Palisade Magazine
 
The reign of bots

June 2006

The reign of bots

by Sam Varughese, CISSP, SCSA

I have often wondered how attackers get enough systems to mount Distributed Denial of Service attacks. How do they manage to time and control these attacks? In a typical Distributed Denial of Service (DDoS) attack, thousands of systems attack a victim and take it offline. Attackers first compromise a large number of machines and then setup backdoors on them. The backdoors listen for commands from their masters - they perform a coordinated attack at their master’s bidding. This network of compromised systems, working under a central command is called a ‘botnet’… more →

Dodging the spiders

by Shalini Gupta

Web spider is a software program that traverses pages in the World Wide Web in an automated manner and extracts information from web pages. They are also known as web crawlers or web robots. Web spiders can read the HTML content and hence can read both the visible and non-visible parts of the webpage. Spiders cannot access the contents that require authentication or authorization. Spiders can search for data across websites much quicker and deeper than humans can ever do.… more →

Are stored procedures safe against SQL injection?

by Santosh Kumar

Stored procedures are widely used due to the benefits like encapsulation of business logic in a single entity, strong validation, faster execution and exception handling. But are they safe against SQL injection attacks? Not always. SQL injection is possible if the dynamic SQL inside the stored procedure is not handled properly… more →

QuizQuiz: Directory Traversal Attacks

It is very essential to control the access to web content for running a secure web server. Directory traversal is an exploit that takes advantage of the lack of controls on the web server to access restricted directories and execute commands. So how can we prevent these directory traversal attacks on the web servers?

  1. Applying latest security patches
  2. Turning off directory-browsing
  3. Performing strong input validation with white lists
  4. Placing web-root directories and virtual directories on a separate partition from the system files
  5. Using tools
  6. All of the above.

more →

Review: Head Rush Ajax

by Brett McLaughlin

If you have read a Head First book, you will be very comfortable with Head Rush Ajax. Visual metaphors, humor and surprise in these books engage the reader thoroughly. Having heard the buzzword called AJAX, you may be eager to learn it quickly. This unpretentious book is just right for you. … more →

On the blog recently

Past quizzes

  • Mar '05 : Which is the best method for implementing the Forgot Password feature?
  • Dec '05 : What’s the best strategy to validate the inputs in our application?
  • Apr '09 : Which of the following are the best practices for securing PHP applications?
  • Apr '06 : Which of the following websites is least likely to be a target of phishing / pharming attacks?
  • Nov '04 : How can I protect my application from SQL Injection attacks?

Search this website

 Search website

Stay Informed

Want to know when the new issues are out? Just fill in your details, we will take care of notifying you when new issues are released:




Subscribe  Unsubscribe

Write to Us

All flowers, brickbats and suggestions are welcome. You can put in yours on the feedback page.

News & Events

  • 03.03.10. Binu Thomas, CTO Plynt, presented at the RSA Conference 2010 on the topic “Application Security Across the Enterprise: Lessons from the Trenches”. This is the fifth time Paladion has been invited to present here.
  • 25.12.09. Plynt has been selected as a finalist for Red Herring’s Global 100 award, a prestigious list honoring the year’s most promising private technology ventures from around the world.
  • 10.12.09. Deloitte Fast 50 India features Paladion 4 years in a row. The ranking of the 50 fastest growing technology companies places Paladion in the 19th spot.
  • 21.05.09. ICICI Bank and Paladion Have Been Awarded the Best Banking Security Systems Project by the Asian Banker IT Implementation Awards Program
  • 20.04.09. Info Security Products Guide Names Plynt Certification Program Winner of the 2009 Tomorrow’s Technology Today Award