Web App Security 7/2011

Web App Security

Web App Security

  • Latest News From the IT Security World
    By Armando Romeo, eLearnSecurity and ID Theft Protect
  • Mummies still walk among us!
    By Ali Al-Shemery
    Imagine all the great sources of information on the Internet today such as: news groups, blogs, websites and forums, and you still see networks, and websites being hacked and torn down using old hacking techniques. For God sake, isn’t that a walking mummy? The author in amusing way describes why it is so important to keep the knowledge updated and why attacking new system with old techniques still works. Read the true, didactic and full of sense of humor story.
  • Firestarter: Starter toyour Firewall
    By Mervyn Heng
    The firewall is the first line of defense on the network perimeter and end points. Firewalls are the gatekeepers to facilitate the flow of necessary traffic to and from assets. The author in his article focuses on the best practices when setting up a host-based firewall on a Ubuntu 10.4 LTS laptop. He describes how the host-based firewalls allow all traffic by default to offer users with immediate access to networks and the Internet and how network-based firewalls interestingly employ the opposite tactic as their default rule is to deny all.
  • HTTP Parameter Pollution Vulnerabilities in Web Applications
    By Marco Balduzzi, Luca Carettoni, Stefano Di Paola
    Is your web application protected against HTTP Parameter Pollution? A new class of injection vulnerabilities allows attackers to compromise the logic of the application to perform client and server-side attacks. HPP can be detected and avoided. But how? This article discusses why and how applications may be vulnerable to HTTP Parameter Pollution. By analyzing different attacking scenarios, The authors of this article introduce the HPP problem. They describe PAPAS, the system for the detection of HPP flaws, and conclude by giving the different countermeasures that conscious web designers may adopt to deal with this novel class of injection vulnerabilities.
  • Does your BlackBerry smartphone have ears?
    By Yury Chemerkin
    The smartphone becomes the most popular gadget all over the world. Undoubtedly, compactness, convenience and PCs’ functional capabilities have been winning modern users’ hearts. People may think that Internet surfing is safer with their favorite smartphone than by PCs and that the privacy loss risk is minimized, however analytical statistics show the opposite. From this article we will find out why every BlackBerry is vulnerable to multiple network attacks and how it is that address book provides a spam-attack vector. The author explains also how deceptions may mislead Blackberry users to compromise security and what makes the DMTF signalling a possible covert channel.
  • Web Testing Using Active and Passive Scanners
    By Ric Messier
    Website creation has become so simple that just anyone can do it. This doesn’t mean that everyone can do it well. There are so many frameworks and tools available to make dynamic sites easy to put up quickly. The author of this article shows how to scan systems using both an active and a passive Web proxy. He also explains the differences between active and passive scanning and points out the reasons why doing regular site scanning can’t be overvalued.
  • Web Applications: Access Control and Authorization Issues
    By Nilesh Kumar
    This article is about different kinds of Access Control mechanisms and issues with them in Web Applications. Where sufficient authorization checks are lacking, access controls may be abused by the logged-in user. The impact can be catastrophic. Improper access control handling may result in information leakage or worse unauthorized access to system components. The article helps to imagine what will happen if a normal user is able to access the contents meant only for a system administrator. The author describes a few scenarios of where authorization checks are not performed correctly and shows what their impact could be.
  • Web Applications: Testing and Securing Your Code
    By Joe Pezzino, Phil Rusek
    With the high demand for applications and information, companies have made data readily and easily available. Web applications, to keep in touch with friends, download music, or order a new espresso machine, are used so commonly you seldom think about how the information is presented to you. From this article you will find out how to test and secure your web applications. The authors will share with also you their knowledge why the best practice against SQL Injection is to write a code that stores procedures and prepared statements.
  • An overview of Web Application Security Issues
    By Julian Evans
    Web application security is very much in its infancy – some security experts believe this is going to be a major emerging area of technology. Nowadays web apps are more complex and are based on a client-server architecture. This architecture is evolving and we see web apps such as Google Apps acting as a word processor, storing the files and allowing you to download the file onto your PC. Facebook and the social web have also moved into Web apps hence the recent coined phrase Web 3.0. This is the overview article in which author points out the most current issues in area of Web App security, such as: programming development, JavaScript API, AJAX programming, mobile security or Facebook app security and authentification.
  • Why are there So Many Command and Control Channels Part Two
    By Matt Jonkman
    In his last article Matt Jonkman wrote about Command and Control Channels, or CnCs. In this one he continues the topic of CnC channels and take up the discussion of the individual categories. He also describes some up to date examples of many of these cathegories out of the Emerging Threats Sandnet.
Web App Security 7/11 [Teaser]Web App Security 7/11 [Teaser] - Hakin9 Teasers 07/2011
Web App Security 7/11 [Teaser]

Follow the steps below to download the magazine:
  1. Register, accept the Disclaimer and choose subscription option.
    Attention!
    By choosing the Free Account option you will only be able to download the teaser of each issue.
  2. Verify your account using the verification link sent to your email address.
  3. Check the password sent on your email address and use it to log in.
  4. Click the download button to get the issue.

IMPORTANT: the registration on the website includes subscription to our newsletter.

You must be logged in to post a comment