Home > Software Quality Featured Topic
EMAIL THIS
 Featured Topic:  XSS countermeasures
Last Updated: May 29, 2007 
If your Web application fails to validate user input, it could be vulnerable to cross-site scripting exploits. Use these resources to determine if your application is vulnerable and how to prevent XSS attacks. >> What is cross-site scripting?
>> Podcast -- How to prevent injection attacks
NEWS:
>> XSS leads OWASP's Top 10 for 2007 (SearchSoftwareQuality.com) 25 May 2007
>> XSS the top vulnerability in most Web applications in Q1 (SearchSoftwareQuality.com) 29 May 2007
>> Google patches XSS vulnerability (CNet) 16 Jan 2007
>> XSS worm strikes GaiaOnline (SecuriTeam Blog) 04 Jan 2007
>> The dangers of PDF documents (Gnucitizen) 03 Jan 2007
>> Web application attacks dominate IT landscape (eWeek) 25 Sep 2006
>> Cross-site scripting: Attackers' new favorite flaw (Dark Reading) 14 Sep 2006
>> Web application security for small businesses (SearchAppSecurity.com) 11 Dec 2006
ADVICE:
>> Anatomy of an XSS hack
TIP :Follow these steps to determine if your Web applications are vulnerable to XSS (cross-site scripting) attacks.
>> Cross-site scripting: Intro to XSS
TIP :Cross-site scripting vulnerabilities abound. James Michael Stewart gives an overview of XSS.
>> XSS prevention in Java
ASK THE EXPERTS :How do I prevent XSS in Java?
>> Guarding against XSS in ASP.NET
ASK THE EXPERTS :How do I protect against cross-site scripting (XSS) attacks in ASP.NET?
>> Input Validation Attacks -- Chapter 6, Hacking Exposed Web Applications, Second Edition
TIP :Input validation routines help defend against attacks such as buffer overflow, directory traversal, XSS and SQL injection. ...
>> The importance of input validation
TIP :Web applications are vulnerable if you don't practice input validation. Learn how to prevent application attacks such as ...
>> Web app security tools and products find source code vulnerabilities
TIP :Web application security depends upon good coding and good security products. This tip sorts through some of the methods you ...
>> Using fuzzer tools to find vulnerabilities
ASK THE EXPERTS :What are "fuzzing" tools and what do they do? If hackers are using them, can they be used for security?
>> Cross-site tracing explained
ASK THE EXPERTS :I have some understanding of cross-site scripting, but what about cross-site tracing? How do I protect against this attack?
LEARNING TOOLS:
>> Five application security threats and how to counter them
>> Top 10 Web application security vulnerabilities

Digg This!    StumbleUpon Toolbar StumbleUpon    Bookmark with Delicious Del.icio.us   


RELATED CONTENT
Building security into the SDLC (Software development life cycle)
Problems caused by skipping analysis stage of SDLC
Inexpensive phase of SDLC to catch and fix bugs
GatherSpace beefs up cloud-based requirements management
ALM: Best of breed vs. complete systems
Software development life cycle phases, iterations, explained step by step
The role of quality assurance (QA) pros in software security
Common software security risks and oversights
Why the quality assurance department should be involved in testing
How to develop secure applications
Secure software development practices 'not rocket science'

Threat modeling
Web application security and the PCI DSS
The essentials of Web application threat modeling
How to implement security in Java EE and Java ME
Application security shouldn't involve duct tape, Band-Aids or bubble gum
Stop SQL injection attacks on applications
Breaking the same origin barrier of JavaScript
Protection against "zero-minute" exploits
Denial of service and Ajax
CSRF attack vector with Ajax serialization
Application security in 2007: What you need to know

RELATED RESOURCES
2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems
Search Bitpipe.com for the latest white papers and business webcasts
Whatis.com, the online computer dictionary

> Web application testing techniques
> Automated software testing pros and cons
> The importance of integrating security into the SDLC
> Stop SQL injection attacks on applications
> Uncover application security flaws using tools
View full list of Featured Topics

About Us  |  Contact Us  |  For Advertisers  |  For Business Partners  |  Site Index  |  RSS
SEARCH 
TechTarget provides technology professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective purchase decisions and managing their organizations' technology projects - with its network of technology-specific websites, events and online magazines.

TechTarget Corporate Web Site  |  Media Kits  |  Site Map




All Rights Reserved, Copyright 2006 - 2009, TechTarget | Read our Privacy Policy 		  TechTarget - The IT Media ROI Experts