|Caleb Sima, CTO, SPI Dynamics|
SQL injection is widely recognized as one of the biggest threats to application security, but there isn't nearly as much concern over other injection attacks. LDAP injection, XPath injection and similar exploits are just as damaging and receive a fraction of the attention.
In this podcast, expert Caleb Sima, co-founder and CTO of SPI Dynamics Inc. and director of SPI Labs, discusses the various injection attacks, including cross-site scripting (XSS), and recommends tools to help secure your applications. Additionally, Caleb offers straightforward prevention techniques -- including one that prevents about 80% of all injection attacks.
The podcast may be downloaded here:
Injection attacks -- Knowledge and prevention
(To listen to the podcast now, left click on the link. To download it and save it for later, right click on it.)
A glossary of common injection attacks:
These tips and articles offer more information on this topic:
- Malicious code injection: It's not just for SQL anymore
- One simple rule to make your Web apps more secure
- OWASP Guide to Building Secure Web Applications and Web Services, Chapter 13: Interpreter Injection
This was first published in October 2006