Detecting LDAP Injection If you are not already familiar with the concept of LDAP Injection, we suggest that you review the article entitled “What Is LDAP Injection ?“. You should consider testing for LDAP Injection anytime that user supplied input is […]
Testing For Insecure Cryptographic Storage If you are not already familiar with the concept of Insecure Cryptographic Storage, please see the article entitled “What Is Insecure Cryptographic Storage“. Note that you do not really “test” for this vulnerability, as it […]
If you are not already familiar with the concept of Account Enumeration, please see the article entitled “What Is Account Enumeration ?“. Testing For Account Enumeration Testing for account Enumeration is trivial in a white-box testing scenario. Simply observe the responses […]
If you are not already familiar with the concept of Weak Authentication vulnerabilities, please see the article entitled “What Is Weak Authentication ?“. Recognizing Weak Authentication The overall strength of an application’s authentication mechanism should be proportional to the value of the assets […]
If you are not already familiar with Session Management vulnerabilities, please see the article entitled “What is a Session Management Vulnerability ?“. The Session Identifier Is Secret First and foremost, applications seeking to establish and maintain sessions with users must […]
