http://www.itworld.com/taxonomy/term/919/all xx http://www.itworld.com/security/84568/web-application-errors-pose-danger-enterprises A majority of Web sites have at least one major security issue that could be used by hackers for fraud-related purposes, according to a new survey. http://www.itworld.com/security/84568/web-application-errors-pose-danger-enterprises#comments Development Security News content spoofing cross-site scripting SQL injection Thu, 12 Nov 2009 17:13:24 -0500 ITworld staff 84568 at http://www.itworld.com http://www.itworld.com/tech-amp-society/82470/your-web-site-under-attack If you have a web site, the answer is undoubtedly "yes". Someone somewhere or, more likely, quite a few someones are attempting to attack your site or the system on which it is running. Assuming hackers have found your site and are testing it for holes that they might crawl through, let's take a look at how you can uncover evidence of their exploits with a quick examination of your web logs. http://www.itworld.com/tech-amp-society/82470/your-web-site-under-attack#comments Security How-to buffer overflow Perl Sandra Henry-Stocker SQL injection web logs Mon, 26 Oct 2009 19:24:27 -0400 Sandra Henry-Stocker 82470 at http://www.itworld.com http://www.itworld.com/security/81482/hijacked-web-sites-attack-visitors Here's the scenario: Attackers compromise a major brand's Web site. But instead of stealing customer records, the attacker installs malware that infects the computers of thousands of visitors to the site. The issue goes unnoticed until it's exposed publicly. http://www.itworld.com/security/81482/hijacked-web-sites-attack-visitors#comments Internet Security Feature cross-site scripting remote file-inclusion SQL injection Mon, 19 Oct 2009 16:17:36 -0400 ITworld staff 81482 at http://www.itworld.com http://www.itworld.com/security/80630/opinion-why-application-layer-defenses-belong-applications Intrusion-detection tools might seem up to the job of stopping SQL injection attacks, but they aren't. http://www.itworld.com/security/80630/opinion-why-application-layer-defenses-belong-applications#comments Development Security Software Opinion SQL injection Sun, 18 Oct 2009 22:12:30 -0400 ITworld staff 80630 at http://www.itworld.com http://www.itworld.com/security/77712/internet-security-patch-your-apps-now A report from the SANS Institute shows that it is all about unpatched applications, not the underlying operating systems. Most of the observed attacks have come from older, weaker apps and well known Internet vulnerabilities. http://www.itworld.com/security/77712/internet-security-patch-your-apps-now#comments Internet Security News application security cross site scripting cyber security network security patched operating systems security internet SQL injection zero day vulnerabilities Tue, 15 Sep 2009 04:47:32 -0400 davidstrom 77712 at http://www.itworld.com http://www.itworld.com/security/69272/web-app-firewalls-how-evaluate-buy-implement Application-layer attacks bypass standard perimeter defenses. Here's how to evaluate firewalls that screen web app traffic. http://www.itworld.com/security/69272/web-app-firewalls-how-evaluate-buy-implement#comments Security Feature cross-site scripting firewall SQL injection WAF Mon, 15 Jun 2009 10:07:48 -0400 ITworld staff 69272 at http://www.itworld.com http://www.itworld.com/security/62975/hacker-claims-sql-bug-symantec-site Symantec is the latest company to fall prey to a Romanian hacker who has been finding SQL injection bugs in security sites. http://www.itworld.com/security/62975/hacker-claims-sql-bug-symantec-site#comments Security News SQL injection Symantec Thu, 19 Feb 2009 15:14:01 -0500 ITworld staff 62975 at http://www.itworld.com http://www.itworld.com/security/57516/thousands-hit-broad-web-hack Kaspersky warns that as many as 10,000 Web sites have been compromised in a mass Web attack. http://www.itworld.com/security/57516/thousands-hit-broad-web-hack#comments Security News hack SQL injection Fri, 07 Nov 2008 21:12:01 -0500 ITworld staff 57516 at http://www.itworld.com http://www.itworld.com/news/53737/kaspersky-says-hacking-attack-did-no-damage The defacement of one of Kaspersky Lab's partner Web sites over the weekend occurred while the site was under construction and offered no data to steal, a senior company official said Tuesday. http://www.itworld.com/news/53737/kaspersky-says-hacking-attack-did-no-damage#comments Security News attacks hacking Kaspersky Lab SQL injection Tue, 22 Jul 2008 15:55:52 -0400 ITworld staff 53737 at http://www.itworld.com http://www.itworld.com/internet/53700/kaspersky-labs-malaysian-web-site-hacked Russian security company Kaspersky Lab's Web site for Malaysia was defaced on Saturday along with one of its online shopping sites, according to Zone-H, an organization that documents such attacks. http://www.itworld.com/internet/53700/kaspersky-labs-malaysian-web-site-hacked#comments Internet Security News attacks SQL injection Mon, 21 Jul 2008 11:19:38 -0400 ITworld staff 53700 at http://www.itworld.com