- Articles
- Authors
- Blogs
- ISA Server Articles
- Links
- Message Boards
- Newsletter
- RSS
- Security Tests
- Services
- Software
- White Papers
Network Security Library
Network Security Library / Web Security
- Web Services - The Technology and its Security Concerns
- Date - May 16, 2007
- The technology behind Web Services, how the system is made available to the user, and the way connections are made to back-end (and therefore sensitive) data.
- What are Web Applications?
- Date - Dec 13, 2006
- A high level view of the typical methods and architectures for deployment of web applications.
- What is SQL Injection?
- Date - Dec 06, 2006
- SQL Injection is a hacking technique which attempts to pass SQL commands through a web application for execution against a backend database.
- Best Security Practice: Host Naming & URL Conventions
- Date - Jul 12, 2006
- An attacker uses many methods to mount a successful attack. How you name your outword facing hosts, and your URL names can make life easier for the attacker.
- The Importance of Web Application Scanning
- Date - Oct 26, 2005
- Organizations need a Web application scanning solution that can scan for security loopholes in Web-based applications to prevent would-be hackers from gaining unauthorized access to corporate applications and data. Web applications are proving to be the weakest link in overall corporate security, even though companies have left no stone unturned in installing the better-known network security and anti-virus solutions. Quick to take advantage of this vulnerability, hackers have now begun to use Web applications as a platform for gaining access to corporate data.
- The Pharming Guide
- Date - Aug 31, 2005
- Exploiting well known flaws in DNS services and the way in which host names are resolved to IP addresses, Phishers have upped the ante in the cyber war for control of a customer’s online identity for financial gain. A grouping of attack vectors now referred to as “Pharming”, affects the fundamental way in which a customer’s computer locates and connects to an organisations online offering. Enabling the Pharmer to reach wider audiences with less probability of detection than their Phishing counterparts, pharming attacks are capable of defeating many of the latest defensive strategies used customer and online retailer alike. This paper, extending the original material of “The Phishing Guide”, examines in depth the workings of the name services of which Internet-based customers are dependant upon, and how they can be exploited by Pharmers to conduct identity theft and financial fraud on a massive scale.
- Second-order Code Injection: Advanced Code Injection Techniques and Testing Procedures
- Date - Jul 20, 2005
- Many forms of code injection (for instance cross-site scripting and SQL injection) rely upon the instantaneous execution of the embedded code to carry out the attack (e.g. stealing a user's current session information or executing a modified SQL query). In some cases it may be possible for an attacker to inject their malicious code into a data storage area that may be executed at a later date or time. Depending upon the nature of the application and the way the malicious data is stored or rendered, the attacker may be able to conduct a second-order code injection attack.
- How A Security Specialist Fell Victim To Attack
- Date - Jun 08, 2005
- These days, I write several pages for our site plus two to three articles per week. For the most part, articles are re-published without you even knowing. You typically find out when someone visits your site from another where the article has been posted. Other times, the site that plans on posting the article e-mails you and asks you to review it before it goes live. Two weeks ago, I received one of these e-mails. It was all downhill from there.
- Attacking the DNS Protocol
- Date - Nov 28, 2003
- DNS is the most widely used protocol on the Internet yet many security professionals do not have a full understanding of the many weaknesses which surround it which are needed for Penetration Testing and day to day security. In this paper we highlight basic and advanced DNS attacks.
- Mask Your Web Server for Enhanced Security
- Date - May 30, 2003
- Masking or anonymizing a Web server involves removing identifying details that intruders could use to detect your OS and Web server vendor and version. This information, while providing little or no utility to legitimate users, is often the starting place for crackers, blackhat hackers and "script kiddies". This article explores some ways you can minimize the risk of such detection.
- Session Fixation Vulnerability in Web-based Applications
- Date - Dec 20, 2002
- Many web-based applications employ some kind of session management to create a user-friendly environment. Sessions are stored on server and associated with respective users by session identifiers (IDs). To prevent attackers hijacking users' identities by obtaining session IDs, web servers are employing techniques for protecting session IDs from three classes of attacks: interception, prediction and brute-force attacks. This paper reveals a fourth class of attacks against session IDs: session fixation attacks.
- Securing your Web server
- Date - Oct 16, 2002
- Make sure your site is secure from prying eyes and malicious intent.
- Security Issues in WWW
- Date - Oct 16, 2002
- Looks like FAQ with links.
- Web Spoofing
- Date - Oct 16, 2002
- How it works and how to defend from it.
- NetCard - A Practical Electronic Cash System
- Date - Apr 11, 2002
- The Bumpy Road of Electronic Commerce
- Date - Apr 11, 2000
Network Security Library topic
| [ | 26 | ] | Anti Spam | [ | 12 | ] | Anti Virus | [ | 44 | ] | Auditing |
| [ | 60 | ] | Auth. & Access Control | [ | 3 | ] | Content Management | [ | 103 | ] | Cryptography |
| [ | 12 | ] | Disaster Recovery | [ | 36 | ] | Firewalls & VPN's | [ | 6 | ] | Forensics |
| [ | 41 | ] | Harmless hacking book | [ | 1 | ] | Honeypots | [ | 14 | ] | Information Warfare |
| [ | 26 | ] | Intrusion Detection | [ | 7 | ] | Law | [ | 3 | ] | Managed Security Solutions |
| [ | 50 | ] | Misc | [ | 24 | ] | Mobile Code | [ | 32 | ] | NCSC&DoD Rainbow series |
| [ | 13 | ] | NetWare | [ | 31 | ] | Network Security | [ | 4 | ] | Patch Management |
| [ | 3 | ] | Phishing | [ | 38 | ] | Policy & Standards | [ | 25 | ] | Privacy |
| [ | 21 | ] | Software Engineering | [ | 2 | ] | Trojans | [ | 2 | ] | Underground |
| [ | 82 | ] | Unix Security | [ | 19 | ] | Web Security | [ | 39 | ] | Windows Security |
| [ | 6 | ] | Wireless Security |
Featured Links*
Become a WindowSecurity.com member!
Discuss your security issues with thousands of other network security experts. Click here to join!