|
|
|
Websites in "WWW"
|
| pages:
|
1 |
|
• 'Cross-site scripting' tears holes in Net security
USA Today article by Byron Acohido that details WhiteHat Security's assesment of Hotmail, Yahoo, Amazon, and America Online.
|
• Apache: Cross Site Scripting Info
How the attack affects websites hosted on the Apache webserver and Apache specific issues.
|
• Are Secure Internet Transactions Really Secure?
This paper describes how many small business claim to be offering a secure order form, when in fact, they really are not. The paper shows how the insecurity occurs, and offers a few solutions to the problem.
|
• Bypassing Javascript Filters - The Flash Attack
Paper by EyeonSecurity explaining how to inject CSS attacks into Web applications which allow Flash content.
|
• CERT Advisory CA-2000-02: Malicious HTML Tags Embedded in Client Web Requests
Advisory published jointly by the CERT Coordination Center, DoD-CERT, the DoD Joint Task Force for Computer Network Defense (JTF-CND), the Federal Computer Incident Response Capability (FedCIRC), and the National Infrastructure Protection Center (NIPC).
|
• CERT/CC: How To Remove Meta-characters From User-Supplied Data In CGI Scripts
Examples in C and Perl.
|
• Cgisecurity.com
This site is designed to help user to learn about what kinds of security risks exist and how to prevent them from happening.
|
• CIAC: Unix NCSA httpd Vulnerability
An advisory detailing a vulnerability that has been discovered in the NCSA WWW server software (httpd).
|
• Client Side Trojan
By clicking on maliciously formed HTML tags users can unknowingly perform undesirable actions.
|
• CNN.com: Schwab's Site Could be Vulnerable
Charles Schwab's online customers are at risk of having their account information accessed and their accounts manipulated due to the same software vulnerability that affected E-Trade's Web site in September.
|
• COAST Hotlist: Security in the WWW
A collection of links related to WWW security.
|
• Cross Site Scripting Vulnerabilities
Security consultant David deVitry offers background information, a free CSS vulnerability detector, and a list of vulnerable sites.
|
• Download Accessdiver
Detect security failures on any kind of web sites.
|
• DuoWorks UK Ltd
WebAlarm anti web defacement software.
|
• Hacking Exposed: Web Applications
Book that covers how to hack web applications, and how to secure against the attacks detailed. Author profiles, links to tools referenced in the book and reviews.
|
• iDefense iALERT White Paper: Evolution of Cross-Site Scripting Attacks
Predicts semi-automated techniques will aggressively begin to emerge for targeting and hijacking web applications.
|
• Information on Cross-Site Scripting Security Vulnerability
Microsoft Technet provides a FAQ, overview of the threats posed by XSS, and suggestions for how their customers can protect themselves.
|
• InfoWorld Opinions: Cross-site Scripting
Article on this often overlooked threat with links.
|
• Internet Explorer Automatic Web Script Form Filler
Software for automatic security and functionality testing of web sites. Record and replay your web surfing, form filling and downloading. Supports command line options via batch files, scripts and windows task scheduler.
|
• Kabolo
Comentarios humorísticos sobre cualquier tema.
|
• Microsoft Security Bulletin (MS00-060)
Patch available for 'IIS Cross-Site Scripting' vulnerabilities.
|
• Microsoft TechNet Security - Web Site Security
Provides technical how to information and links to other security resources.
|
• Northfell
Article on website hacking covering footprinting, IP scanning and an example IIS hack. Also has computer security weblog and an overview of BS7799.
|
• perl.com: Preventing Cross-site Scripting Attacks
Paul Lindner, author of the mod_perl cookbook, explains how to secure our sites against Cross-Site Scripting attacks using mod_perl and Apache::TaintRequest.
|
• Phrack: Against the System - Rise of the Robots
Michal Zalewski theorizes how Web crawlers can be exploited to inadvertently attack remote systems.
|
• Por más
Programas gratuitos para múltiples utilidades.
|
• Shockwave Security Alert
Lists potential privacy issues or security holes created by Shockwave and solutions for them.
|
• The Cross Site Scripting FAQ
Answers questions on identification, threats, and prevention. Provides examples and links.
|
• The Open Web Application Security Project
How to build, design and test the security of web appplications and web services
|
• The WWW Security FAQ
Includes securing your server, protecting confidential documents on your site, safe CGI programming, client security, and privacy.
|
• Total Simplicity
Total Simplicity is a full on technical company providing hosting, custom programming, security, and online stores.
|
• W3C Security Resources
Provides an overview of web security and links to security initiatives such as PICS Signed Labels, and XML-DSig.
|
• W3Schools.com: Web Security
Covers basic privacy issues.
|
• Web Security: A Matter of Trust
Collection of original articles.
|
• Web Spoofing
Full text of a paper discussing an 'attack' that threatens both privacy and data integrity. Written by Edward W. Felten, Dirk Balfanz, Drew Dean, and Dan S. Wallach. Available in various formats including PDF and Postscript.
|
• Web Workshop - Untangling Web Security
Using IIS to configure and maintain Web security.
|
• WebAgain
Protects a web site from defacement and automatically repairs hacked pages.
|
• World Wide Web (in)Security
Demonstrations of security risks and advice for safe use of a web browser.
|
pages:
|
1 |
|
|
|
