In XSS attacks, attackers place malicious scripts on a website that contains instructions directing a web browser to access a second site. In this video, learn how attackers wage XXS attacks and the ways that security professionals may defend against these attacks on their websites.
- SQL Injection attacks prey upon the fact…that many modern dynamic web applications rely upon…underlying databases to generate dynamic content.…For example, a web application that relies upon…a simple Database-Driven Authentication mechanism…might store unencrypted user passwords in a database,…and then, when a user attempts to log in,…the application retrieves the correct password…from the database, and compares it to the user's input.…If the passwords match,…the user is successfully logged in to the system.…
This is not a good way to implement password authentication,…but it's the reality of how many websites work.…In this type of scenario, the web server requests the…password from the database using a Query written in…the Structured Query Language, or SQL.…SQL is simply the language used by relational databases…that allows users and applications…to create, update, delete, and retrieve data.…You won't need to know how to write SQL for…the security plus exam, but it is helpful to look at…some examples to understand how SQL injection attacks work.…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software