All pages tagged with injection
Detection of SQL Injection and Cross-site Scripting Attacks
This article discusses techniques to detect SQL Injection and Cross Site Scripting (CSS) attacks against your networks. There has been a lot of discussion on these two categories of Web-based ...
Document added on May 22, 2011Detecting SQL Injection in Oracle
The main focus of this paper is to explore some simple techniques in extracting logging and trace data that could be employed for monitoring. The aim is to show the ...
Written by: Pete Finnigan and added on Feb. 12, 2011SQL Injection and Oracle, Part One
SQL injection techniques are an increasingly dangerous threat to the security of information stored upon Oracle Databases. These techniques are being discussed with greater regularity on security mailing lists, forums, ...
Written by: Pete Finnigan and added on April 18, 2011SQL Injection and Oracle, Part Two
This is the second part of a two-part article that will examine SQL injection attacks against Oracle databases. The first installment offered an overview of SQL injection and looked at ...
Written by: Pete Finnigan and added on April 29, 2011Penetration Testing for Web Applications (Part Two)
Our first article in this series covered user interaction with Web applications and explored the various methods of HTTP input that are most commonly utilized by developers. In this second ...
Document added on June 24, 2011Application Development Technology and Tools: Vulnerabilities and threat management with secure programming practices, a defense in-depth approach
This paper addresses the security challenges that exist due to programming flaws, and explains how simple programming practices can reduce the risks. The paper starts with a description of common ...
Written by: Vilas L Ankolekar and added on July 1, 2011Deploying a Secure Web Application: From a Coding Perspective
The purpose of this document is to give a developer a very detailed and reproducible guideline for the development of a typical web application. The focus will be on common ...
Document added on March 3, 2011SQL Injection: Modes of attack, defense, and why it matters
SQL injection attacks represent a serious threat to any database-driven site. The methods behind an attack are easy to learn and the damage caused can range from considerable to complete ...
Written by: Stuart McDonald and added on Jan. 17, 2011Blindfolded SQL Injection
Until today, exploiting SQL server injection attacks depended on having the Web Server return detailed error messages or having any other source of information. As a result, many security administrators ...
Written by: Ofer Maor and Amichai Shulman and added on June 10, 2011A Web Developer's Guide to Cross-Site Scripting
Cross-site scripting attacks are those in which attackers inject malicious code, usually client-side scripts, into web applications from outside sources. Because of the number of possible injection locations and techniques, ...
Written by: Steven Cook and added on May 30, 2011