Injection Vulnerabilities - Forcing an application or a system to process invalid data, SQL Injection - Allow an attacker to view, insert, delete, or modify records in a database, HTML Injection - Inject arbitrary HTML code into a web application, Command Injection - Execute commands via a vulnerable application, Authentication-based Vulnerabilities - An attacker can bypass authentication in vulnerable systems, Credential Brute Force Attacks and Password Cracking - Attacker attempts to log in by trying different usernames and passwords, Insecure Direct Object Reference Vulnerabilities - Web applications allow direct access to objects based on user input, Cross-site Scripting (XSS) - Executes a script , Cross-site Request Forgery - Unauthorized commands are transmitted from a user who is trusted by the application, Cookie Manipulation Attacks - Stored DOM Vulnerability, Race Conditions - Attacker has a small window of time between when a security control takes effect and when the attack is performed, Unprotected APIs - API codes that are difficult to automate effective security controls,

Vulnerabilities Definition

by
Print
Embed

Leaderboard

Visual style

Options

Switch template

Continue editing: ?