Get started

Internet Application Security

• SQL injection

  A SQL injection (SQLi) is a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a Web form input box in order to gain access to unauthorized resources or make changes to sensitive data. Continue Reading

• The developer's crash course to the application network

  Developers, we get it; you don't want to deal with the network. But hear us out, as a basic understanding of subnets, VPNs and IP addresses boost app stability and performance. Continue Reading

• LDAP injection

  LDAP injection is a type of security exploit that is used to compromise the authentication process used by some websites. Websites that construct Lightweight Directory Access Protocol (LDAP) statements from data provided by users are vulnerable to ... Continue Reading

• Security testing basics: Fending off hackers and crackers

  It's critical to apply security testing into your app, as cybersecurity affects everyone. Testing before production can help prevent attacks. Expert Gerie Owen explains further. Continue Reading

• Software security testing: Where to start

  For those of us new to software security testing, it can be an intimidating field of study. Where do the veterans suggest we begin? Continue Reading

• Definitions to Get Started

  • SQL injection
  • LDAP injection
  • session hijacking (TCP session hijacking)
  • content spoofing

  • cross-site tracing (XST)
  • SSI injection
  • OS commanding
  • XPath injection

  View All Definitions

• Testing web services with soapUI

  In this article, Mike Kelly details the finer points of web services testing using soapUI.Continue Reading

• Security lesson: Beating web application security threats

  Explore the importance of Web application testing processes and find suggestions on best practices with a webcast on scanning and testing Web application security, a podcast on security testing and a tip on Web application best practices in this ...Continue Reading

• Web application security and the PCI DSS

  Software security should be integrated into the software development lifecycle at every phase. While the PCI DSS doesn't account for all of this, here are some tips to get you started on a holistic approach toward security.Continue Reading

• Application threats: CSRF, injection attacks and cookie replay

  Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. ...Continue Reading

• session hijacking (TCP session hijacking)

  Session hijacking, also known as TCP session hijacking, is a method of taking over a Web user session by surreptitiously obtaining the session ID and masquerading as the authorized user... (Continued)Continue Reading

• content spoofing

  Content spoofing is a type of exploit used by a malicious hackers to present a faked or modified Web site to the user as if it were legitimate.Continue Reading

• cross-site tracing (XST)

  Cross-site tracing (XST) is a sophisticated form of cross-site scripting (XSS) that can bypass security countermeasures already put in place to protect against XSS... (Continued)Continue Reading

• SSI injection

  SSI injection is a form of attack that can be used to compromise Web sites that contain SSI (server-side include) statements... (Continued)Continue Reading

• OS commanding

  OS commanding is a method of attacking a Web server by remotely gaining access to the operating system (OS) and then executing system commands through a browser... (Continued)Continue Reading

• XPath injection

  XPath injection is an attack targeting Web sites that create XPath queries from user-supplied data... (Continued)Continue Reading