-
Web application firewalls for security and regulatory compliance
If you’re not familiar with web application attacks, we covered them in detail in a previous column, available here. Also, the Open Web Application Security Project (OWASP) has an abundance of Web application security educational information available on its Web site, including the top 10 most prevalent web application attacks. Combating web application attacks with…
-
Rich data: the dark side to Web 2.0 applications
"All web applications allow some form of rich data, but that rich data has become a key part of Web 2.0. Data is "rich" if it allows markup, special characters, images, formatting, and other complex syntax. This richness allows users create new and innovative content and services. Unfortunately, richness affords attackers an unprecedented opportunity to…
-
The Cross-Site Request Forgery (CSRF/XSRF) FAQ
By Robert Auger v1.62 (Last Modified: 4/28/10) About What is Cross Site Request Forgery? Who discovered CSRF? What can be done with CSRF? Is CSRF and Cross-site Scripting the same thing? What are common ways to perform a CSRF attack? Is this vulnerability limited to browsers? Can applications using only POST be vulnerable? How do…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack