web application - Eduguru

Tutorial Web Hosting Website

Preventing Path Traversal Vulnerabilities

May 11, 2020 Krishna ETHICAL HACKING, Exploiting Path Traversal, HACKING, Preventing Path Traversal Vulnerabilities, security, web, web application, web security, web-app, web-site

By far the most effective means of eliminating path traversal vulnerabilities is to avoid passing user-submitted data to any file

Tutorial Web Hosting Website

Bypassing Filters

May 6, 2020 Krishna Avoiding Blocked Characters, Bypassing Filters, Circumventing Simple Validation, cyber security, ethical hacker, Exploiting Defective Filters, hack, hacker, Manipulating Blocked Strings, Using Dynamic Execution, Using SQL Comments, web application, web-app, web-site, web-site-hack

In some situations, an application that is vulnerable to SQL injection may implement various input filters that prevent you from

Tutorial Web Hosting Website

Injecting Code

May 5, 2020 Krishna attacker, code injection, command shell, HACKING, Injecting Code, Injecting into Interpreted Languages, interpreted language, ldap, Perl, PHP, shell scripting environment, SQL, VULNERABILITIES, vulnerable script, web application, web hacking, web-app, web-site

The topic of code injection is a huge one, encompassing dozens of different languages and environments, and a wide variety

Tutorial Web Hosting Website

Disclosure of Tokens in Logs

May 5, 2020 Krishna Attacking Session Management, Disclosure of Tokens in Logs, ETHICAL HACKING, HACKING, web, web application, web hacking, web-hack, website

Aside from the clear-text transmission of session tokens in network communications, the most common place where tokens are simply disclosed

Tutorial Web Hosting Website

Implementation Flaws in Authentication

April 30, 2020 Krishna Attacking Authentication, Authentication, Fail-Open Login Mechanisms, HACKING, Implementation Flaws in Authentication, security, web application, web hacking, website

Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead

Tutorial Website

Handling User Input

April 14, 2020 Krishna “Accept Known Good”, “Reject Known Bad”, application performing input validation, Approaches to Input Handling, Boundary Validation, Core Defense Mechanisms, HTML mark-up, Safe Data Handling, Sanitization, Semantic Checks, Varieties of Input, web application

Recall the fundamental security problem described in Chapter 1: all user input is untrusted. A huge variety of different attacks

Tutorial Website

Handling User Access

April 13, 2020 Krishna Access Control, attack surface, Authentication, Core Defense Mechanisms, enforcing access control, enforcing session timeout, Handling User Access, HTTP request, security vulnerabilities, Session Management, typical login function, URL query, web application

A central security requirement that virtually any application needs to meet is to control users’ access to its data and