by Runa Dwibedi, BS7799 LA
Applications that use XML databases are vulnerable to injection attacks. Read on to find out how XPATH queries are manipulated to access sensitive information… more →
by Balaji V
Google hacking is a term that refers to applying advanced searching techniques to access unauthorized information through any search engine. In this article we look at some of vulnerabilties which are exploited by these techniques and how to safeguard applications from being compromised.… more →
by Priyali Vibhute, BS 7799 LA
Microsoft added several security enhancements in Visual C++ recently: secure versions of vulnerable functions, new functions optimized for security and security switches for the compiler. This article introduces these features and helps developers use them immediately… more →
Quiz: Transmitting Session IDs
What is the best method for transmitting session IDs?
- Sending the session ID in plain text in the URL.
- Sending hashed session ID in the URL.
- Sending the session ID as a hidden value in the form.
- Embed the session ID in the Cookie.
Review: HTTP Developer's Handbook
Chris Shiflett’s “HTTP Developer’s Handbook” is an excellent place to learn the innards of the HTTP protocol for security testers.… more →