Sunera Security Services - ISACA South Florida Chapter

Recommendations

Info

Cross-Site Scripting Cross-Site Scripting attacks are limited by the point of reflection, the application‟s attack surface, and the creativity and skill of the attacker – Attacks can be bi-directional, so instances of XSS on “internal-only” applications are not exempt from proper remediation End result – Cross-Site Scripting and input injection in any form is a dangerous vulnerability to leave unmitigated – There is no “acceptable” input injection 6
Failure to Restrict URL Access URL Access should be restricted in order to prevent users with malicious intent from directly enumerating protected content Lessons Learned: – Ensure effective data categorization to avoid mistakenly publishing sensitive content – Protect resources with strong authentication and session management mechanisms – Don‟t rely on security through obscurity to protect resources 7
Page 1 and 2: Sunera LLC Web Application Security
Page 3 and 4: Frequently Encountered Vulnerabilit
Page 5: Cross-Site Scripting Cross-Site Sc
Page 9 and 10: Improper Error Handling While ofte
Page 11 and 12: Frequently Misunderstood Mitigation
Page 13 and 14: Input Injection and Regular Express
Page 15 and 16: Zip Code Regex: Step 1 ^\d{5}(?:-\d
Page 21 and 22: String Concatenation Bad: String C
Page 23 and 24: Secure Sockets Layer Secure Socket
Page 25 and 26: First Tool: Knowledge The more you
Page 27 and 28: Tools For Testing Web Applications
Page 29 and 30: Tools for Testing Web Applications
Page 31 and 32: Recommended Websites ZScaler Resea

Sunera Security Services - ISACA South Florida Chapter

Create successful ePaper yourself

Delete template?

Save as template?