Akamaiís Threat Research team analyzed a week of cross-site scripting (xss) alert triggers to gain clarity on the nature of xss attacks. Read this case study to learn which vectors are vulnerable and specific techniques that were employed during remote resource injection exploitation attempts versus simple probing requests.
Published By: AlienVault
Published Date: Oct 21, 2014
Two of the oldest and most common attacks used against web applications, SQL injection attacks and cross-site scripting attacks (XSS), continue to impact thousands of websites and millions of users each year. Finding these exposures quickly is essential in order to prevent system compromise and avoid information leakage. SIEM solutions can be invaluable in this effort by collecting and correlating the data you need to identify patterns that signal an attack.
This paper touches upon the following topics:
-Critical vulnerabilities are on the decline, but still pose a significant threat
-Mature technologies introduce continued risk
-Mobile platforms represent a major growth area for vulnerabilities
-Web applications remain a substantial source of vulnerabilities
-Cross-site scripting remains a major threat to organizations and users
-Effective mitigation for cross-frame scripting remains noticeably absent
As the use of mobile devices exponentially expands, so too does security threats to the increasing number of mobile applications that companies rely on. As a result, companies struggle to keep pace with mobile application security and face the risk of embarrassing and costly data breaches.
In this technical session, youíll learn how Worklight Application Scanning helps you deliver applications that arenít susceptible to the most common types of malware, including SQL Injection and Cross-Site Scripting. In addition, youíll learn how this powerful tool helps address the OWASP Top 10 Mobile Risks for 2014.
A range of application security tools was developed to support the efforts to secure the enterprise from the threat posed by insecure applications. But in the ever-changing landscape of application security, how does an organization choose the right set of tools to mitigate the risks their applications pose to their environment? Equally important, how, when, and by whom are these tools used most effectively?