The purpose of a command injection attack is to execute arbitrary commands on the host operating system using a susceptible application. When an application sends dangerous user-supplied data (forms, cookies, HTTP headers, etc.) to a system shell, command injection attacks are conceivable. The attacker-supplied operating system commands are normally performed with the susceptible application’s privileges …
Sensitive Data Exposure, also known as Disclosure of Secret, is a severe security vulnerability that can lead to unauthorized access to confidential or private information. This article explores the risks associated with Sensitive Data Exposure, provides real-world examples, and offers solutions with code samples in various programming languages to help you secure your applications. When …
What is Disclosure of Secret (Sensitive Data Exposure) vulnerability? Read More »
Broken Authentication and Session Management Vulnerabilities is an OWASP vulnerability that identifies the danger of credentials owing to inadequate implementation of identity and access constraints. An attack on faulty authentication is often launched by using improperly maintained credentials and login sessions to impersonate authenticated users. This is frequently associated with the following scenario: A session …
An XML External Entity attack is a form of attack on a program that parses XML data. This attack happens when an XML parser with a poorly configured XML parser processes XML input containing a reference to an external object. This attack may result in the disclosure of sensitive data, denial of service, server-side request …
What is XML External Entity (XXE) vulnerability? Read More »
The Remote Code Execution vulnerability is a well-known vulnerability in online applications. In this sort of vulnerability, an attacker can execute code of their choice with system-level privileges on a server that has the relevant hole. Once sufficiently infiltrated, the attacker may be able to access any and all information on a server, even databases …
File Inclusion vulnerabilities are a prevalent type of security issue in web applications. They occur when an application allows user-controlled input to be used in a way that can lead to the inclusion of arbitrary files, both locally and remotely. These vulnerabilities can be exploited to disclose sensitive information, execute arbitrary code, or even gain …
Application misconfiguration attacks make use of configuration flaws in online applications.Misconfiguration of security settings can occur at any level of an application stack, including the platform, web server, application server, database, and framework. Test Objectives Many apps include useless and dangerous functionality, such as debug and QA tools, that are activated by default. These characteristics …
What is Using Default Credentials Vulnerability? Read More »
