Showing 49 articles

Showing 49 articles

#1

Missing Function Level Access Control



Missing function level access control vulnerabilities occur when the application does not perform access control checks when executing sensitive operations. For example, if the application doesn't che...

#2

Open Redirect



Many web applications use URL redirection to direct a user to another site or page on the same site. Some web sites make it possible to manipulate the destination of the URL redirection. An attacker m...

#3

Cross-Site Scripting



A web application's output is rendered as a web page. If user input is included in the web application output, then it is also rendered as a part of the web page. If user input is included in output w...

#4

Directory Indexing



Directory indexing vulnerabilities occur when a web application server is configured to return a listing of files in a web accessible directory in response to an HTTP request for that directory. Direc...

#5

Insecure Indexing



Insecure indexing vulnerabilities occur when the application discloses the location of sensitive or otherwise valuable files. Insecure indexing typically occurs when a web search engine finds sensitiv...

#6

Application Misconfiguration



Application misconfiguration vulnerabilities occur when an application is not configured properly by the user. Examples include weak passwords, weak access control permissions, exposed configuration s...

#7

Server Misconfiguration



Server misconfiguration vulnerabilities occur when the server that hosts the web application is not configured properly. Some types of server misconfiguration might not provide any dangerous capabil...

#8

Fingerprinting



Fingerprinting is a broad term that describes searching for telltale signs that a specific application or system component is running on a given system. These telltale signs are called fingerprints. T...

#9

Improper Filesystem Permissions



Improper filesystem permissions vulnerabilities occur when the filesystem permissions are not sufficiently restricted, either as a result of the application not setting strict enough permissions or th...

#10

Cookie Security



Cookie security issues occur when all the measures available for protecting cookies are not fully implemented. Measures that can be used to protect cookies are listed in the Countermeasures section of...

#11

Hard-coded Credentials



Applications that use authentication need a method for storing credentials. Credentials might be stored for authenticating users to the application or for the application to authenticate to external s...

#12

Insufficient Authorization



Insufficient authorization vulnerabilities occur when the application allows a user to perform an action without checking if the user has sufficient privileges to carry it out. This allows attackers t...

#13

Parameter Tampering



A parameter tampering vulnerability occurs when an attacker can modify parameters used by a web application that have security implications. For example, a vulnerable application might allow an attack...

#14

Insufficient Authentication



Insufficient authentication vulnerabilities occur when the application allows users to perform sensitive operations or access sensitive information without properly checking their authentication crede...

#15

Cookieless Authentication



Most web applications use cookies to keep track of session state. Some applications use other mechanisms to keep track of authenticated sessions. These custom authentication schemes are usually vulner...

#16

Use of Hard-coded Password



Applications that use authentication need a method for storing passwords. One of the simplest ways to store passwords is to hard-code them into the application. This approach is not secure, because an...

#17

Data Leak Between Sessions



Data leaks between sessions occur when unintentional access to one session's data is provided to another session. Data leaks between sessions usually occur when session-specific data is stored in memb...

#18

Insufficient Password Recovery



Insufficient password recovery vulnerabilities occur when the application does not have an effective process to verify user identity when handling a "forgotten password" condition, and then either giv...

#19

Brute Force



Brute forcing is a broad term that refers to repeatedly performing a very simple, automated attack, which has a small chance of being successful for each iteration. The more iterations are performed,...

#20

Session Hijacking



Session hijacking (a.k.a. credential and session prediction) vulnerabilities occur when the application uses easy to predict session identifiers or other easy to predict methods to track user sessions...

#21

Session Fixation



Session fixation vulnerabilities occur when the application doesn't sufficiently protect session identifiers. This allows an attacker to hijack active user sessions. Most web application platforms p...

#22

Insufficient Session Expiration



Insufficient session expiration vulnerabilities occur when the application keeps user sessions active for an unreasonably long period of time. The correct amount of time to keep a user session active...

#23

Sensitive Cookie in HTTPS Session without Secure Attribute



When a Cookie has the Secure flag set, that cookie will not be sent over a non-encrypted connection. If the Secure attribute is not set on a sensitive cookie, the cookie will be sent in plaintext and...

#24

Code Injection



Scripting languages often have functions, such as eval(), that allow interpreting a string or a file as a part of the application. The danger of using these functions is that, under certain conditions...

#25

LDAP Injection



Lightweight Directory Access Protocol (LDAP) is a widely used protocol for accessing directory services. Directories provide a set of attributes about people that are organized in a hierarchical manne...

