Links about Web Application Security

Topics:

• Cross Site Request Forgery (CSRF)
• Cross Site Scripting (XSS)
• Cross Site Tracing (XST)
• HTTP Response Splitting
• Mail Header Injection
• Second Order Code Injection Attacks
• SQL Injection

Cross Site Request Forgery (CSRF)

• Session Riding <http://www.securenet.de/papers/Session_Riding.pdf>
• XSS ans Cross-Site Request Forgeries <http://shiflett.org/articles/foiling-cross-site-attacks>
• PHP Security Guide: Form Processing <http://phpsec.org/projects/guide/2.html#2.4>

Cross Site Scripting (XSS)

• The Cross Site Scripting FAQ <http://www.cgisecurity.com/xss-faq.html>
• HTML Code Injection and Cross-site scripting <http://www.technicalinfo.net/papers/CSS.html>
• The Evolution of Cross-Site Scripting Attacks <http://www.cgisecurity.com/lib/XSS.pdf>

Cross Site Tracing (XST)

• Cross-Site Tracing (XST) Whitepaper <http://www.cgisecurity.com/whitehat-mirror/WH-WhitePaper_XST_ebook.pdf>
• TRACE used to increase the dangerous of XSS <http://cert.uni-stuttgart.de/archive/bugtraq/2003/01/msg00238.html>
• Vulnerability Tutorial - Cross Site Tracing <http://www.saintcorporation.com/...=Cross_site_tracing.html>

HTTP Response Splitting

• Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics <http://www.packetstormsecurity.org/papers/general/whitepaper_httpresponse.pdf>

SQL-Injection

• SQL Injection Attacks by Example <http://www.unixwiz.net/techtips/sql-injection.html>
• SQL Injection Walkthrough <http://www.securiteam.com/securityreviews/5DP0N1P76E.html>
• Blind SQL Injection - Automation Techniques? <http://www.blackhat.com/presentations/bh-usa-04/bh-us-04-hotchkies/bh-us-04-hotchkies.pdf>
• An Introduction to SQL Injection Attacks for Oracle Developers <http://www.net-security.org/dl/articles/IntegrigyIntrotoSQLInjectionAttacks.pdf>
• SQL Injection Attacks - Are You Safe? <http://www.sitepoint.com/article/sql-injection-attacks-safe>
• Using Binary Search with SQL Injection <http://shh.thathost.com/text/binary-search-sql-injection.txt>

Kontakt

Fragen, Anregungen oder Kritik gerne per E-Mail an morpheus 0x40 buha 0x2E info.

Autor: Thomas Waldegger (morpheus)
Kontakt: http://morph3us.org/contact/
URI: http://morph3us.org/security/links/web-app-security.html