Information Leakage (CWE-200) is a category of software vulnerabilities in which information is unintentionally disclosed to end-users, potentially aiding attackers in their efforts to breach application security. The key criteria for Information Leakage is that the exposure is unintentional and […]
If you are not familiar with the concept of Information Leakage, we suggest that you review the article entitled “What is Information Leakage ?“. Keep Your Eyes Open During Testing In my experience, you don’t do much testing for Information […]
One of the OWASP Top 10 vulnerabilities is Weak Authentication and Session Management. This entry is not always clearly understood as it actually refers to two large categories of web-application vulnerabilities. In this article, we examine vulnerabilities related to Session […]
If you are not already familiar with the concept of Command Injection, please review the article entitled “What Is Command Injection ?“. For insights into detecting Command Injection vulnerabilities within applications, see the article entitled “How To Test For Command […]
If you are not already familiar with the concept of Command Injection, we suggest that you review the article entitled “What Is Command Injection ?“. Detecting Command Injection Since it is usually not obvious which, if any, inputs might influence […]
