With Web applications making the 2006 SANS top 20 internet security attack targets list, it behooves us to concentrate on Web exploits. Web application exploits come in a variety of forms. There are a few
Requires Free Membership to View
When you register, you'll receive targeted emails designed to keep you informed of the most relevant information on Agile development, application security, testing & QA, software requirements, and more.
Hannah Smalltree, Editorial Director
that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. However,less famous does not mean less common. XSRF is positively everywhere. This learning guide includes tips, articles, white papers and expert advice on exploits that don't yet make the headlines. If you know of an article, tip, tool or method that should be included, send me an e-mail with the information and I'll be happy to add it. – Jennette Mullaney, assistant editor.
|
TABLE OF CONTENTS Cross-site request forgery Injection attacks SSI injection LDAP injection XPath injection Cookie replay Other Useful Resources |
| Cross-site request forgery (XSRF) |
[Return to Table of Contents]
This exploit goes by many names. Its two abbreviations, CSRF and XSRF, can stand either for cross-site request forgery or cross-site reference forgery. Even more confusing, the term session riding is sometimes used to describe this attack. What's certain, though, is that cross-site request forgery is a nasty, incredibly common vulnerability. And that's true no matter what you call it.
- Definition: cross-site request forgery
- Expert response: Cross-site request forgery: How this Web exploit works
- Article: CSRF vulnerability: A 'sleeping giant'
- Overview: Cross-site request forgery
- White paper: Cross Site Reference Forgery: An introduction to a common Web application weakness
- Article: Security Corner: Cross-site request forgeries
- Article: You know about XSS. How about XSRF/CSRF?
- Article: Session riding
- Article: Cross-site request forgery
- Article: Cross site request forgery
- Article: Cross-site request forgeries
| Injection Attacks |
[Return to Table of Contents]
Everyone knows about SQL injection, but injection attacks are by no means exclusive to SQL. Injection attacks have many similarities and some major differences. The following is a collection of general tips and profiles of three injection attacks you might not be aware of.
- Tip: Malicious code injection: It's not just for SQL anymore
- Q&A: One simple rule to make your Web apps more secure
- Podcast: Injection attacks -- Knowledge and prevention
- Tip: The importance of input validation
- Book excerpt: Hacking Exposed Web Applications -- Input Validation Attacks
| SSI injection |
- Definition: SSI injection
- Threat classification: SSI injection
- Podcast: What is SSI injection?
- IT Knowledge Exchange: What is SSI injection
| LDAP injection |
- Definition: LDAP injection
- Expert response: How to avoid LDAP injection in J2EE apps
- White paper: LDAP Injection: Are your Web applications vulnerable?
- Threat classification: LDAP injection
- Article: OWASP Guide to Building Secure Web Applications and Web Services: Authentication
- Article: Preventing LDAP injection in Java
- Overview: LDAP injection
- Blog: LDAP injection overview
- Article: LDAP injection
| XPath injection |
- Definition: XPath injection
- Expert Response: Understanding XPath injection
- Expert Response: What is XPath injection?
- Article: XML injection
- Article: XPath injection testing
- White paper: Blind XPath Injection
- Article: XPath injection in XML databases
- Article: Mitigating XPath injection attacks in .NET, in XML
- Tip: Manage XML data sets for security
- Article: Does XML give away the keys to the warehouse?
| Cookie replay |
[Return to Table of Contents]
Cookies contain sensitive information, and when they fall into the wrong hands they can do serious damage.
- Definition: cookie
- Tip: How to secure session tokens
- Definition: session hijacking
- Definition: transient cookie
- Definition: session ID
- Definition: session prediction
- Definition: session replay
- Article: The FormsAuthentication.SignOut method does not prevent cookie reply attacks in ASP.NET applications
- Article: Understand how the ASP.NET Cookieless feature works
- White paper: A Secure Cookie Protocol
- Article: 'Cookie' and 'Cookieless' state management options
| Other useful resources |
| Expert advice on application security activities Do you have a question about application security attacks? Our Application Security Activities expert Jeff Williams may have the answer. Read advice he has given or submit your own questions. |
- Article: OWASP Guide to Building Secure Web Applications and Web Services: Session Management
- Article: OWASP Guide to Building Secure Web Applications and Web Services: Data Validation
- Book: Developers Guide to Web Application Security
- Book: Improving Web Application Security: Threats and Countermeasures
Send in your suggestions
Are there other topics you'd like to see learning guides on? Send assistant editor Jennette Mullaney an e-mail at jmullaney@techtarget.com and let her know what they are.
This was first published in November 2006