Chapter 11

Web Application Security

Previously, web applications have been discussed with a technical analysis of the specific attack types that target them. Many of these high-profile attacks on companies use similar methods and tools to gain access, and some components of web services are especially vulnerable in comparison to others, especially at points where users are able to input text data. An open field, file, or form that will take input and allow server processing may not have properly cleansed that input, allowing the remote execution of hidden and embedded code in that data that was not intended to be run on that server. This type of attack uses structured query language (SQL), which is a language used to query databases and insert ...

Get Network and Data Security for Non-Engineers now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.