Injection Archives

April 20, 2006

Security incidents in web-based applications

According to the Web Application Security Consortium (WASC), XSS and SQL injection remain the most popular attack vectors being exploited in public incidents. Further details can be found in the Web Hacking Incidents Database (WHID), which was updated today.

The chart below illustrates the number of public incidents registered per year:

(*): Projected number of incidents for year 2006

A broader list of vulnerabilities is listed in OWASP Top Ten, which ranks the most critical web application security flaws.

Posted by Laurent in Injection, Secure Coding, Security, Technologies, Threats, Web Applications, XSS on April 20, 2006 6:34 PM | Permalink | Comments (0)

February 18, 2006

More spam sent through web sites

This interesting article (in French) warns webmasters about the "latest" spammers' techniques to exploit e-mail forms (i.e. FromMail.pl). It consists in injecting recipients in the From: field. We told you before: you shall never trust user input. :-)

Posted by Laurent in Injection, Secure Coding, Security, Spam, Technologies, Threats, Web Applications on February 18, 2006 2:00 AM | Permalink | Comments (0)

About Injection

This page contains an archive of all entries posted to never-ever-****-with-my.net in the Injection category. They are listed from newest to oldest.

Incidents is the previous category.

Spam is the next category.

Many more can be found on the main index page or by looking through the archives.

Author & Licensing

My name is Laurent de la Vaissière. I am an IT Audit and Security consultant working for a professional services firm.
The views expressed on this web site are mine alone and do not necessarily reflect the views of my employer.

This weblog is licensed under a Creative Commons License.

never-ever-****-with-my.net

Sharing information about technology, free software, and IT security primarily!