website - Eduguru

Tutorial Web Hosting Website

Extracting Useful Data

May 6, 2020 Krishna An MS-SQL Hack, An Oracle Hack, ETHICAL HACKING, Extracting Useful Data, HACKING, Injecting Code, security, wab-hack, web, web-app, web-app-hack, web-site, web-site-hack, website

In order to extract useful data from the database, you normally need to know the names of the tables and

Tutorial Web Hosting Website

Disclosure of Tokens in Logs

May 5, 2020 Krishna Attacking Session Management, Disclosure of Tokens in Logs, ETHICAL HACKING, HACKING, web, web application, web hacking, web-hack, website

Aside from the clear-text transmission of session tokens in network communications, the most common place where tokens are simply disclosed

Tutorial Web Hosting Website

Weaknesses in Session Token Handling

May 5, 2020 Krishna Attacking Session Management, Disclosure of Tokens on the Network, ETHICAL HACKING, http, Weaknesses in Session Token Handling, web-hack, website, website hacking

No matter how effective an application is at ensuring that the session tokens it generates do not contain any meaningful

Tutorial Web Hosting Website

Predictable Tokens

May 4, 2020May 5, 2020 Krishna Attacking Session Management, Concealed Sequences, Full-Blown Tests for Randomness, Predictable Tokens, Time Dependency, Weak Random Number Generation, website, website hacking

Some session tokens do not contain any meaningful data associating them with a particular user but are nevertheless guessable because

Tutorial Web Hosting Website

Weaknesses in Session Token Generation

May 4, 2020 Krishna account username, Attacking Session Management, ETHICAL HACKING, HACKING, http, Meaningful Tokens, Weaknesses in Session Token Generation, web hacking, website

Session management mechanisms are often vulnerable to attack because tokens are generated in an unsafe manner that enables an attacker

Tutorial Web Hosting Website

Attacking Session Management

May 4, 2020 Krishna Alternatives to Sessions, Attacking Session Management, HACKING, HTTP Authentication, Sessionless state mechanisms, The Need for State, web hacking, web-site hacking, website

The session management mechanism is a fundamental security component in the majority of web applications. It is what enables the

Tutorial Web Hosting Website

Defects in Multistage Login Mechanisms

April 30, 2020April 30, 2020 Krishna attacker, Attacking Authentication, Defects in Multistage Login Mechanisms, Fail-Open Login Mechanisms, HACKING, Insecure Storage of Credentials, PASSWORD, security vulnerabilities, web hacking, website

Some applications use elaborate login mechanisms involving multiple stages. For example: ■ Entry of a username and password. ■ A

Tutorial Web Hosting Website

Implementation Flaws in Authentication

April 30, 2020 Krishna Attacking Authentication, Authentication, Fail-Open Login Mechanisms, HACKING, Implementation Flaws in Authentication, security, web application, web hacking, website

Even a well-designed authentication mechanism may be highly insecure due to mistakes made in its implementation. These mistakes may lead

Tutorial Web Hosting Website

Non-Unique Usernames

April 30, 2020April 30, 2020 Krishna Incomplete Validation of Credentials, Insecure Distribution of Credentials, Non-Unique Usernames, Predictable Initial Passwords, Predictable Usernames, web hacking, Web hosting, website

Some applications that support self-registration allow users to specify their own username, and do not enforce a requirement that usernames

Tutorial Web Hosting Website

User Impersonation Functionality

April 30, 2020April 30, 2020 Krishna HACKING, Incomplete Validation of Credentials, PASSWORD, password validation, User Impersonation Functionality, web hacking, website

Some applications implement the facility for a privileged user of the application to impersonate other users, in order to access

← Previous