
	Home > Web Application Attacks Learning Guide

Learning Guide:

EMAIL THIS

Web Application Attacks Learning Guide

11 May 2006 | SearchSecurity.com

Digg This!

StumbleUpon

Del.icio.us

From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This guide explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them. As a bonus, this learning guide is also available as a PDF download.

TABLE OF CONTENTS
   Introduction to Web application attacks
   Buffer-overflow attacks
   Cross-site scripting attacks
   SQL injection attacks
   Denial-of-service attacks
   Other application attacks
   Web application security strategies
   More security learning resources
   Security IT Downloads

Introduction to Web application attacks Return to Table of Contents

Article: Spyware, application attacks to be biggest 2006 threats

Quiz: Web application threats and vulnerabilities

Technical paper: Know your enemy: Why your Web site is at risk, part 1

Technical paper: Know your enemy: Why your Web site is at risk, part 2

Buffer-overflow attacks Return to Table of Contents

Glossary definition: Buffer-overflow

Article: Drowning in buffer-overflow vulnerabilities

Article: Buffer-overflow attacks: How do they work?

Article: You can prevent buffer-overflow attacks

Book chapter: Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflows

Expert advice: How buffer-overflows vulnerabilities occur

Expert advice: Using OS Security's OSsurance

Technical tip: Defining and preventing buffer overflows

Cross-site scripting Return to Table of Contents

Glossary definition: Cross-site scripting

Book chapter: Content Spoofing

Expert advice: How to prevent cross-site scripting

Technical tip: XSS - Are you aware you may be vulnerable

Technical tip: Deal with cross-site scripting

Technical tip: Securing Web apps against authenticated users

SQL Injection attacks Return to Table of Contents

Glossary definition: SQL injection

Article: Automated SQL Injections: What your enterprise needs to know, Part 1

Article: Automated SQL Injections: What your enterprise needs to know, Part 2

Article: Raising risk prospects with a new SQL injection threat

Book chapter: Under Siege: How SQL Server is Hacked

Expert advice: Authenticating Web applications to SQL

Technical tip: Preventing SQL Injections

Technical tip: Defense tactics for SQL injection attacks

Technical tip: Automate SQL injection testing

Technical tip: Don't hide sensitive information in hidden form fields

Technical tip: Preventing blind SQL injection attacks

Denial-of-service Return to Table of Contents

Glossary definition: Denial-of-service

Glossary definition: Distributed denial-of-service attack

Article: Grid computing and security uncertainties

Expert advice: How to protect the network from the new strain of DoS attacks

Technical tip: Block and reroute denial-of-service attacks

Technical tip: How to repair a compromised VPN

Technical tip: How to protect your company against cybercrime

Technical tip: Avoiding the scourge of DNS amplification attacks

Webcast: Five common application-level attacks and the countermeasures to beat them

Other application attacks Return to Table of Contents

Book chapter: State-based attacks: Session management

Book chapter: Attacking Web authorization: Web authorization-Session token security

Expert advice: Binary over JPEG

Expert advice: Web application variable manipulation

Expert advice: How to prevent input validation attacks

Technical tip: Protect your Web site against path traversal attacks

Technical tip: Avoid the hazards of unvalidated Web application input

Technical tip: How to avoid authentication bypass attacks

Technical tip: XML-based attacks and how to guard against them

Technical tip: Improper error handling

Technical tip: Evolution: Rise of the bots

Technical tip: Five steps for beating back the bots

Technical tip: Protecting the network from Web-based service attacks with defense-in-depth

Technical tip: HTTP attacks: Strategies for prevention

Technical tip: CRLF injection attacks: How they work and what to do about them

Webcast: Web attacks and how to defeat them

Web application security strategies Return to Table of Contents

Book chapter: Gaining access using application and operating system attacks

Checklist: Checklist of known IIS vulnerabilities

Checklist: Windows tools for investigating an attack

Checklist: Essential fortification checklist

Expert advice: How to develop an effective application security strategy

Expert advice: How to prevent application attacks and reduce network vulnerabilities

Expert advice: The pros and cons of application firewalls

Expert advice: Application development best practices

Technical tip: Web application isolation

Technical tip: Six steps to securing your Web server

Technical tip: Tips for securing Web-based applications

Technical tip: Application firewall tips and tricks

Technical tip: Best practices for pen testing Web applications

Technical tip: Ten dos and don'ts for secure coding

Technical tip: Static and dynamic code analysis: A key factor for application security success

Technical tip: Application logging is critical in detecting hack attacks

Webcast: Locking down Web applications

Webcast: Tools for securing the software development lifecycle

More security learning resources

SECURITY SCHOOL LEARNING GUIDES CHECKLISTS GLOSSARY ASK THE EXPERTS

Digg This! StumbleUpon Del.icio.us

RELATED CONTENT

Threat Management

Cybercrime reports: Security not broken, but breaking at the seams

Data losses set to soar, KPMG predicts

Screencast: How to gather host-level data with Network Miner

Appliance provides network access protection on school campus

Market Harborough Building Society finds way to monitor users' network traffic

'Phlashing' attacks

How to identify network attacks proactively

Stopping spam brings additional security benefits for cable company

Finjan offers free audits for crimeware sufferers

UTMs creep into the enterprise market, despite some resistance

Web Application Security

How to prevent clickjacking attacks with security policy, not technology

Finjan offers free audits for crimeware sufferers

Finance sector poor at achieving outsourcing success

How to prevent SQL Server and Internet Explorer hack attacks

Web browser exploits explained

Sophos adds browser and virtualisation blocking features

Web advertising exploits: Protecting Web browsers and servers

Hacker toolkit targets Microsoft Access zero-day

Hackers and phishers see charities as "soft targets"

Learning from bad security practices

RELATED GLOSSARY TERMS

Terms from Whatis.com − the technology online dictionary

Centre for the Protection of National Infrastructure (SearchSecurityUK.com)

Serious Organized Crime Agency (SearchSecurityUK.com)

RELATED RESOURCES

2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems

Search Bitpipe.com for the latest white papers and business webcasts

Whatis.com, the online computer dictionary

SEARCH

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organizations' IT projects - with its network of technology-specific Web sites, events and magazines.


TechTarget Corporate Web Site \| Media Kits \| Site Map All Rights Reserved, Copyright 2008 - 2009, TechTarget \| Read our Privacy Policy