web-app-hacking

Exploiting Path Traversal

May 11, 2020May 11, 2020 Krishna Common Vulnerabilities, Exploiting Path Traversal, web-app-hacking, web-site, web-site-security, web-spp

Many kinds of functionality oblige a web application to read from or write to a file system on the basis

Tutorial Web Hosting Website

Injecting into XPath

May 7, 2020 Krishna Blind XPath Injection, Finding XPath Injection Flaws, Informed XPath Injection, Injecting Code, Injecting into XPath, Preventing XPath Injection, Subverting Application Logic, web-app, web-app-hacking, web-site, web-site hacking

The XML Path Language (or XPath) is an interpreted language used for navigating around XML documents, and for retrieving data

Tutorial Web Hosting Website

Injecting into SOAP

May 7, 2020May 7, 2020 Krishna Finding and Exploiting SOAP Injection, Injecting Code, Injecting into SOAP, Preventing Script Injection Vulnerabilities, Preventing SOAP Injection, web security, web-app, web-app-hacking, web-app-security, web-site, web-site hacking

The Simple Object Access Protocol (SOAP) is a message-based communications technology that uses the XML format to encapsulate data. It

Tutorial Web Hosting Website

File Inclusion Vulnerabilities

May 7, 2020May 7, 2020 Krishna ETHICAL HACKING, File Inclusion Vulnerabilities, Finding File Inclusion Vulnerabilities, HACKING, Local File Inclusion, Preventing Script Injection Vulnerabilities, Remote File Inclusion, web-app, web-app-hack, web-app-hacking, web-site, web-site-hack

Many scripting languages support the use of include files. This facility enables developers to place reusable code components into individual

Tutorial Web Hosting Website

A Multi-Layered Privilege Model

May 5, 2020 Krishna A Multi-Layered Privilege Model, Attacking Access Controls, Declarative control, Discretionary access control, HACKING, Programmatic control, Role-based access control, web-app, web-app-hacking, web-site, web-site hacking

Issues relating to access apply not only to the web application itself but also to the other infrastructure tiers which

Tutorial Web Hosting Website

Securing Access Controls

May 5, 2020 Krishna Access controls, application URL, Attacking Access Controls, ETHICAL HACKING, HACKING, HTTP Authentication, Securing Access Controls, Web application developers, web application security, web-app, web-app-hacking

Access controls are one of the easiest areas of web application security to understand, although a well-informed, thorough methodology must

Tutorial Web Hosting Website

Attacking Access Controls

May 5, 2020 Krishna Attacking Access Controls, web-app, web-app-hacking, web-hack, web-site

Before starting to probe the application to detect any actual access control vulnerabilities, you should take a moment to review

Tutorial Web Hosting Website

Attacking Access Controls

May 5, 2020 Krishna Attacking Access Controls, Completely Unprotected Functionality, ETHICAL HACKING, hack, Identifier-Based Functions, Insecure Access Control Methods, Multistage Functions, Static Files, web-app, web-app-hacking, web-site

Common Vulnerabilities Access controls can be divided into two broad categories: vertical and horizontal. Vertical access controls allow different types

Tutorial Web Hosting Website

Log, Monitor, and Alert

May 5, 2020May 5, 2020 Krishna 'monitor', and Alert, application’s session, Attacking Session Management, HACKING, log, Reactive Session Termination, web-app-hacking, web-site

The application’s session management functionality should be closely integrated with its mechanisms for logging, monitoring, and alerting, in order to

Tutorial Web Hosting Website

Liberal Cookie Scope

May 5, 2020May 5, 2020 Krishna Attacking Session Management, Cookie Domain Restrictions, Cookie Path Restrictions, HACKING, Liberal Cookie Scope, web-app-hacking, web-site hacking

The usual simple summary of how cookies work is that the server issues a cookie using the HTTP response header