Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Web applications and your data

Stree Naidu | April 16, 2010
Putting in place the first and last line of defence

SQL injection

These attacks take advantage of input validation vulnerabilities in custom Web application code to send unauthorised SQL commands to a back-end database. For example, using SQL injection, an attacker may gain access to the entire contents of a backend database including identity information. SQL injection is usually carried out by an external attacker from outside the perimeter firewall.

Crosssite scripting

Such attacks take advantage of script injection vulnerabilities in custom Web application code to redirect a customers login credentials to an attacker. Often used as part of a larger phishing scheme, cross-site scripting is usually carried out by an external attacker from outside the perimeter firewall.

Cross-site request forgery

This exploits a servers trust in a client that presents a valid session token. The attacker abuses this trust by invoking an action on behalf of the victim through malicious code in a hyperlink, image source tag, script, iframe or other content.

Worm infections

These take advantage of vulnerabilities in underlying operating systems and commercial software platforms. Code Red, Nimda, and MSBlaster represent just a few widely known worms targeting Web application platform software. In the case of identity theft, platform software vulnerabilities may be exploited by worms (or individual attackers) to install Trojan horse programs to enable back-door access to identify information.

Stree Naidu is vice president, Asia Pacific and Japan for Imperva, a data security specialist. 

 

Previous Page  1  2  3  4 

Sign up for Computerworld eNewsletters.