|  Login
 
   
You are here  »  Blog Thursday, July 24, 2008
     
  
  
Books You Need
 
DotNetNuke For Dummies (For Dummies (Computer/Tech))
Paperback
Lorraine Young, Philip Beadle, Scott Willhite, Chris Paterra
2007-04-30 For Dummies
New $16.49
Used $8.10
Beginning DotNetNuke Skinning and Design (Programmer to Programmer)
Paperback
Andrew Hay, Shaun Walker
2007-11-05 Wrox
New $26.39
Used $4.05
1234567
SIGnificant Web

Internet Attack Types

Dec 4

Written by: host
Monday, December 04, 2006

XSS (Cross-Site Scripting)
Cross-site scripting is a relatively new category of attack. An attacker embeds information in a page that will be presented to other users and cause their browser to take action. Bulletin board-type applications most often exhibit this flaw, and stolen cookies tend to be the most used attack to exploit the vulnerability.

SQL Injection
An attacker is able to embed SQL commands within a command or request presented to the application. Instead of searching for a particular value, for example, an injection may cause the SQL server to return all values in a particular field.

Hidden Form Field Manipulation
Some HTML form elements are sent to the browser in hidden fields that clients can't change. A number of programs and methods tweak these hidden values; applications that trust such values are vulnerable.

Parameter Manipulation
Also called "command execution." Any time a parameter is passed directly from the Web application to a shell application, it may be possible to have arbitrary commands executed directly on the server.

Weak Session Cookies
A class of security flaw that includes any situation where cookies are predictable based on user names or other obvious information. Also refers to cookies that can be easily stolen from one application session and used elsewhere.

HTML Comments
Developers often add comments in HTML during testing and debugging, which may include such information as login information, backend server configuration, and so on. Unless these comments are suppressed or stripped out, they can be culled by would-be attackers.

Trackback Print
Location: Blogs SIG's Blogs Technology and the Internet
Tags:
 
We Specialize In
  • Portal & Community Building Sites
  • DotNetNuke Content Management Systems (CMS)
  • Dynamic Web Sites
  • Flash Animation
  • Flex Integration
  • e-Commerce Applications
  • Search Engine Optimization (SEO)
  • Intranet / Extranet Applications

WebSite Services for Small to Midsize Businesses and Organizations — Specializing in DotNetNuke Portal and Content Management Systems (CMS)
DESIGN | DEVELOPMENT | HOSTING | MAINTENANCE
 

SWANZEY INTERNET GROUP
Manchester, MA 01944
p (978) 526-9953 / e info@swanzey.com

Website design, website development, website hosting and website maintenance for the greater Boston, Massachusetts and Maine, New Hampshire and Rhode Island area. Serving metropolitan Andover, Attleboro, Auburn, Augusta, Bedford, Beverly, Billerica, Boston, Braintree, Brockton, Burlington, Cambridge, Concord, Danvers, Exeter, Fall River, Fitchburg, Gloucester, Haverhill, Holyoke, Ipswich, Keene, Lebanon, Leominster, Lexington, Lewiston, Lowell, Manchester, Marlborough, Nashua, Needham, Newburyport, Norwich, Norwood, Peabody, Pittsfield, Portland, Portsmouth, Providence, Quincy, Salem, Springfield, Woburn, Waltham, Westerly and Worcester. Designing, developing, hosting and maintaining websites for small and medium-sized organizations and businesses.
  
  
  Copyright (C) 2007 Swanzey Internet Group. All Rights Reserved. Terms Of Use  |  Privacy Statement