#26

XML External Entity (XXE) Injection



XML external entity (XXE) injection vulnerabilities occur when the XML processor allows the attacker to control data loaded into the XML document as "external entities." Some XML processors support a...

#27

Connection String Injection



Applications use connection strings to specify credentials used to access databases. If the application includes unvalidated user input in connection strings, an attacker might be able to change what...

#28

SQL Injection



SQL injection is a type of vulnerabilities in database access code that allows attackers to execute unauthorized queries on the database. SQL Injection vulnerabilities are caused by concatenating data...

#29

XQuery Injection



XQuery injection vulnerabilities occur when untrusted data is concatenated into XQuery queries, which allows the attacker to execute arbitrary queries. XQuery injection vulnerabilities are similar to...

#30

XPath Injection



XPath injection is a type of vulnerability that allows attackers to execute arbitrary queries on XML databases. XPath injection vulnerabilities are similar to SQL injection vulnerabilities, but they a...

#31

File Upload



File upload vulnerabilities allow attackers to upload malicious code. (Technically, allowing users to upload anything that the application's design doesn't account for can be considered a file upload...

#32

Remote File Inclusion



Remote file inclusion (RFI) occurs when the application executes a file located on an external server, which is usually controlled by the attacker. This enables the attacker to execute arbitrary code...

#33

XSLT Injection



XSLT injection occurs when the application concatenates untrusted data into an XSL stylesheet. This allows the attacker to manipulate the document that is produced when the XSL stylesheet is rendered...

#34

SSI Injection



Server-side Include Injection (SSI) vulnerabilities occur when the application allows creation of files that contain Server-side Include directives. If an attacker is able to create files that contain...

#35

Mail Command Injection



Mail command injection vulnerabilities occur when an application implements its own email client code and concatenates user data with email commands. There should be no reason to implement email clien...

#36

Command Injection



Applications often execute external commands as a part of their functionality. If the attacker is able to manipulate the choice of external commands or their parameters, the attacker will be able to a...

#37

XML Injection



XML injection occurs when an attacker is able to supply data to the application that is interpreted as a part of an XML document in a manner that violates the intended use of XML by the application. X...

#38

Using Components with Known Vulnerabilities



“Using components with known vulnerabilities” refers to an application that uses third-party code that contains known vulnerabilities. The result is that the vulnerabilities in the third-party code be...

#39

Information Leak Through Cookies



Cookies are used by web applications to store data in the browser. Cookies might be marked as persistent and stored for an extended period of time. An attacker might gain access to the drive that stor...

#40

Insufficiently Protected Credentials



An insufficiently protected credential weakness occurs when the application doesn't store or transmit the authentication credentials securely. If the passwords are not hashed and salted, an attacker m...

#41

Use of Hard-coded Cryptographic Key



Applications that use cryptography need a method for managing keys. One of the simplest ways to store the keys is to hard-code them into the application. However, this approach is not secure, because...

#42

Weak Cryptographic Hash



A weak cryptographic hash vulnerability occurs when the application uses a hashing algorithm that is considered to be less resistant to attack than the currently recommended algorithms, and/or the cho...

#43

Weak Encryption



Weak encryption vulnerabilities occur when weak encryption algorithms are used or encryption is not used properly. For encryption to work properly, strong and up-to-date cryptographic algorithms must...

#44

Insecure Transport



TLS should be used to protect any sensitive data in transit. Some applications don't use TLS even during authentication or when transmitting sensitive data, and an attacker might be able to intercept...

#45

Information Leakage



Information leakage is a blanket term for vulnerabilities that disclose either something about the system or some of the application data to unauthorized users. Information leak vulnerabilities result...

#46

System Information Leak



A system information leak occurs when either the application or the application server discloses information about the web application platform that might be useful to the attacker. Some examples of i...

#47

Information Exposure Through an Error Message



Information exposure through an error message occurs when an error message discloses sensitive information that might help an attacker. Typical examples include disclosing whether a username is valid...

#48

Cross-Site Request Forgery



A cross site request forgery (CSRF) attack occurs when an attacker tricks a victim into loading a page that contains a malicious request. This request might be able to change the state of the web appl...

#49

Insecure Direct Object References



Insecure direct object reference vulnerabilities occur when an application exposes the system names of system resources that it uses and allows an attacker to manipulate these names. If an attacker ca...