Although traditional firewalls have effectively prevented network-level attacks, most future attacks will be at the application level, where current security mechanisms are woefully inadequate. Application-level security vulnerabilities are inherent in a Web application’s code, regardless of the technology in which the application is implemented or the security of the Web server and backend database on which it is built. A recent advisory published by Internet Security Systems (see the “Internet Resources” sidebar, p. 44) claims that 11 widely deployed shopping cart applications are vulnerable to a simple attack that lets hackers pur- chase goods for much less than their listed price. Worryingly, the attack does not require particular technical skill; it suffices to save the shopping cart’s HTML confirmation form to disk, use a text editor to modify the price of the goods (stored in a hidden form field), and load the HTML form back into the browser.
Read the rest of this entry »
Information and communication technologies continue to pervade our lives in various aspects which include health, education, entertainment and ecommerce. People need to be able to trust computer systems as the dependence on them increases. The Trustworthy Computing vision (CRA, 2003) refers to computer systems that are intuitive, controllable, reliable and predictable and that ensure availability and security. Secure cod- ing is not trivial and poor code security management may leave the developed web application vulnerable to attack or turn the application into a launch pad for serious attacks.
Read the rest of this entry »
Most Internet servers sit behind firewalls and use detection scripts to send alerts when break?ins are attempted. Some system administrators even run software to detect portscanners and denial?of?service attempts. However, many system administrators still overlook security problems in CGI scripts and web applications.
Read the rest of this entry »
The most striking technology application in this century is the impact of web on the human life. The current period has witnessed the increased use of web to a greater extent and the Web 2.0 has made the cyberspace as the global information space. Web 2.0 is a collection of technologies and services that allow increased user-creator interaction, content syndication, advancements in web-based user interfaces, which ultimately lead to the creation of an entirely new application platform.
Read the rest of this entry »
Web 2.0 – user-generated content, rich user interfaces and co-operative, dynamic services – has also brought with it a new and extremely virulent breed of ‘Malware 2.0’. A key motivation for this study is the link between Web 2.0 and the increase in ‘drive-by’ malware infections requiring no intervention or awareness on the part of the user. To give some idea of the threat posed, a Scansafe report analysing malware trends reports that risks from compromised websites increased 407% in the year to May 2008.
Read the rest of this entry »
Fingerprinting is an age old concept and one that adds great value to assessment methodologies. There are several tools available for fingerprinting operating systems (nmap), Web servers (httprint), devices, etc. Each one of these tools uses a different method – inspecting the TCP stack, ICMP responses, HTTP responses. With this evolution of Web 2.0 applications that use Ajax extensively, it is important to fingerprint Ajax tools, framework or library used by a particular web site or a page. This paper describes the method of doing Ajax fingerprinting with a simple prototype serving as an example.
Read the rest of this entry »
This paper details various security concerns and risks associated with web 2.0 technologies such as Asynchronous Java script and XML (AJAX), Syndication, aggregation and notification of data in RSS or Atom feeds, mashups created by merging content from different sources. This paper also describes the security implications leading with the usage of web 2.0 technologies such as AJAX, RSS, and Mashups. Increase in application functionality leading to the emerging new web technologies (web 2.0). These new web technologies open more avenues to security threats to the online applications and users. Efficient protection mechanisms should be considered when dealing with web 2.0 technologies usage.
Read the rest of this entry »
To combat these new threats one needs to look at different strategies as well. In this paper we shall look at different approaches and tools to improve security posture at both, the server as well as browser ends. Listed below are the key learning objectives:
• The need for Ajax fingerprinting and content filtering.
• The concept of Ajax fingerprinting and its implementation in the browser using XHR.
• Processing Ajax fingerprints on the Web server.
• Implementation using ModSecurity for Apache
• Strengthening browser security using HTTP response content filtering of untrusted information directed at the browser in the form of RSS feeds or blogs.
• Web application firewall (WAF) for content filtering and defense against Cross-Site Scripting (XSS)
Read the rest of this entry »
Categories
Archives
- October 2009
- September 2009
- August 2009
- July 2009
- June 2009
- May 2009
- April 2009
- March 2009
- February 2009
- January 2009
- December 2008
- November 2008
- October 2008
- September 2008
- August 2008
- July 2008
- June 2008
- May 2008
- April 2008
- March 2008
- February 2008
- January 2008
- December 2007
- November 2007
- October 2007
- September 2007
- August 2007
- July 2007
Today's Search Terms:
- downloads vista explodida carburador honda gx 160 - maya tutorial of animation character - maya tutorial of animation character - diesel engine service guide - free pdf parts catalog - bmw owners manual online - vw beetle 2002 service manual - Hyundai Sonata Haynes Repair Manual free - Ethernet Cable Wiring Diagram - hardware free ebook - Autocad 2008 español GRATIS - baixar antivirus em java para nokia n 95 gratis - cod4 jeep mod - 2003 honda crf 450 torque specifications - how to change rear wheel bearing vw jetta - parallels desktop 4 manual - cod2 hacks - Volvo S60 Repair Service Manual Software - actionscript 3 0 em pdf - 2007 toyota tacoma ATF - entity framework tutorial ebook - suzuki hayabusa gsx1300r - 2005 Toyota Tacoma Prerunner Repair Manual - renault radio bedienungsanleitung pdf - vw golf 5 tdi service - ford galaxy online manual - honda motorcycle owners manual download free - renault laguna repair manual pdf - download vw beetle workshop manual - bmw r 1150 r katalog pdfMost Popular
- iPod shuffle User's Guide (Manual)
- Renault Workshop Repair Manual PDF
- VolksWagen Golf and Jetta Routine Maintenance and Servicing Manual
- VolksWagen Golf & Jetta Service and Repair Manual
- Volkswagen Beetle Manual PDF
- Hacking the XBOX 360 for Noobs Tutorial
- VW Golf and Jetta Braking System PDF Manual
- Renault Workshop Repair Manual PDF
- VolksWagen Golf III / Jetta III Wiring Diagram Manual
- Renault All Types Service Manual PDF
Random Posts
- Using Clips Online in Microsoft Office Applications
- USER GUIDE LG 490 Guide d'Utilisation LG4 90
- Programming with gtkmm
- How to re-create a lost or corrupt MySQL Database using PHPMyAdmin
- ASP.NET Improvements in Visual Studio
- Setting up Microsoft Outlook to reject unsolicited email
- The Programming Contest Training Manual
- 2006 Audi TT Roadster 1.8T Technical Specifications Technical
- Honda Customs 2006 PDF Manual
- Apple Mac OS X v10.3.x Panther Security Configuration Guide Manual
Free Ebook Manual Download is proudly powered by WordPress - BloggingPro theme by: Design Disease
