A file inclusion allows the attacker to include arbitrary files into the web application, which can result in the exposure of sensitive files. This article describes, how you can efficiently prevent file inclusions.
A command injection vulnerability allows an attacker to execute arbitrary system commands, which can result in an entire takeover of the webserver. Learn here, how you can prevent command injections.
An SQL injection allows an attacker to run arbitrary SQL code in the database which may allow him to retrieve, change or delete data from the database.
Cross-site scripting is the injection of client-side scripts into web applications, which is enabled by a lack of validating and correctly encoding user input. Learn here, how you can efficiently fix XSS vulnerabilities.
Cross-Site Request Forgery (CSRF) allows an attacker to carry out actions in a different security context such as another, logged in user. Read here, how you can efficiently fix a CSRF vulnerability.
Broken Authentication and Session Management could lead to exposed user data, such as credentials or critical private data. It could also allow for privilege escalation attacks.
Insecure Deserialization is an attack where a manipulated object is injected into the context of the web application.
Fuzzing is a technique where invalid, random or unexpected data is used to produce either unexpected states or gain access to hidden features.
Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
Obtaining information about the used webserver is a crucial task for any attacker. There may be vulnerabilities in a certain web server version that allow an attacker easy access to the server. Learn how you can prevent them!