitigate information security threats, like rootkits, worms and Trojans in the tip series created in collaboration with Realtimepublishers and Dan Sullivan, author of The Shortcut Guide to Protecting Business Internet Usage.  Continue Reading

• Attacking Web authorization: Web authorization-Session token security

  This excerpt from Chapter 5: Attacking Web Authorization of "Hacking Exposed Web Applications, Second Edition," by Joel Scambray, Mike Schema and Caleb Sima provides authorization and session management technique best practices  Continue Reading

• State-based attacks: Session management

  In this excerpt from Chapter 4 of "How to Break Web Software: Functional and Security Testing of Web Applications and Web Services," authors Mike Andrews and James A. Whittaker identify session management techniques Web developers should use to ...  Continue Reading

• Content Spoofing

  This excerpt from "Preventing Web Attacks with Apache" explains how content spoofing attacks exploit vulnerabilities and how to use Apache to protect against them.  Continue Reading

• Gaining access using application and operating system attacks

  In this excerpt from Chapter 7 of Counter Hack Reloaded: A Step-by-Step Guide to Computer Attacks and Effective Defenses, Second Edition, authors Ed Skoudis and Tom Liston explain how security professionals can use exploit frameworks to their ...  Continue Reading

• Five common application-level attacks and the countermeasures to beat them

  This tip reviews five of the most common attacks against applications: injection vulnerabilities, cross-site scripting (XSS), broken authenticcationa nd session management, insecure direct object references and security misconfiguration. Michael ...  Continue Reading

• Hacking Windows: MSRPC vulnerabilities

  In this book excerpt, learn why attackers are drawn to MSRPC exploits when conducting IIS attacks, and the weaknesses in MSRPC that enterprises struggle to secure.  Continue Reading

• Thirteen website attacks that damage an enterprise's Web presence

  Many website attacks are potentially dangerous and can damage an organization's Web presence. Learn about the most common attacks and how they function.  Continue Reading