web hacking - Eduguru - Page 2

Tutorial Web Hosting Website

Implementation Flaws in Authentication

April 30, 2020 Krishna Attacking Authentication, Authentication, Fail-Open Login Mechanisms, HACKING, Implementation Flaws in Authentication, security, web application, web hacking, website

Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead

Tutorial Web Hosting Website

Non-Unique Usernames

April 30, 2020April 30, 2020 Krishna Incomplete Validation of Credentials, Insecure Distribution of Credentials, Non-Unique Usernames, Predictable Initial Passwords, Predictable Usernames, web hacking, Web hosting, website

Some applications that support self-registration allow users to specify their own username, and do not enforce a requirement that usernames

Tutorial Web Hosting Website

User Impersonation Functionality

April 30, 2020April 30, 2020 Krishna HACKING, Incomplete Validation of Credentials, PASSWORD, password validation, User Impersonation Functionality, web hacking, website

Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access

Tutorial Web Hosting Website

Remember Me” Functionality

April 30, 2020April 30, 2020 Krishna application users, Authentication, PASSWORD, Remember Me” Functionality, vulnerable, web hacking, web-attack, website

Applications often implement “remember me” functions as a convenience to users, to prevent them needing to reenter their username and

Tutorial Web Hosting Website

Forgotten Password Functionality

April 30, 2020 Krishna account recovery function, Attacking Authentication, forgotten password, Forgotten Password Functionality, HACKING, mechanisms, PASSWORD, URL, web hacking

Like password change functionality, mechanisms for recovering from a forgotten password situation often introduce problems that may have been avoided

Tutorial Web Hosting Website

Password Change Functionality

April 30, 2020 Krishna Attacking Authentication, Authentication, enforced password, existing password, guessing attack, Password Change Functionality, web hacking

Surprisingly, many web applications do not provide any way for users to change their password. However, this functionality is necessary

Tutorial Web Hosting Website

Vulnerable Transmission of Credentials

April 30, 2020 Krishna Attacking Authentication, http, HTTP/S, Internet backbone, IT department, URL, Vulnerable Transmission of Credentials, web hacking

If an application uses an unencrypted HTTP connection to transmit login credentials, an eavesdropper who is suitably positioned on the

Tutorial Web Hosting Website

ActiveX Controls

April 23, 2020April 23, 2020 Krishna ActiveX controls, Bypassing Client-Side Controls, Decompiling Managed Code, Fixing Inputs Processed by Controls, html, Java, Java applets, Manipulating Exported Functions, Reverse Engineering, Shockwave Flash Objects, web hacking, website hacking

ActiveX controls are a much more heavyweight technology than Java applets. They are effectively native Win32 executables that, once accepted

Tutorial Web Hosting Website

Capturing User Data: Thick-Client Components

April 23, 2020 Krishna Bypassing Client-Side Controls, Capturing User Data: Thick-Client Components, Coping with Bytecode Obfuscation, Decompiling Java Bytecode, HTML forms, HTML source, Java, Java applets, JavaScript, web hacking, website hacking

Besides HTML forms, the other main method for capturing, validating, and submitting user data is to use a thick-client component.

Next →