Qusai Al Haddad: Web Application Vulnerability

Monday, May 19, 2014

Web Application Vulnerability

1. Injection attacks :

SQL Injection
Blind SQL Injection
Union Based Sql Injection in mysql
Double query sql injection in mysql
Update XML and Xpath sql injection
Mysql and postgres sql injection syntax
Browser based Sqli
HTML Injection
Frame Source Injection
Command Injection
Javascript Injection
HTTP Parameter Pollution
Cascading Style Injection
Cookie Injection
Buffer Overflow
XML External Entity Injection

2. XSS Flaw and Vulnerability :

Reflect XSS
Stored XSS
DOM based XSS
XSS via HTTP headers
XSS via Cookie Injection
XSS via "INPUT" Get/Post
XSS against JSON
XSS via XML Injection

3. Broken Authentication and Session Management :

Cookie
Login

4. Insecure Direct Object references :

Cookie
Text File
Source Editor
Credits
Arbitrary File Inclusion

5. Cross Site Request Forgery [CSRF]

6. Security Misconfiguration :

Direct Browsing
Method Tempering "INPUT" Get/Post

7. Insecure Cryptographic Storage :

HTML 5 Storage
User Info

8. Failure of Restrict URL Access :

Source viewer
Robots.txt viewer
Arbitrary File Inclusion
"Secret" Administrative Pages

9. Insufficient Transport Layer Protection :

SSL Misconfiguration

10. Unvalidated Redirects and Forwards :

Setup reset DB

11. Others vulnerabilities and attacks :

Malicious file Execution
Information leakage and Improper Error handling
XML Entity Injection
Local file Inclusion
Remote File Inclusion
DDOS (Denial of Service)
Data Capture.
Web Application Firewall bypass techniques Weak Passwords
Log Poisoning
Command Execution Flaws
Full path Disclosure attacks
Unencrypted authentication files
Session Hijackings
Web based backdoors (webshells)
Malicious File uploads
Shell upload on phpmyadmin
Uploading backdoors on common applications (Joomla and Wordpress)
PHP Wrapper Injections
Web Application Firewall Bypassing

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)