Couple of days back, I reported XSS and Content Spoofing on LinkedIn. Here are the details of the issues. Cross Site Scripting: What is Cross Site Scripting? XSS (Cross-site Scripting) allows an attacker to execute a dynamic script (Javascript, VbScript) in the context of the application. This allows several different attack opportunities, mostly hijacking the current session […]
SQL injection – one of the most critical vulnerabilities till now – is still included in the OWASP Top 10 list’s Injection flaws section. SQLMap is a tool that helps penetration testers prove that SQL injection is one the most critical vulnerabilities present in enterprise security. ‘SQLMap’is a simple python based tool to exploit SQL […]
Web Application security has become the biggest concern for almost all organizations who wish to bring their business to the Internet. There are various reasons behind why we are still unable to fix issues like SQL Injection, Cross-Site Scripting etc. These range from developer complacency, lack of knowledge about the security issues, lack of management […]
What is Fuzzing? Fuzz testing is a testing technique that provides malicious input to the application. Fuzz testing is crashes, assertion failures, and memory leaks when program fails to handle the malicious input. Fuzz testing identifies vulnerabilities which are severe in nature. The typical fuzzing checks the application for buffer overflow, format string vulnerability which […]
Code Analysis Tool (CAT.NET) is a binary source code analysis tool that helps in identifying common security flaws in managed code. These vulnerabilities are listed in the below table. Vulnerability Description Cross Site Scripting(XSS) XSS vulnerability allows an attacker to inject a malicious HTML Code or Scripts which gets executed in the Client’s browser. A successful XSS […]
Scope: This article demonstrates logging techniques in MySQL to uncover and analyze any mischief attempts done by (outside or inside) user focusing on specific areas in database. Getting Started: Following are the types of logs available in MySQL[1]. Log Type Information Written to Log Error log Problems encountered starting, running, or stopping mysqld General query […]
Following is the small example of creating a stored procedure. ==================================================================== CREATE PROC sp_login (@loginid nvarchar(25),@password nvarchar(25)) AS DECLARE @SQLString VARCHAR(500) DECLARE @loginid VARCHAR(64) DECLARE @password VARCHAR(64) /* Build the SQL string once.*/ SET @SQLString = ‘SELECT * from cust_users WHERE login_id = ‘+ ””+@loginid+”” + ‘AND password = ‘+ ””+@password+”” EXECUTE sp_executesql @SQLString
