SecologicTrain
for Java/JSP		 Zur deutschen Version 

Welcome!

During the last few years more and more dynamically generated webpages arose.
They can be created on the client-side (e.g. with JavaScript) as well as on the server-side (e.g. Java, PHP,…).
Java provides the possibility of creating dynamic websites with the Java Server Pages (JSPs) and the Servlet technology.
But once you present your web application in the internet there is a rising demand on security. In order to be capable of protecting you and your customers appropriate you need to have some knowledge about possible security risks.

This site offers you much information and exercises about different security weaknesses and shows you how to prevent them in the future.



Cross-Site Scripting (XSS)
SQL-Injection
XPath-Injection
CookieSecurity
CrossSideScripting (XSS)
Through XSS (Cross-Site Scripting) an attacker can inject malicious code into a website. This code is usually injected via URL parameters or unfiltered input fields. The script code gets executed when another user views the infected page.
SQL-Injection
SQL is a query language for databases. In case of vulnerabilities, the attacker can get access to the database and read and manipulate the data.
XPath-Injection
XPath is a query language for XML-files. An attacker might gain access to confident data in the case of XPath vulnerabilities.
CookieSecurity
Cookies are used on the WWW to make user data accessible on different sites of a web application. For the reason that cookies are mostly transmitted unencrypted in the HTTP header and are also stored unencrypted on the user's local store there arise a lot of security problems.



Copyright © 2006 SAP AG. All rights reserved.
Legal Notice

This Application is tested for MS Internet Explorer 6.0 and Mozilla FireFox 1.5 for a resolution of 1024x768.