Results 1 to 6 of 6

Thread: Some vulnerabilities in Web applications

  1. #1
    Join Date
    Jan 2011
    Posts
    7

    Some vulnerabilities in Web applications

    I know that almost every web application has vulnerabilities and is vulnerable. The Open Web Application Security Project has analyzed some most common errors in web applications, the dangers of the bugs. Let me tell you frankly that I have been given an assignment on this topic, so I want to know about this topic. So please provide some notes about vulnerabilities in Web applications. Web sites are now mutated to complex dynamic application, which uses a variety of technologies. So they also offer a wide attack surface. I am hoping that somebody from your side would lend me helping hand.

  2. #2
    Join Date
    Mar 2008
    Posts
    672

    Re: Some vulnerabilities in Web applications

    Cross Site Scripting (XSS) is by far the most common weak point - it affects almost every Web application. XSS vulnerabilities occur when an application submitted by a user returns to the browser, without examining whether the signs must be displayed coded. This allows an attacker, such as Javascript code in the browser of a victim to carry into effect. This malicious code can be in your browser to access all information from the affected site. These include session information stored in cookies, but also in fields entered information such as passwords. By JavaScript can also be components of a web page identical to modify or replicate. In the case of a login screen the entered login information will be forwarded first to an attacker, and only then is the actual login process. The XSS vulnerability is often used as a tool for enticing as "phishing" has become known attack in which web users to divulge sensitive information.

  3. #3
    Join Date
    Feb 2009
    Posts
    90

    Re: Some vulnerabilities in Web applications

    Injection errors are very common in Web applications. They arise when the web application using unaudited data submitted to them as program code. Injection vulnerabilities are there in various forms - such as Web scripts Injection, OS command injection or SQL injection. The latter occurs most frequently: It sent an attacker within a parameter (such as a form field) valid SQL code to the web application that is running it then. This enables it to access data in the database to make this show, manipulate or even delete. Many databases also allow the execution of system commands, which increases the risk of a hostile takeover of the database system. Often left out of eight, that database server inside of an IT landscape are in. An injection vulnerability allows an attacker thus to attack an internal system - past the many security measures.

  4. #4
    Join Date
    Oct 2008
    Posts
    132

    Re: Some vulnerabilities in Web applications

    For web applications, there is the possibility of malicious files to the web server to load and carry into effect. Often files are accepted and easily on the web server stored without advance to check the validity. Possible, corresponding attacks often upload functions within the web application. In the absence of an adequate examination of the uploaded files, an attacker place malicious code on the server application. Malicious code is here embedded in the file and by a subsequent call made to execute.

  5. #5
    Join Date
    Mar 2008
    Posts
    335

    Re: Some vulnerabilities in Web applications

    The impact of such an attack are different and depend strongly on the configuration of the Web server: There is a risk of a server takeover, an attack on the users of the web application is possible. In the development of Web applications are often used object references to refer to a specific internal implementation object. These can be files, directories, database records or digital key. In an Insecure Direct Object Reference-gap is the object reference to manipulate these objects. An attacker can gain unauthorized by skillfully manipulating files and access content. Especially when applications are working with sensitive data, such attacks are dangerous. Specifically, attackers often use compromised IDs or paths to read about other records from the database or unauthorized files on the web server access.

  6. #6
    Join Date
    Feb 2006
    Posts
    331

    Re: Some vulnerabilities in Web applications

    In Cross Site Request Forgery attack variant of legally registered user as "pawns" in that - without his knowledge - from its authenticated web application session an inquiry is conducted. This is possible, for example, if the pending case of a Web application user logs off and not leaving them in the further reaches of the attacker's surfing to a prepared site. The malicious code placed there occur over the meeting of the authorized user from an attack by setting such as the victim's name but without his knowledge, a function (such as a bank transfer) in motion. Such attacks, detect or prove extremely difficult. CSFR is a variant of attacks on web applications that most rapidly gaining ground.

Similar Threads

  1. What are vulnerabilities in HTML5 or is completely secure
    By Macon in forum Software Development
    Replies: 9
    Last Post: 17-10-2012, 11:52 AM
  2. Web server Vulnerabilities Patches
    By hRYHORIY in forum Windows Software
    Replies: 5
    Last Post: 20-06-2011, 10:17 PM
  3. Need to know about the vulnerabilities of asp website
    By KennedII in forum Technology & Internet
    Replies: 5
    Last Post: 14-03-2010, 12:09 AM
  4. What are the vulnerabilities on Linux server?
    By Sammiel in forum Operating Systems
    Replies: 5
    Last Post: 23-02-2010, 01:35 AM
  5. Multiple Vulnerabilities in Opera
    By Big Fish in forum Networking & Security
    Replies: 1
    Last Post: 02-09-2008, 01:35 PM

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Page generated in 1,711,626,820.81575 seconds with 17 queries