Projects: Security - Baseline

Home

Projects: Security

Testing for Web Site Vulnerabilities


	Free 30-day endpoint security trial: VIPRE Enterprise A Complete Guide to Managing Disk Fragmentation A Practitioner’s Guide to More Efficient Network Management See All White Papers >

Projects: Security

Testing for Web Site Vulnerabilities

By Regina Kwon
2002-11-01

Article Views: 9005
Article Rating:

/ 1

Table of Contents:

Will your Web site pass our security tests?

Rate This Article:

Add This Article To:

Digg this

Del.icio.us

Slashdot

Y! My Web

E-mail

Furl

Google

Simpy

Spurl!

PDF Version

Testing for Web Site Vulnerabilities

( Page 1 of 4 )

Most organizations only react to security threats, and too often, only after damage has been done. But patching a system won't recover stolen data, recoup competitive advantage or revive consumer confidence. The following links take you to simple tests (provided by security vendor SPI Dynamics) that you can take to ensure your site has its guard up. Each test includes an explanation of the vulnerability, the test and, if necessary, a link to a white paper that explains what to do if your site fails.

SQL injection vulnerability could lead to a site's entire back-end database being downloaded by a hacker.
Cross-site scripting occurs when hackers embed malicious JavaScript code into a site's dynamically generated pages, affecting the machine of any user that views that site.
Unrestricted directory listings can be exploited by attackers to gain access to data that was not intended to be viewable to unauthenticated users.

Before You Start: Dynamic URL Basics

A dynamic Web address shows the Web server, the script's name, the parameter and the value that was sent to the script. SQL Injection and other attacks capitalize on flaws in the way values are handled. For instance, a script may use only numeric values. If a letter is sent instead, the script should reject the request. Not doing so means malicious commands can make it to the database. Below is an example of a typical dynamic address.

Sometimes you'll see multiple parameters, usually separated by ampersands:

../article.asp?id=1&pageid=34

Read the article that this tool accompanies.

Next: ' Testing for SQL Injection ' >>

	Discuss Testing for Web Site Vulnerabilities

	>>> Be the FIRST to comment on this article!



	>>> More Projects: Security Articles >>> More By Regina Kwon

Email Article To Friend ♦ Print Version Of Article ♦ PDF Version Of Article


		Free 30-day endpoint security trial: VIPRE Enterprise Reduce operating expenses with CDW Healthcare solutions. Get expert tips & advice on IBM-Oracle database solutions. Get Control with SonicWALL Application Intelligence. Download eval guide and prepare your apps for multicore. FREE Data Leakage for Dummies Book from Sophos

FEATURED TECH BLOGS

IBM & Oracle: A Dynamic Database Duo
Get insider expert tips and advice on IBM-Oracle database solutions.

eWEEK Storage Station
Get the latest storage news with the eWEEK Storage Station Blog.

View All Blogs

Brought to You By

FEATURED SPONSORED MESSAGE

TechDirect

Find the trusted vendors and products that will meet your needs, compare the top solution and connect vendors in one place.

Before you order the next, data management, office automation or IT hardware solution visit TechDirect.

Click Here

Brought to You By

	LATEST STORIES
	- Hack Your Way to a Promotion - What Workers Love and Hate About Social Medi... - What People Do All Day - Higher Health Costs Ahead - Gender Divide Still Divides Workplace

In Your Area Var? Get listed!

Your Zip Code:
Need help with something projects: security related? Check out these VARs within 100 miles of your area:
Pine Services
Tony Liu
Menifee, CA View Website
Compunet Technologies, Inc.
Michael Leonard
Rancho Santa Margarita, CA View Website
Compunet Technologies, Inc.
Michael Leonard
Rancho Santa Margarita, CA View Website
Neulogics
Tom Santoro
Mission Viejo, CA View Website
OneLife Digital
Chris Adams
San Clemente, CA View Website
Infoton Computers
Ross Jaibaji
Laguna Niguel, CA View Website
IT Innovators
Dave Seibert
Irvine, CA View Website
Nokia
henry he
New York, CA View Website
Orange Coast Information Technology, Inc
Andy Roe
Tustin, CA View Website
INNOVATIVE
Johns John
Chino, CA View Website
Zephyr Networks LLC
Marc Winger
Costa Mesa, CA View Website

Baseline Newsletters

Baseline:	Issue Index \| Contact Us \| About \| Media Kit \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Technology White Papers \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.

Baseline:	Issue Index \| Contact Us \| About \| Media Kit \| Magazine Customer Service \| Navigation Guide
Quick Links:	Project Planners \| Enterprise Resource Planning \| Network and Online Security \| Data Analysis \| Process Management \| Storage Devices\| Link to Us

	Ziff Davis Enterprise Home \| Contact Us \| Advertise \| Link to Us \| Reprints \| Magazine Subscriptions \| Newsletters Tech RSS Feeds \| White Papers \| Tech Podcasts \| Tech Video \| VARs \| System Builder
	Baseline \| Careers \| Channel Insider \| CIO Insight \| DesktopLinux \| DeviceForge \| DevSource \| eSeminars \| eWEEK \| Enterprise Network Security \| LinuxDevices \| Linux Watch \| Microsoft Watch \| Mid-market \| Networking \| PDF Zone \| Publish \| Security IT Hub \| Strategic Partner \| TechDirect \| Technology White Papers \| Windows for Devices
	Developer Shed \| Dev Shed \| ASP Free \| Dev Articles \| Dev Hardware \| SEO Chat \| Tutorialized \| Scripts \| Code Walkers \| Web Hosters \| Dev Mechanic \| Dev Archives \| igrep Use of this site is governed by our Terms of Use and Privacy Policy
	Copyright ©1996-2010 Ziff Davis Enterprise Holdings Inc. All Rights Reserved. eWEEK and Spencer F. Katt are trademarks of Ziff Davis Enterprise Holdings, Inc. Reproduction in whole or in part in any form or medium without express written permission of Ziff Davis Enterprise Inc. is prohibited.

Projects: Security

Testing for Web Site Vulnerabilities

Will your Web site pass our security tests?

Testing for Web Site Vulnerabilities

Related Content

Sign up to get listed on the IT Locator today and receive all of the following immediately: