0

WEB APP SECURITY 7/2011

Download
File
WEB_APP_SECURITY_Hakin9_07_20111.pdf
Please login or Register to access downloadables
Download
    • Latest News From the IT Security World
      By Armando Romeo, eLearnSecurity and ID Theft Protect

    • Mummies still walk among us! 
      By Ali Al-Shemery
      Imagine all the great sources of information on the Internet today such as: news groups, blogs, websites and forums, and you still see networks, and websites being hacked and torn down using old hacking techniques. For God sake, isn’t that a walking mummy? The author in amusing way describes why it is so important to keep the knowledge updated and why attacking new system with old techniques still works. Read the true, didactic and full of sense of humor story.

    • Firestarter: Starter toyour Firewall
      By Mervyn Heng
      The firewall is the first line of defense on the network perimeter and end points. Firewalls are the gatekeepers to facilitate the flow of necessary traffic to and from assets. The author in his article focuses on the best practices when setting up a host-based firewall on a Ubuntu 10.4 LTS laptop. He describes how the host-based firewalls allow all traffic by default to offer users with immediate access to networks and the Internet and how network-based firewalls interestingly employ the opposite tactic as their default rule is to deny all.

    • HTTP Parameter Pollution Vulnerabilities in Web Applications
      By Marco Balduzzi, Luca Carettoni, Stefano Di Paola
      Is your web application protected against HTTP Parameter Pollution? A new class of injection vulnerabilities allows attackers to compromise the logic of the application to perform client and server-side attacks. HPP can be detected and avoided. But how? This article discusses why and how applications may be vulnerable to HTTP Parameter Pollution. By analyzing different attacking scenarios, The authors of this article introduce the HPP problem. They describe PAPAS, the system for the detection of HPP flaws, and conclude by giving the different countermeasures that conscious web designers may adopt to deal with this novel class of injection vulnerabilities.

    • Does your BlackBerry smartphone have ears?
      By Yury Chemerkin
      The smartphone becomes the most popular gadget all over the world. Undoubtedly, compactness, convenience and PCs’ functional capabilities have been winning modern users’ hearts. People may think that Internet surfing is safer with their favorite smartphone than by PCs and that the privacy loss risk is minimized, however analytical statistics show the opposite. From this article we will find out why every BlackBerry is vulnerable to multiple network attacks and how it is that address book provides a spam-attack vector. The author explains also how deceptions may mislead Blackberry users to compromise security and what makes the DMTF signalling a possible covert channel.

    • Web Testing Using Active and Passive Scanners
      By Ric Messier
      Website creation has become so simple that just anyone can do it. This doesn’t mean that everyone can do it well. There are so many frameworks and tools available to make dynamic sites easy to put up quickly. The author of this article shows how to scan systems using both an active and a passive Web proxy. He also explains the differences between active and passive scanning and points out the reasons why doing regular site scanning can’t be overvalued.

    • Web Applications: Access Control and Authorization Issues
      By Nilesh Kumar
      This article is about different kinds of Access Control mechanisms and issues with them in Web Applications. Where sufficient authorization checks are lacking, access controls may be abused by the logged-in user. The impact can be catastrophic. Improper access control handling may result in information leakage or worse unauthorized access to system components. The article helps to imagine what will happen if a normal user is able to access the contents meant only for a system administrator. The author describes a few scenarios of where authorization checks are not performed correctly and shows what their impact could be.

    • Web Applications: Testing and Securing Your Code
      By Joe Pezzino, Phil Rusek
      With the high demand for applications and information, companies have made data readily and easily available. Web applications, to keep in touch with friends, download music, or order a new espresso machine, are used so commonly you seldom think about how the information is presented to you. From this article you will find out how to test and secure your web applications. The authors will share with also you their knowledge why the best practice against SQL Injection is to write a code that stores procedures and prepared statements.

    • An overview of Web Application Security Issues
      By Julian Evans
      Web application security is very much in its infancy – some security experts believe this is going to be a major emerging area of technology. Nowadays web apps are more complex and are based on a client-server architecture. This architecture is evolving and we see web apps such as Google Apps acting as a word processor, storing the files and allowing you to download the file onto your PC. Facebook and the social web have also moved into Web apps hence the recent coined phrase Web 3.0. This is the overview article in which author points out the most current issues in area of Web App security, such as: programming development, JavaScript API, AJAX programming, mobile security or Facebook app security and authentification.

    • Why are there So Many Command and Control Channels Part Two
      By Matt Jonkman
      In his last article Matt Jonkman wrote about Command and Control Channels, or CnCs. In this one he continues the topic of CnC channels and take up the discussion of the individual categories. He also describes some up to date examples of many of these cathegories out of the Emerging Threats Sandnet.

Download
File
WEB_APP_SECURITY_Hakin9_07_20111.pdf
Please login or Register to access downloadables
Download

April 19, 2022
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments
Get unlimited access

Become an Instructor

Become a Reviewer

Writing on Hakin9

LOOKING for a JOB in IT security?



© HAKIN9 MEDIA SP. Z O.O. SP. K. 2023
What certifications or qualifications do you hold?
Max. file size: 150 MB.
Please review your information and consent to the processing of your personal data.(Required)
What level of experience should the ideal candidate have?
What certifications or qualifications are preferred?
Please review your information and consent to the processing of your personal data.(Required)

Download Free eBook

Step 1 of 4

Name(Required)

We’re committed to your privacy. Hakin9 uses the information you provide to us to contact you about our relevant content, products, and services. You may unsubscribe from these communications at any time. For more information, check out our Privacy Policy.