Application threats: CSRF, injection attacks and cookie replay

---

With Web applications making the 2006 SANS top 20 internet security attack targets list, it behooves us to concentrate on Web exploits. Web application exploits come in a variety of forms. There are a few that stand out: XSS, for example. But what about XSRF, which is only recently garnering the press is deserves? There are comparatively little resources for less famous exploits. But less famous does not mean less common. XSRF is positively everywhere. This learning guide includes tips, articles, white papers and expert advice on exploits that don't yet make the headlines. If you know of an article, tip, tool or method that should be included, send me an e-mail with the information and I'll be happy to add it. – Jennette Mullaney, assistant editor.

TABLE OF CONTENTS   Cross-site request forgery   Injection attacks   SSI injection   LDAP injection   XPath injection   Cookie replay   Other Useful Resources

Cross-site request forgery (XSRF)

[Return to Table of Contents]
This exploit goes by many names. Its two abbreviations, CSRF and XSRF, can stand either for cross-site request forgery or cross-site reference forgery. Even more confusing, the term session riding is sometimes used to describe this attack. What's certain, though, is that cross-site request forgery is a nasty, incredibly common vulnerability. And that's true no matter what you call it.

• Definition: cross-site request forgery
• Expert response: Cross-site request forgery: How this Web exploit works
• Article: CSRF vulnerability: A 'sleeping giant'
• Overview: Cross-site request forgery
• White paper: Cross Site Reference Forgery: An introduction to a common Web application weakness
• Article: Security Corner: Cross-site request forgeries
• Article: You know about XSS. How about XSRF/CSRF?
• Article: Session riding
• Article: Cross-site request forgery
• Article: Cross site request forgery
• Article: Cross-site request forgeries

Injection Attacks

[Return to Table of Contents]
Everyone knows about SQL injection, but injection attacks are by no means exclusive to SQL. Injection attacks have many similarities and some major differences. The following is a collection of general tips and profiles of three injection attacks you might not be aware of.

• Tip: Malicious code injection: It's not just for SQL anymore
• Q&A: One simple rule to make your Web apps more secure
• Podcast: Injection attacks -- Knowledge and prevention
• Tip: The importance of input validation
• Book excerpt: Hacking Exposed Web Applications -- Input Validation Attacks

SSI injection

[Return to Table of Contents]

• Definition: SSI injection
• Threat classification: SSI injection
• Podcast: What is SSI injection?
• IT Knowledge Exchange: What is SSI injection

LDAP injection

[Return to Table of Contents]

• Definition: LDAP injection
• Expert response: How to avoid LDAP injection in J2EE apps
• White paper: LDAP Injection: Are your Web applications vulnerable?
• Threat classification: LDAP injection
• Article: OWASP Guide to Building Secure Web Applications and Web Services: Authentication
• Article: Preventing LDAP injection in Java
• Overview: LDAP injection
• Blog: LDAP injection overview
• Article: LDAP injection

XPath injection

[Return to Table of Contents]

• Definition: XPath injection
• Expert Response: Understanding XPath injection
• Expert Response: What is XPath injection?
• Article: XML injection
• Article: XPath injection testing
• White paper: Blind XPath Injection
• Article: XPath injection in XML databases
• Article: Mitigating XPath injection attacks in .NET, in XML
• Tip: Manage XML data sets for security
• Article: Does XML give away the keys to the warehouse?

Cookie replay

[Return to Table of Contents]
Cookies contain sensitive information, and when they fall into the wrong hands they can do serious damage.

• Definition: cookie
• Tip: How to secure session tokens
• Definition: session hijacking
• Definition: transient cookie
• Definition: session ID
• Definition: session prediction
• Definition: session replay
• Article: The FormsAuthentication.SignOut method does not prevent cookie reply attacks in ASP.NET applications
• Article: Understand how the ASP.NET Cookieless feature works
• White paper: A Secure Cookie Protocol
• Article: 'Cookie' and 'Cookieless' state management options

Other useful resources

[Return to Table of Contents]

Expert advice on application security activities Do you have a question about application security attacks? Our Application Security Activities expert Jeff Williams may have the answer. Read advice he has given or submit your own questions.

• Article: OWASP Guide to Building Secure Web Applications and Web Services: Session Management
• Article: OWASP Guide to Building Secure Web Applications and Web Services: Data Validation
• Book: Developers Guide to Web Application Security
• Book: Improving Web Application Security: Threats and Countermeasures

Send in your suggestions
Are there other topics you'd like to see learning guides on? Send assistant editor Jennette Mullaney an e-mail at jmullaney@techtarget.com and let her know what they are.