Web Security

Last Updated on 19 July 2013, Total: 48 White Papers

10 The Unofficial Web Hack FAQ
11 The World Wide Web Security FAQ
11 WWW Security
  1. Web Services - The Technology and its Security Concerns

    The technology behind Web Services, how the system is made available to the user, and the way connections are made to back-end (and therefore sensitive) data... Read More

  2. What are Web Applications?

    A high level view of the typical methods and architectures for deployment of web applications... Read More

  3. What is SQL Injection?

    SQL Injection is a hacking technique which attempts to pass SQL commands through a web application for execution against a backend database... Read More

  4. Best Security Practice: Host Naming & URL Conventions

    An attacker uses many methods to mount a successful attack. How you name your outword facing hosts, and your URL names can make life easier for the attacker... Read More

  5. The Importance of Web Application Scanning

    Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. Web applications are proving to be the weakest link in overall corporate security, even though companies have left no stone unturned in installing the better-known network security and anti-virus solutions. Quick... Read More

  6. The Pharming Guide

    Exploiting well known flaws in DNS services and the way in which host names are resolved to IP addresses, Phishers have upped the ante in the cyber war for control of a customer’s online identity for financial gain. A grouping of attack vectors now referred to as “Pharming”, affects the fundamental way in which a customer’s computer locates and connects... Read More

  7. Second-order Code Injection: Advanced Code Injection Techniques and Testing Procedures

    Many forms of code injection (for instance cross-site scripting and SQL injection) rely upon the instantaneous execution of the embedded code to carry out the attack (e.g. stealing a user's current session information or executing a modified SQL query). In some cases it may be possible for an attacker to inject their malicious code into a data storage area that... Read More

  8. How A Security Specialist Fell Victim To Attack

    These days, I write several pages for our site plus two to three articles per week. For the most part, articles are re-published without you even knowing. You typically find out when someone visits your site from another where the article has been posted. Other times, the site that plans on posting the article e-mails you and asks you to... Read More

  9. Attacking the DNS Protocol

    DNS is the most widely used protocol on the Internet yet many security professionals do not have a full understanding of the many weaknesses which surround it which are needed for Penetration Testing and day to day security. In this paper we highlight basic and advanced DNS attacks... Read More

  10. Mask Your Web Server for Enhanced Security

    Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection... Read More

Featured Links