An SQL injection allows an attacker to run arbitrary SQL code in the database which may allow him to retrieve, change or delete data from the database.
Cross-site scripting is the injection of client-side scripts into web applications, which is enabled by a lack of validating and correctly encoding user input. Learn here, how you can efficiently fix XSS vulnerabilities.
Cross-Site Request Forgery (CSRF) allows an attacker to carry out actions in a different security context such as another, logged in user. Read here, how you can efficiently fix a CSRF vulnerability.
Insecure Deserialization is an attack where a manipulated object is injected into the context of the web application.
Fuzzing is a technique where invalid, random or unexpected data is used to produce either unexpected states or gain access to hidden features.
Many older or poorly configured XML processors evaluate external entity references within XML documents. External entities can be used to disclose internal files using the file URI handler, internal file shares, internal port scanning, remote code execution, and denial of service attacks.
Obtaining information about the used webserver is a crucial task for any attacker. There may be vulnerabilities in a certain web server version that allow an attacker easy access to the server. Learn how you can prevent them!
Obtaining information about the used web application frameworks is a crucial task for any attacker. There may be vulnerabilities in certain frameworks that give an attacker the needed attack vector.
Your versioning system is the memory of your DevOps process. Read here how you can easily integrate the Crashtest Security Suite Scans.
Your ticketing system is where you store your upcoming tasks and rank your To-Dos according to importance. We strongly believe that severe security vulnerabilities should be on the top of your list. Therefore, we explain in this article how you can use our tool to create automatic tickets if vulnerabilities should be detected.
Copyright © Crashtest Security GmbH 2021. All rights reserved.