Feature

Web Application Attacks Learning Guide

This guide explains how Web application attacks occur, identifies Web application attacks, and provides Web application security tools and tactics to protect against them.

Published: 08 May 2006

From buffer-overflows to SQL injection, hackers have various techniques at their disposal to attack Web applications. This guide explains how Web application attacks occur, identifies common and obscure Web application attacks, and provides Web application security tools and tactics to protect against them. As a bonus, this learning guide is also available as a PDF download.

TABLE OF CONTENTS
   Introduction to Web application attacks
   Buffer-overflow attacks
   Cross-site scripting attacks
   SQL injection attacks
   Denial-of-service attacks
   Other application attacks
   Web application security strategies
   More security learning resources
   Security IT Downloads

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please log in.

You have exceeded the maximum character limit.

Please provide a Corporate Email Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

Introduction to Web application attacks

Return to Table of Contents

Article: Spyware, application attacks to be biggest 2006 threats
Quiz: Web application threats and vulnerabilities
Technical paper: Know your enemy: Why your Web site is at risk, part 1
Technical paper: Know your enemy: Why your Web site is at risk, part 2

Buffer-overflow attacks

Return to Table of Contents

Glossary definition: Buffer-overflow
Article: Drowning in buffer-overflow vulnerabilities
Article: Buffer-overflow attacks: How do they work?
Article: You can prevent buffer-overflow attacks
Book chapter: Exploiting Software: How to Break Code, Chapter 7 -- Buffer Overflows
Expert advice: How buffer-overflows vulnerabilities occur
Expert advice: Using OS Security's OSsurance
Technical tip: Defining and preventing buffer overflows

Cross-site scripting

Return to Table of Contents

Glossary definition: Cross-site scripting
Book chapter: Content Spoofing
Technical tip: XSS - Are you aware you may be vulnerable
Technical tip: Deal with cross-site scripting
Technical tip: Securing Web apps against authenticated users

SQL Injection attacks

Return to Table of Contents

Glossary definition: SQL injection
Article: Automated SQL Injections: What your enterprise needs to know, Part 1
Article: Automated SQL Injections: What your enterprise needs to know, Part 2
Article: Raising risk prospects with a new SQL injection threat
Book chapter: Under Siege: How SQL Server is Hacked
Expert advice: Authenticating Web applications to SQL
Technical tip: Preventing SQL Injections
Technical tip: Defense tactics for SQL injection attacks
Technical tip: Automate SQL injection testing
Technical tip: Don't hide sensitive information in hidden form fields

Denial-of-service

Return to Table of Contents

Glossary definition: Denial-of-service
Glossary definition: Distributed denial-of-service attack
Article: Grid computing and security uncertainties
Expert advice: How to protect the network from the new strain of DoS attacks
Technical tip: Block and reroute denial-of-service attacks
Technical tip: How to repair a compromised VPN
Technical tip: How to protect your company against cybercrime
Webcast: Five common application-level attacks and the countermeasures to beat them

Other application attacks

Return to Table of Contents

Book chapter: State-based attacks: Session management
Expert advice: Binary over JPEG
Expert advice: Web application variable manipulation
Technical tip: Protect your Web site against path traversal attacks
Technical tip: Avoid the hazards of unvalidated Web application input
Technical tip: How to avoid authentication bypass attacks
Technical tip: XML-based attacks and how to guard against them
Technical tip: Improper error handling
Technical tip: Evolution: Rise of the bots
Technical tip: Five steps for beating back the bots
Technical tip: Protecting the network from Web-based service attacks with defense-in-depth
Technical tip: HTTP attacks: Strategies for prevention
Webcast: Web attacks and how to defeat them

Web application security strategies

Return to Table of Contents

Book chapter: Gaining access using application and operating system attacks
Checklist: Checklist of known IIS vulnerabilities
Checklist: Windows tools for investigating an attack
Checklist: Essential fortification checklist
Expert advice: How to develop an effective application security strategy
Expert advice: How to prevent application attacks and reduce network vulnerabilities
Expert advice: The pros and cons of application firewalls
Expert advice: Application development best practices
Technical tip: Web application isolation
Technical tip: Six steps to securing your Web server
Technical tip: Tips for securing Web-based applications
Technical tip: Application firewall tips and tricks
Technical tip: Best practices for pen testing Web applications
Technical tip: Ten dos and don'ts for secure coding
Technical tip: Static and dynamic code analysis: A key factor for application security success
Webcast: Locking down Web applications
Webcast: Tools for securing the software development lifecycle

More security learning resources

	SECURITY SCHOOL		LEARNING GUIDES		CHECKLISTS		GLOSSARY		ASK THE EXPERTS

What is shellcode and how is it used?

cookie poisoning

buffer overflow

How to prevent buffer overflow attacks

Read more on Web software

What is shellcode and how is it used?

cookie poisoning

buffer overflow

How to prevent buffer overflow attacks