SQL injection attacks can allow hackers to execute arbitrary SQL commands on your database through your Web site. To avoid these attacks, every piece of data supplied by a user on a Web form, through HTTP Post or CGI parameters, or other means, must be validated to not contain information that is not expected.

Just as they did last year, over thirty international security organisations have come together, to publish a list of the 25 most dangerous programming errors leading to vulnerabilities that can be exploited for cybercrime and espionage.

This article shows how to install and configure ModSecurity (version 2) for use with Apache2 on a Debian Etch system. ModSecurity is an Apache module that provides intrusion detection and prevention for web applications. It aims at shielding web applications from known and unknown attacks, such as SQL injection attacks, cross-site scripting, path traversal attacks, etc.

Packet injection is a computer networking term which refers to sending a packet on a network into an already established connection.This tutorial will explain how to Enable Packet Injection on a Intel PRO/Wireless 3945ABG Wireless Card

The Top 25 list is a tool for education and awareness to help programmers to prevent the kinds of vulnerabilities that plague the software industry, by identifying and avoiding all-too-common mistakes that occur before software is even shipped.

The 2010 CWE/SANS Top 25 Most Dangerous Programming Errors was published today listing the most widespread issues that lead to software vulnerabilities.
Mark Cox: "During the creation and review of the list we spent some time to see how closely last years list matched the types of flaws we deal with at Red Hat."

ModSecurity is sophisticated application firewall that monitors the content of ports 80 and 443. ModSecurity can protect you from hack attacks, zero day exploits, directory traversals, SQL injection and a lot of other bad stuff. This script will help you locate the blocks that ModSecurity is performing for you so you can evaluate.

Hopefully, you understand how important it is to thoroughly validate all user input accepted through a web form; after all, if you neglect this task, your data could be stolen or damaged via a SQL injection attack, or your users could be spoofed via a cross-site scripting attack.

Experts from more than 30 US and international cyber security organizations jointly released the consensus list of the 25 most dangerous programming errors that lead to security bugs and that enable cyber espionage and cyber crime.