Web Application Attacks Learning Guide

From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This guide explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them. As a bonus, this learning guide is also available as a PDF download.

TABLE OF CONTENTS
  Introduction to Web application attacks
  Buffer-overflow attacks
  Cross-site scripting attacks
  SQL injection attacks
  Denial-of-service attacks
  Other application attacks
  Web application security strategies
  More security learning resources
  Security IT Downloads

Introduction to Web application attacks

Return to Table of Contents

• Article: Spyware, application attacks to be biggest 2006 threats
• Quiz: Web application threats and vulnerabilities
• Technical paper: Know your enemy: Why your Web site is at risk, part 1
• Technical paper: Know your enemy: Why your Web site is at risk, part 2

Buffer-overflow attacks

Return to Table of Contents

• Glossary definition: Buffer-overflow
• Article: Drowning in buffer-overflow vulnerabilities
• Article: Buffer-overflow attacks: How do they work?
• Article: You can prevent buffer-overflow attacks
• Book chapter: Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflows
• Expert advice: How buffer-overflows vulnerabilities occur
• Expert advice: Using OS Security's OSsurance
• Technical tip: Defining and preventing buffer overflows

Cross-site scripting

Return to Table of Contents

• Glossary definition: Cross-site scripting
• Book chapter: Content Spoofing
• Technical tip: XSS - Are you aware you may be vulnerable
• Technical tip: Deal with cross-site scripting
• Technical tip: Securing Web apps against authenticated users

SQL Injection attacks

Return to Table of Contents

• Glossary definition: SQL injection
• Article: Automated SQL Injections: What your enterprise needs to know, Part 1
• Article: Automated SQL Injections: What your enterprise needs to know, Part 2
• Article: Raising risk prospects with a new SQL injection threat
• Book chapter: Under Siege: How SQL Server is Hacked
• Expert advice: Authenticating Web applications to SQL
• Technical tip: Preventing SQL Injections
• Technical tip: Defense tactics for SQL injection attacks
• Technical tip: Automate SQL injection testing
• Technical tip: Don't hide sensitive information in hidden form fields

Denial-of-service

Return to Table of Contents

• Glossary definition: Denial-of-service
• Glossary definition: Distributed denial-of-service attack
• Article: Grid computing and security uncertainties
• Expert advice: How to protect the network from the new strain of DoS attacks
• Technical tip: Block and reroute denial-of-service attacks
• Technical tip: How to repair a compromised VPN
• Technical tip: How to protect your company against cybercrime
• Webcast: Five common application-level attacks and the countermeasures to beat them

Other application attacks

Return to Table of Contents

• Book chapter: State-based attacks: Session management
• Expert advice: Binary over JPEG
• Expert advice: Web application variable manipulation
• Technical tip: Protect your Web site against path traversal attacks
• Technical tip: Avoid the hazards of unvalidated Web application input
• Technical tip: How to avoid authentication bypass attacks
• Technical tip: XML-based attacks and how to guard against them
• Technical tip: Improper error handling
• Technical tip: Evolution: Rise of the bots
• Technical tip: Five steps for beating back the bots
• Technical tip: Protecting the network from Web-based service attacks with defense-in-depth
• Technical tip: HTTP attacks: Strategies for prevention
• Webcast: Web attacks and how to defeat them

Web application security strategies

Return to Table of Contents

• Book chapter: Gaining access using application and operating system attacks
• Checklist: Checklist of known IIS vulnerabilities
• Checklist: Windows tools for investigating an attack
• Checklist: Essential fortification checklist
• Expert advice: How to develop an effective application security strategy
• Expert advice: How to prevent application attacks and reduce network vulnerabilities
• Expert advice: The pros and cons of application firewalls
• Expert advice: Application development best practices
• Technical tip: Web application isolation
• Technical tip: Six steps to securing your Web server
• Technical tip: Tips for securing Web-based applications
• Technical tip: Application firewall tips and tricks
• Technical tip: Best practices for pen testing Web applications
• Technical tip: Ten dos and don'ts for secure coding
• Technical tip: Static and dynamic code analysis: A key factor for application security success
• Webcast: Locking down Web applications
• Webcast: Tools for securing the software development lifecycle

More security learning resources

	SECURITY SCHOOL		LEARNING GUIDES		CHECKLISTS		GLOSSARY		ASK THE EXPERTS