Information Security Resource

Introduction: What is Click-Jacking? Click-jacking, also known as a "UI redress attack", It is a malicious technique of tricking a web user into clicking on something different from what the user perceives they are clicking on.  What is an Impact? An attacker uses multiple transparent or opaque layers to trick a user into clicking on a button or link on another page when they were intending to click on the top level page. Thus, the attacker is "hijacking" clicks meant for their page and routing them to other another page, most likely owned by another application, domain, or both.Using a similar technique, keystrokes can also be hijacked. With a carefully crafted combination of style sheets, I-frames, and text boxes, a user can be led to believe they are typing in the password to their email or bank account, but are instead typing into an invisible frame controlled by the attacker. How can we Mitigate? We can mitigate the Click-Jacking with the help of...

Introduction: What is a SQL Injection? SQL Injection is a technique of passing SQL commands to backend database through web application by accepting the unvalidated inputs from form, URLS etc.   What is an Impact of SQL injection?   An Attacker can take advantage of SQL injection to dump the database and also can pass the commands to database which results in DOS i.e shutting down the database or droping the important tables in the database. How can we Mitigate? One can mitigate the SQL injection with the use of Parameterized query. What is Parameterized query? A parameterized query is a type of SQL query that requires at least one parameter for execution. A placeholder is normally substituted for the parameter in the SQL query. The parameter is then passed to the query in a separate statement.    The following is an example of an ADO.NET parameterized query: SELECT LastName FROM Contacts WHERE ContactID = @ContactID; @ContactID ...