New Articles @ SecurityFocus

• Previous message: Chad Schieken: "RE: Vuln scan tool for web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Thu, 17 Jul 2003 13:36:07 -0600 (MDT)
To: pen-test@securityfocus.com

Penetration Testing for Web Applications (Part Two)
by Jody Melbourne and David Jorm

 Our first article in this series covered user interaction with Web
applications and explored the various methods of HTTP input that are most
commonly utilized by developers. In this second installment we will be
expanding upon issues of input validation - how developers routinely,
through a lack of proper input sanity and validity checking, expose their
back-end systems to server-side code-injection and SQL-injection attacks.
We will also investigate the client-side problems associated with poor
input-validation such as cross-site scripting attacks.

http://www.securityfocus.com/infocus/1709

Honeytokens: The Other Honeypot
by Lance Spitzner, www.tracking-hackers.com

The purpose of this series of honeypot papers is to cover the breadth of
honeypot technologies, values and issues. I hope by now readers are
beginning to understand that honeypots are an incredibly powerful and
flexible technology. They have multiple applications to security,
everything from simplified detection to advanced information gathering.
Today we extend the capabilities of honeypots even further by discussing
honeytokens. Honeytokens are everything a honeypot is, except they are not
a computer.

http://www.securityfocus.com/infocus/1713

---------------------------------------------------------------------------
Your network Firewall and IDS products do not prevent Web application
exploits - the most common form of online attack - resulting in Web
defacement, data theft, sabotage and fraud.

KaVaDo is the first and only company that provides a complete and an
integrated suite of Web application security products, allowing you to
assess your entire environment, automatically set positive security
policies and maintain it without compromising business performance.

For more information on KaVaDo and to download a FREE white paper on Web
applications - security policy automation, please visit:
http://www.kavado.com/ad.htm
----------------------------------------------------------------------------

• Previous message: Chad Schieken: "RE: Vuln scan tool for web"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Active Directory/HIPPA Question ... The client ... > roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ... (microsoft.public.win2000.general) RE: New Whitepaper - "Second-order Code Injection Attacks" ... I make no claims that this a previously "undiscovered" security flaw. ... code injection into web applications. ... differentiate between the code injection attacks - and to explain their ... (Bugtraq) Re: Testing MS Security Patches? ... >implementing MS security updates on production systems. ... be to test those applications on which your business depends. ... Download the patch. ... (microsoft.public.security) Re: Active Directory/HIPPA Question ... roll out AD when their top priority this year is securing the applications ... Security is one of the biggest reasons. ... ESPECIALLY if you have 800 remote offices. ... >> I have a potential client who is mulling whether or not to invest a ton ... (microsoft.public.win2000.general) Re: Security ... >Patches for linux, or the kernel, or applications? ... the security of one OS against another, in absence of any other data. ... MS and Linux satisfy two mostly different niches in the computing world. ... Cedar Park TX 78613-1419 | WFTPD, WFTPD Pro are Windows FTP servers. ... (microsoft.public.security)