Types of attacks

All-in-One Guides:Web application security -- How to prevent attacks

Types of attacks

Before you can protect your Web application, you need to know what you're protecting it from. Learn what attacks are most prevalent and the damage they can do.

Cross-site request forgery: CSRF or XSRF:

1 - 3 of 3

  • Cross-site request forgery: How this Web exploit works

    Ask the Expert -  Cross-site request forgery is a major threat to Web security, and most Web sites aren't equipped to handle this exploit. Expert Jeremiah Grossman explains how CSRF works.

  • Application threats: CSRF, injection attacks and cookie replay

    Learning Guide -  Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. But...

  • CSRF attack vector with Ajax serialization

    Tip -  Web 2.0 applications are increasingly at risk to cross-site request forgery (CSRF) attacks. Shreeraj Shah explains what those risks are and how you can prevent such attacks.

Cross-site scripting: XSS:

1 - 3 of 4

  • Jeremiah Grossman on the pervasive nature of XSS

    13 Jun 2007

    Interview -  Jeremiah Grossman, founder and chief technology officer of WhiteHat Security, talks about his new book, Cross Site Scripting Attacks: XSS Exploits and Defense; how developers and users can defend themselves against XSS; and the state of Web application...

  • Guarding against XSS in ASP.NET

    Ask the Expert -  Expert Dan Cornell explains how to use the tools available in ASP.NET to prevent cross-site scripting (XSS) attacks.

  • XSS prevention in Java

    Ask the Expert -  Cross-site scripting exploits can devastate Java apps. With XSS attacks on the rise, expert Ramesh Nagappan explains how to prevent these exploits in J2EE applications through proper input validation and other methods.

VIEW ALL IN THIS CATEGORY

SQL injection:

1 - 3 of 4

  • SQL injection: Secure your Web applications

    Tip -  SQL injection exploits wreak havoc on vulnerable Web sites. Expert Caleb Sima explains how to protect your applications against these popular and destructive injection attacks.

  • Ways to automate SQL injection testing

    Tip -  Manual testing for SQL injection requires much effort with little guarantee that you'll find every vulnerability. CISSP Kevin Beaver offers a better way: automated SQL injection testing.

  • Blind SQL injection attacks explained

    Tip -  Most security professionals know what SQL injection attacks are and how to protect their Web applications against them. But they may not know that their preventative measures may be leaving their applications open to blind SQL injection attacks. SQL...

VIEW ALL IN THIS CATEGORY

XPath injection:

1 - 3 of 3

  • How to prevent XPath injection

    Tip -  Parameterization and input validation are invaluable to application security. Which method is best for preventing XPath injection attacks? Chris Eng explains.

  • Malicious code injection: It's not just for SQL anymore

    Tip -  Injection attacks are ubiquitous, and SQL injection is only one version of the exploit. S.P.I. Dynamics' Bryan Sullivan describes these attacks and how to prevent them.

  • Understanding XPath injection

    Ask the Expert -  XPath injection is similar to SQL injection and other injection attacks, but this XML exploit has its own unique set of issues. Web services expert Rami Jaamour details how these exploits work -- and how you can avoid them.