|
|
Testing for Web Site Vulnerabilities
By Regina Kwon
2002-11-01
Article Views: 761
Article Rating: / 0
| Rate This Article: |
|
| Add This Article To: |
|
|
Testing for Web Site Vulnerabilities (
Page 1 of 4 ) Will your Web site pass our security tests?Most organizations only react to security threats, and too often, only after damage has been done. But patching a system won't recover stolen data, recoup competitive advantage or revive consumer confidence. The following links take you to simple tests (provided by security vendor SPI Dynamics) that you can take to ensure your site has its guard up. Each test includes an explanation of the vulnerability, the test and, if necessary, a link to a white paper that explains what to do if your site fails.
- SQL injection vulnerability could lead to a site's entire back-end database being downloaded by a hacker.
- Cross-site scripting occurs when hackers embed malicious JavaScript code into a site's dynamically generated pages, affecting the machine of any user that views that site.
- Unrestricted directory listings can be exploited by attackers to gain access to data that was not intended to be viewable to unauthenticated users.
A dynamic Web address shows the Web server, the script's name, the parameter and the value that was sent to the script. SQL Injection and other attacks capitalize on flaws in the way values are handled. For instance, a script may use only numeric values. If a letter is sent instead, the script should reject the request. Not doing so means malicious commands can make it to the database. Below is an example of a typical dynamic address.
Sometimes you'll see multiple parameters, usually separated by ampersands:
Read the article that this tool accompanies.
Will your Web site pass our security tests?
Most organizations only react to security threats, and too often, only after damage has been done. But patching a system won't recover stolen data, recoup competitive advantage or revive consumer confidence. The following links take you to simple tests (provided by security vendor SPI Dynamics) that you can take to ensure your site has its guard up. Each test includes an explanation of the vulnerability, the test and, if necessary, a link to a white paper that explains what to do if your site fails.
- SQL injection vulnerability could lead to a site's entire back-end database being downloaded by a hacker.
- Cross-site scripting occurs when hackers embed malicious JavaScript code into a site's dynamically generated pages, affecting the machine of any user that views that site.
- Unrestricted directory listings can be exploited by attackers to gain access to data that was not intended to be viewable to unauthenticated users.
A dynamic Web address shows the Web server, the script's name, the parameter and the value that was sent to the script. SQL Injection and other attacks capitalize on flaws in the way values are handled. For instance, a script may use only numeric values. If a letter is sent instead, the script should reject the request. Not doing so means malicious commands can make it to the database. Below is an example of a typical dynamic address.
Sometimes you'll see multiple parameters, usually separated by ampersands:
Read the article that this tool accompanies.
|
|
 |
|
|
| FEATURED CONTENT
|
IT Failing at Being 'Green'
Lack of resources is hindering control of data center energy consumption, a study finds.
How to Plan for Disaster Recovery
Disasters happen to businesses of any size. They can take a variety of forms—ranging from fire and flood to janitorial accidents. Consultant Dave Sobel, CEO of Evolve Technologies, explains how you should plan for what is probably inevitable.
HP Engineers Claim 'Memristor' Breakthrough
HP Labs engineers claim they have discovered a long-sought circuit element that could lead to new ways of creating memory.
|
|
Sponsored by HP | |
|
| DOWNLOADABLE ROI CALCULATORS & TOOLS FROM BASELINE |
Calculate Cost and ROI of Spam, VOIP, RFID, Sarbanes-Oxley and more...
Featured Calculators:
See More Tools!
By Category| Planners |Calculators | Quizzes
|
| |
|
|
|
|
|
|
|
Projects: Security 
