Penetration Testing for Web Applications (Part Two) by Jody Melbourne and David Jorm Our first article in this series covered user interaction with Web applications and explored the various methods of HTTP input that are most commonly utilized by developers. In this second installment we will be expanding upon issues of input validation - how developers routinely, through a lack of proper input sanity and validity checking, expose their back-end systems to server-side code-injection and SQL-injection attacks. We will also investigate the client-side problems associated with poor input-validation such as cross-site scripting attacks. http://www.securityfocus.com/infocus/1709 Honeytokens: The Other Honeypot by Lance Spitzner, www.tracking-hackers.com The purpose of this series of honeypot papers is to cover the breadth of honeypot technologies, values and issues. I hope by now readers are beginning to understand that honeypots are an incredibly powerful and flexible technology. They have multiple applications to security, everything from simplified detection to advanced information gathering. Today we extend the capabilities of honeypots even further by discussing honeytokens. Honeytokens are everything a honeypot is, except they are not a computer. http://www.securityfocus.com/infocus/1713 --------------------------------------------------------------------------- Your network Firewall and IDS products do not prevent Web application exploits - the most common form of online attack - resulting in Web defacement, data theft, sabotage and fraud. KaVaDo is the first and only company that provides a complete and an integrated suite of Web application security products, allowing you to assess your entire environment, automatically set positive security policies and maintain it without compromising business performance. For more information on KaVaDo and to download a FREE white paper on Web applications - security policy automation, please visit: http://www.kavado.com/ad.htm ----------------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Thu Jul 17 2003 - 12:41:48 PDT