Loading
Web Application Security Testing with Samurai
Web site vulnerabilities often occur in very non-obvious ways. Whether you're a Web developer or run a Web site, you need to understand how it's done and how to test your site.
Although useful, penetration testing is only part of the picture. To truly address these risks, applications must be designed, implemented and deployed with security in mind. Code analysis tools are helpful in locating places where application code deals with user inputs, so the code can be audited for input validation, strong output encoding and safe quote handling. Careful deployment using the principle of least privilege and employing chroot jails can help minimize the damage attackers can do if they gain access to your application. Never allow your database or Web server process to run as the root user.
Hopefully, this article can serve as a jumping off point to help you approach Web application security from a more active point of view, but there are many exploits and aspects of these two specific exploits that aren't covered here. For further reading, see the OWASP Wiki at www.owasp.org.
Special thanks to Adrian Crenshaw from irongeek.com, the author of our example application, Mutillidae. Mutillidae is a Web application designed to be deliberately vulnerable to the OWASP top ten in an easy-to-understand form for education purposes. Check out his site for some excellent resources on Web application security.
- « first
- ‹ previous
- 1
- 2
- 3
______________________
static const char *usblp_messages[] = { "ok", "out of paper", "off-line", "on fire" }; Previously known as Jes Hall (http://www.linuxjournal.com/users/jes-hall/track)
Webcast
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Sponsored by AMD
White Paper
Private PaaS for the Agile Enterprise
If you already use virtualized infrastructure, you are well on your way to leveraging the power of the cloud. Virtualization offers the promise of limitless resources, but how do you manage that scalability when your DevOps team doesn’t scale? In today’s hypercompetitive markets, fast results can make a difference between leading the pack vs. obsolescence. Organizations need more benefits from cloud computing than just raw resources. They need agility, flexibility, convenience, ROI, and control.
Stackato private Platform-as-a-Service technology from ActiveState extends your private cloud infrastructure by creating a private PaaS to provide on-demand availability, flexibility, control, and ultimately, faster time-to-market for your enterprise.
Sponsored by ActiveState
- Containers—Not Virtual Machines—Are the Future Cloud
- Non-Linux FOSS: libnotify, OS X Style
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Linux Systems Administrator
- Introduction to MapReduce with Hadoop on Linux
- RSS Feeds
- Validate an E-Mail Address with PHP, the Right Way
- New Products
- Weechat, Irssi's Little Brother
- Tech Tip: Really Simple HTTP Server with Python
- Poul-Henning Kamp: welcome to
40 min 42 sec ago - This has already been done
41 min 42 sec ago - Reply to comment | Linux Journal
1 hour 26 min ago - Welcome to 1998
2 hours 15 min ago - notifier shortcomings
2 hours 39 min ago - heroku?
4 hours 15 min ago - Android User
4 hours 17 min ago - Reply to comment | Linux Journal
6 hours 10 min ago - compiling
9 hours 10 sec ago - This is a good post. This
14 hours 13 min ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?
Comments
I think web applications
I think web applications should be througly tested for security testing. Any penetration in web application or server can lead to loss of important data as well company revenue.
In our company we are not concentrating more on securtiy testing, i have pointed this out to my lead and he is convienced now.
You can set aside some fix test plan time for security testing of web application.
I would also love to see detailed article on SQL injection..
-----------------------------------------
Roy Mendez from curse de cai
I wonder what the trade off
I wonder what the trade off is between security and usability
web scanner best solution again applications vulnerabilities
Thanks, The only way to combat the Web application security threat is to proactively scan websites and Web applications for vulnerabilities and then fix them. Implementing a Web application scanning solution must be a crucial part of any organization’s overall strategy. we had a good experience with http://www.gamasec.com they have a good free trial and the reporting and users control panel are freindly and easy to work with.
So for the next time you can had a new good web scanner from http://www.gamasec.com