Advanced Search Register Login Members Calendar New Listings

submit Actions
submit Category Stats
Subcategories: 3
Listings: 13 (16 counting subcategories)
Regular: 13
Last listing added: 05/14/10

Web Security

Attack Prevention » Web Security

Subcategories

Apache
IIS
Web Proxy
Web Application Security: Don't Bolt It On, Build It In
The only way to succeed against Web application attacks is to build secure and sustainable applications from the start. Yet, many businesses find they have more Web applications and vulnerabilities than security professionals to test and remedy them
URL Encoded Attacks - Attacks using the common web browser
This document aims to enlighten developers and security administrators on the issues associated with URL encoded attacks. It is also important to note that many of the encoding methods and security implications are applicable to any application accepting data from a client system.
Second-order Code Injection: Advanced Code Injection Techniques and Testing Procedures
In some cases it may be possible for an attacker to inject their malicious code into a data storage area that may be executed at a later date or time. Depending upon the nature of the application and the way the malicious data is stored or rendered, the attacker may be able to conduct a second-order code injection attack.
Authentication and Session Management on the Web
This paper looks at the security concerns specific to websites that have a secure area where users can login. For much of the paper we use the example of Acme Enterprises, a fictitious company that sells generic goods by mail order. The company already has a basic website that provides a catalogue of its products.
Domain Footprinting for Web Applications and Web Services
Performing web application or web services assessment with zero level knowledge for clients can be a daunting task for the web analyst. It is important to locate and footprint all critical domains running web applications or web services. This paper focuses on domain footprinting and discusses a complete approach to identify and footprint all possible domains running web applications or web services.
Programming: The Heart of Web Security
Information and data transmission system security holds a place of ever-growing importance in today's world. The expansion of the Web has provided businesses with an ideal platform for introducing and promoting their products and services. The range of possibilities open to hackers is expanding to the point that certain business fundamentals, in particular confidentiality and integrity, are being challenged. Let us now review the reasons why such security problems have arisen, the stakes involved, and some examples of possible security flaws.
The Risk of Application Attacks Securing Web Applications
According to statistics from CERT (an independent body specializing in information security), the number of successful, that is to say declared, attacks continues to grow: up 60% in 2002, and expected to grow around 80% in 2003. A simple reading of these numbers shows that protection mechanisms deployed by companies are not discouraging attempts by hackers. Far from it.
Designing and Implementing Secure Web Services
This paper presents the key issues associated with designing and deploying highly secure applications for corporate customers over standard web protocols and proposes a number of practical solutions for dealing with these issues.
Document Security in Web Applications
Organizations publish information online including confidential data. Data is rendered in varied formats
Security Best Practice: Host Naming & URL Conventions
This paper discusses a few simple best practices that organizations can use to easily strengthen the security of their environments against many attacks and make it much more difficult for an attacker to confuse customers or clients.
Anti Brute Force Resource Metering
Resource metering through client-side computationallu intensive "electronic payments" can provide an alternative strategy in defending against brute force guessing attacks. This whitepaper discusses how such a solution works and the security advantages it can bring.
How bad are the bad guys? The changing nature of Web security threats
This paper considers some of the Web-related issues that might arise for individuals, and emerging or longer term threats that you may want to keep in mind when modernising or extending your security infrastructure. At the same time, security protections are evolving to meet such needs. Here we also consider what solutions are available and how to start deploying such new levels of protection.
AppSec - Protecting Your Web Apps: Two Big Mistakes and 12 Practical Tips
Increasingly, computer attackers are exploiting flaws in Web applications, exposing enterprises to significant threats, including Personally Identifiable Information breaches and uploads of malware onto vulnerable corporate Websites for distribution to customer browsers. Many of these Web application vulnerabilities are a direct result of improper input validation and output filtering, which leads to numerous kinds of attacks, including cross-site scripting (XSS), SQL injection, command injection, buffer overflows and many others. This article describes some of the best defenses against such attacks, which every Web application developer should master.
Search for in