|
|
2005
HTTP Request Smuggling
Released: June, 2005
Stopping Automated Attack Tools
Released: April, 2005
2004
Web Application Exposure to Risk: Raising Awareness to Build Confidence and Improve Security
Released: July, 2004
Blind XPath Injection
Released: May, 2004
Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, andaeRelated Topics
Released: March, 2004
Frequently Asked Questions on Web Application Security
Released: January, 2004
2003
Developing Secure Web Applications in Java Environments
Released: December, 2003
Manipulating
Microsoft SQL Server Using SQL Injection
Released: December, 2003
Introduction
to Database and Application Worms
Released: December, 2003
Real
World XSS
Released: December, 2003
Circumventing
Validation
Released: December, 2003
Web
Application Hacking: Exposing Your Backend
Released: November, 2003
SOAP
Web Services Attack? - Part1
The World Wide Web is being used increasingly for application-to-application
communication, thanks to programmatic interfaces known as web services.
In conjunction with current technology, web services are ideal for
companies clamoring to join the e-commerce revolution.
Released: November, 2003
The
Anatomy of Cross Site Scripting
Released: November, 2003
Blind
SQL Injection
Are Your Web Applications Vulnerable?
SQL Injection can deliver total control of your server to a hacker
giving them the ability to read, write and manipulate all data stored
in your backend systems!
Despite being remarkably simple to protect against, there are an
astonishing number of production systems connected to the Internet
“fixed” the problem by hiding error data from the users
but were left vulnerable to this type of attack!
Released: October, 2003
Advanced
cross site scripting and client automation
This paper discusses one method of exploiting POST variables vulnerable
to cross site scripting and secured areas protected by a temporary
session. Following a natural progression of the method of exploitation
I arrived at client automation, the forcing of a client to submit
a form in effect allowing an attacker to change settings for a client.
Released: October, 2003
Is
Your Site Being Hacked Without Your Knowledge?
Released: October, 2003
The
Cross Site Scripting FAQ
This is a FAQ covering Cross Site Scripting. This paper also provides
examples of practical cookie theft, along with public tools for
use with testing.
Released: August, 2003
Using
Binary Search with SQL Injection
Revised: August, 2003
Secure
Coding Practices for Microsoft .NET Applications
Revised: July, 2003
LDAP
Injection
Are Your Web Applications Vulnerable?
LDAP injection is the technique of exploiting web applications that
use client-supplied data in LDAP statements without first stripping
potentially harmful characters from the request.
The objective of this paper is to inform developers, system administrators
and security professionals about various techniques that could be
used to attack their applications.
Released: July, 2003
Cross-Site
Scripting
Are your web applications vulnerable?
Think of how often you receive an email with a hyperlink. Imagine
receiving a message with a link to your online banking site exclaiming
that you could win 200 dollars as part of a promotional push to
utilize the site. If you clicked the link, and logged into the site,
you could have revealed your logon information to a hacker…just
that easily.
Learn techniques that can be used to exploit a web application with
cross-site scripting, as we give suggestions on how to prevent such
vulnerabilities from existing within a web application.
Released: July, 2003
SQL
Injection
Are Your Web Applications Vulnerable?
SQL Injection can deliver total control of your server to a hacker
giving them the ability to read, write and manipulate all data stored
in your backend systems!
Released: July, 2003
Secure
shared hosting with IIS 5.0
This guide provides technical solutions, methodologies and a step-by-step
explanation on how to build secure IIS 5.0 servers. The aim of this
security guide is to help ISPs and IIS administrators to secure
their servers.
Released: July, 2003
Securing
PHP: Step-by-step
Released: June, 2003
Improving
Web Application Security: Threats and Countermeasures
This guide gives you a solid foundation for designing, building,
and configuring secure ASP.NET Web applications. Whether you have
existing applications or are building new ones, you can apply the
guidance to help you make sure that your Web applications are hack-resilient.
Released: June, 2003
Web
Application Security Assessment by Fault Injection and Behavior
Monitoring
Released: May, 2003
Writing
Secure ASP Scripts
Released: May, 2003
Securing
Apache: Step-by-Step
Released: May, 2003
Auditing
Web Site Authentication, Part One
Released: April, 2003
Prevention
of the OWASP Top-10 in Perl
A discussion of the OWASP Top 10 list in relation to the Perl programming
language.
Released: April, 2003
Developing Secure Web Applications Just Got Easier
Released: March, 2003
Security
at the Next Level
Are Your Applications Vulnerable?
What techniques are hackers using to exploit Web-based applications
and how can you protect your site? Unfortunately, most security
products available today cannot adequately examine the applications
that reside on your Web server! Yet these applications often provide
backend access to confidential data!
Released: February, 2002
Cross-Site
Tracing (XST)
New techniques and emerging threats to bypass current web security
measures using TRACE and XSS.
Released: January, 2003
PHP
and the OWASP Top Ten Security Vulnerabilities
Released: January, 2003
2002
Session
Fixation Vulnerability in Web-based Applications
Released: December, 2002
The
changing face of web security
Are we winning or losing the battle of web security? Read this white
paper backed by industry figures to ensure you are aware of the
facts.
Released: November, 2002
Bypassing
JavaScript Filters
The Flash! Attack
Released: August, 2002
Web
Application Forensics
Released: July, 2002
OWASP
- A Guide to Building Secure Web Applications
Released: June, 2002
More
Advanced SQL Injection
Released: June, 2002
Protecting
Web-Based Applications
A META Security Group White Paper
Released: June, 2002
Developing
Secure Web Applications
Released: June, 2002
Evolution
of Cross-Site Scripting Attacks
Released: May, 2002
Cross Site Scripting Explained
Released: May, 2002
Hacker
Repellent
Released: April, 2002
Hacking by
Cookie Poisoning
Released: April, 2002
Assessing
IIS Configuration Remotely
Released: March, 2002
Fingerprinting
Port 80 Attacks
A look into web server, and web application attack signatures: Part
Two.
Part two of "Fingerprinting port80 attacks". This paper
provides information on web application attack forensics that will
help you identify what an attacker might be doing. Part two covers
attacks that where not mentioned in the first paper.
http://www.cgisecurity.net/papers/fingerprinting-2.html
Released: March, 2002
OWASP
Top 10
Released: February, 2002
Hackproofing
Oracle Application Server
Released: February, 2002
The
World Wide Web Security FAQ
Released: February, 2002
Header
Based Exploitation
Web Statistical Software Threats
This paper helps describe an attack method often overlooked by programmers.
It explains how modification of HTTP headers can cause possible
system access, cookie theft/poisoning, tricked advertising, database
injection, and other bad things in web statistical software
Released: January, 2002
Advanced
SQL Injection
Released: January, 2002
Exploitation
of UNICODE Buffer Overflows
Released: January, 2002
Secure
Programming in PHP
Released: January, 2002
|
|
|