Web Application Security
SQL Injection vulnerabilities - SQL injection is considered as a type of web application security vulnerability wherein attacker has the ability of submitting database SQL command which is being executed by the web application therefore exposing the back-end database. Read the article to learn more.
Malicious Code Injection - Malicious code is considered as a term used in describing any code within any part of the software system or the script which is intended to cause some undesired effects, damage to the system or security breaches. This is also considered as application security threat which couldn’t be controlled efficiently through conventional antivirus software. Read the article to learn more.
Cross-Site Scripting - Cross-site scripting attacks are considered as type of injection wherein malicious scripts are being injected into the other benign as well as trusted web sites. This would occur once a certain attacker uses a web application in order to send malicious code which is particularly in the form of a browser side script up to a different end user. Read the article to learn more.
Directory Traversal - Directory Traversal is considered as a form of HTTP exploit wherein a certain hacker is to use software on the web server in order to access data into the directory other than the root directory of the server. Once the attempt is considered to be successful, the hacker might already view the restricted files or could even execute commands into the server. Read the article to learn more.
LDAP Injection - LDAP Injection is considered as a specific form of attack which could be employed in order to compromise websites which construct LDAP or Lightweight Directory Access Protocols statements coming from the data being provided by the users. This could be done through changing the LDAP statements in order for dynamic applications could run along with invalid permissions wherein attackers are allowed to alter, delete or add content. Read the article to learn more.
Buffer Overflow - A buffer overflow is one of the most common mistakes done in software coding. In order for a buffer overflow web application vulnerabilities to effectively mitigate, it is very important for you to first understand what it is and the dangers they can possibly bring into your applications. Read the article to learn more.
Cross-Site Request Forgery - CSRF refers to the attack that is drawn in OWASP Top 10 wherein a malicious site will transmit a request towards a web application where a user has been authenticated already against the different websites. With this, the invader can obtain the functionality in aimed web application through the victim's authenticated browser. Read the article to learn more.
CRLF Injection - CRLF Injection attack or the HTTP response splitting is a probably simple, yet a very strong web attack. The hackers are exploiting actively this kind of web application vulnerability in performing a wide variety of attacks, which involve the cross-user defacement, XSS cross-site scripting, and web pages hijacking together with other similar attacks. Read the article to learn more.
Failure to Restrict URL - One of the vulnerabilities of a web application is the failure to restrict the URL access. Once your application fails to properly restrict the URL access, the security can be compromised through a particular technique known as forced browsing. Having experienced forced browsing might be crucial, especially when an attacker is trying to gather the sensitive data through the web browser. Read the article to learn more.
Insecure Cryptographic Storage - The issue occurs when the sensitive data is not securely stored. This is not a single vulnerability, instead a collection of vulnerabilities. What does this collection have to do with ensuring that then most important data is encrypted when needed? This ensures encrypting the correct data, proper storage as well as management, not using known bad algorithms and not implementing your won cryptography that may or may not be secured. Read the article to learn more.
Insufficient Transport Layer Protection - It is defined as the security weakness that is caused by an application that does not take any measures in order to protect the network traffic. The Insufficient Transport Layer Protection is one of the web application vulnerabilities in which once occurred, will surely affect the performance of your site and some of the necessary data within your website. Read the article to learn more.