attacks and defenses for web apps

Article on attacks against web servers (app level) and mitigations to stopping them, with full examples on the attacks. Some interesting things to try out someday would be mod_security and Tripwire-like programs to monitor file integrity. I would love to start getting alerts like these on my own systems whenever something changes, even if it is me updating a web page on my site. I also have a project to get some sort of centralized monitoring on my network to check for creation/changes to local user accounts and other things. I’d love to be able to centrally pull my firewall logs (Sygate), but I bet that will require my own scripting. At any rate, the paper is much of the same tried-and-true stuff with security, but the examples are pretty cool.

Posted in web