Web Security

Look for these

1. What is SQL injection

• Web attack mechanisms used by hackers to steal data from organizations.

• Application layer attack techniques.

• Takes advantage of improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. (Fields available for user input allow SQL statements to pass through and query the database directly).

1. What is cross site scripting (also known as XSS or CSS).

• One of the most common application layer hacking techniques.
• Technique that leverages vulnerabilities in the code of a web application to allow an attacker to send malicious content from an end-user and collect some type of data from the victim.
• Dynamic websites suffer from serious vulnerabilities to cross site scripting attacks on their data.
• Mistrusted content can be introduced into a dynamic page.
• Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data.
• Will occur anywhere a web application uses input from a user in the output it generates without validating it.

Resource: www.acunetix.com

www.ihackstuff.com
looked at it and download some interesting stuff (security lectures and seminars)

Google:

• IE buffer overflow
• The bug takes advantage of the way some versions of the IE browser handle long strings of JScript code.
• The bug allows a malicious programmer to take advantage of the way the browser reads a long URL, or, in this case, a long string of JScript code. After the maximum number of characters expected on a string is exceeded, the browser crashes, and the remaining characters--potentially comprising malicious code--go into memory, where they may be executed.

• IE vulnerabilities

o Much criticism of Internet Explorer is related to concerns about security: Much of the spyware, adware, and computer viruses across the Internet are made possible by exploitable bugs and flaws in the security architecture of Internet Explorer, sometimes requiring nothing more than viewing of a malicious web page in order to install themselves. This is known as a "drive-by download": an attempt to trick the user into installing malicious software by misrepresenting the software's true purpose in the description section of an ActiveX security alert.

o While Internet Explorer is not alone in having exploitable vulnerabilities, its ubiquity has resulted in many more affected computers when vulnerabilities are found. Microsoft has not responded as quickly as competitors in fixing security holes and making patches available. Not only are there more security holes discovered in Internet Explorer, but these vulnerabilities tend to remain unpatched for a much longer time, in some cases giving malicious web site operators months to exploit them before Microsoft releases a patch.

o Internet Explorer was known to have exploit code for unpatched critical flaws for 284 days of 2006. compare this with 9 days for Mozilla Firefox.!!!

• Porn sites exploit new IE flaw

Hackers are taking advantage of a newly discovered vulnerability in Internet Explorer to install spyware on PCs that visit a number of Russian porn sites.

The malware, first reported Monday by researchers at Sunbelt Software Inc., takes advantage of an unpatched flaw in the way IE processes Vector Markup Language (VML) code. VML is a language used to display graphic information on the Web.

Porn site and a couple of others use an exploit kit called Web Attacker, and it looks like the Web Attacker kit has been upgraded to include this new exploit.