New Articles @ SecurityFocus

From: Alfred Huger (ah@securityfocus.com)
Date: Thu Jul 17 2003 - 15:36:07 EDT

• Next message: morning_wood: "Re: Know such a web's server tool?"
• Previous message: Chad Schieken: "RE: Vuln scan tool for web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Penetration Testing for Web Applications (Part Two)
by Jody Melbourne and David Jorm

 Our first article in this series covered user interaction with Web
applications and explored the various methods of HTTP input that are most
commonly utilized by developers. In this second installment we will be
expanding upon issues of input validation - how developers routinely,
through a lack of proper input sanity and validity checking, expose their
back-end systems to server-side code-injection and SQL-injection attacks.
We will also investigate the client-side problems associated with poor
input-validation such as cross-site scripting attacks.

http://www.securityfocus.com/infocus/1709

Honeytokens: The Other Honeypot
by Lance Spitzner, www.tracking-hackers.com

The purpose of this series of honeypot papers is to cover the breadth of
honeypot technologies, values and issues. I hope by now readers are
beginning to understand that honeypots are an incredibly powerful and
flexible technology. They have multiple applications to security,
everything from simplified detection to advanced information gathering.
Today we extend the capabilities of honeypots even further by discussing
honeytokens. Honeytokens are everything a honeypot is, except they are not
a computer.

http://www.securityfocus.com/infocus/1713

---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.

KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

• Next message: morning_wood: "Re: Know such a web's server tool?"
• Previous message: Chad Schieken: "RE: Vuln scan tool for web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:36 EDT