Results 1 to 4 of 4

Thread: Web security links

  1. May 21st, 2004, 08:17 AM #1
    jdenny
    jdenny is offline
    Senior Member
    Join Date
    Jul 2002
    Posts
    339

    Web security links

    Hi! I just found these great links (if you have more links please post them here).


    General web applications vulnerability
    For many web developers, this is their first experience with programming, much less with secure programming techniques, and they may not have a good mentor to guide them. An additional source of danger are browsers which try to compensate for what the browser believes is an error on the web page, thereby creating additional security vulnerabilities.

    Learn how to deal with the well-known web applications vulnerabilities here:
    http://ist-socrates.berkeley.edu:730...sec/index.html

    Cross Site Scripting vulnerability
    Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. Usually the attacker will encode the malicious portion of the link to the site in HEX (or other encoding methods) so the request is less suspicious looking to the user when clicked on. After the data is collected by the web application, it creates an output page for the user containing the malicious data that was originally sent to it, but in a manner to make it appear as valid content from the website.

    Learn how to deal with the well-known XSS vulnerabilities here:
    http://www.cgisecurity.com/articles/xss-faq.shtml

    SQL Injection vulnerability
    SQL Injection is simply a term describing the act of passing SQL code into an application that was not intended by the developer. In fact, much of the problems that allow SQL injection are not the fault of the database server per-se but rather are due to poor input validation and coding at other code layers.

    Learn how to deal with the well-known SQL injection vulnerabilities here:
    http://www.sqlsecurity.com/DesktopDefault.aspx?tabid=23


    Peace always,
    <jdenny>
    Always listen to experts. They\'ll tell you what can\'t be done and why. Then go and do it. -- Robert Heinlein
    I\'m basically a very lazy person who likes to get credit for things other people actually do. -- Linus Torvalds

    Reply With Quote Reply With Quote
  2. May 21st, 2004, 07:14 PM #2
    ac1d[YICS]
    ac1d[YICS] is offline
    Banned
    Join Date
    May 2004
    Posts
    23
    http://www.cse.msu.edu/~westrant/sym.../overflows.htm
    http://www.imperva.com/application_d...injection.html
    Reply With Quote Reply With Quote
  3. May 22nd, 2004, 01:49 PM #3
    el-half
    el-half is offline
    Senior Member
    Join Date
    Jun 2003
    Posts
    772
    How apache.org got defaced: http://www.wbglinks.net/pages/reads/...achedeface.txt

    Advanced Networking Security: http://secinf.net/info/unix/report.html
    The above sentences are produced by the propaganda and indoctrination of people manipulating my mind since 1987, hence, I cannot be held responsible for this post\'s content - me

    www.elhalf.com
    Reply With Quote Reply With Quote
  4. May 22nd, 2004, 09:57 PM #4
    mjk
    mjk is offline
    Senior Member
    Join Date
    Feb 2004
    Posts
    620
    W3C Security Resources
    SANS InfoSec Reading Room - Web Servers

    mjk
    Reply With Quote Reply With Quote
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules