Get started
Bring yourself up to speed with our introductory content.
Internet Application Security
SQL injection
A SQL injection (SQLi) is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box in order to gain access to unauthorized resources or make changes to sensitive data. Continue Reading
The developer's crash course to the application network
Developers, we get it; you don't want to deal with the network. But hear us out, as a basic understanding of subnets, VPNs and IP addresses boost app stability and performance. Continue Reading
LDAP injection
LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites. Websites that construct Lightweight Directory Access Protocol (LDAP) statements from data provided by users are vulnerable to ... Continue Reading
-
Security testing basics: Fending off hackers and crackers
It's critical to apply security testing into your app, as cybersecurity affects everyone. Testing before production can help prevent attacks. Expert Gerie Owen explains further. Continue Reading
Software security testing: Where to start
For those of us new to software security testing, it can be an intimidating field of study. Where do the veterans suggest we begin? Continue Reading
Testing web services with soapUI
In this article, Mike Kelly details the finer points of web services testing using soapUI.Continue Reading
Security lesson: Beating web application security threats
Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this ...Continue Reading
Web application security and the PCI DSS
Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security.Continue Reading
Application threats: CSRF, injection attacks and cookie replay
Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ...Continue Reading
session hijacking (TCP session hijacking)
Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user... (Continued)Continue Reading
-
content spoofing
Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.Continue Reading
cross-site tracing (XST)
Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS... (Continued)Continue Reading
SSI injection
SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements... (Continued)Continue Reading
OS commanding
OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser... (Continued)Continue Reading
XPath injection
XPath injection is an attack targeting Web sites that create XPath queries from user-supplied data... (Continued)Continue Reading