To prevent XXS attacks, the vulnerable web applications should be altered so customers cannot insert scripting languages into them.
SQL Injection Flaws: SQL or Structured Query Language is a language used for database management. The language is used for creating, updating, and querying database management systems. For a hacker to exploit an SLQ injection, they must find a parameter that the web application uses to pass through to the database. This allows the hacker to acquire, corrupt, or ruin database contents.
Information Leakage and Improper Error Handling :Information Leakage and Improper Error Handling occurs when a web application does not limit the information it returns to users. Through various problems, applications can accidentally leak data about their internal workings, configurations, or violate their own privacy, or the personally identifiable information of their visitors or customers.
Broken Authentication and Session Management: When developers do not incorporate adequate authentication methods into the web application they are creating, they may be allowing a session management vulnerability into the application. Many times, the developer does not realize they are creating the vulnerability because they are relying on methods that they've created that have not been tested properly or are otherwise flawed.
Failure to Restrict URL Access: When access to a URL hasn't been properly restricted, users without authorization can be exposed to privileged web content and sensitive information. If the user accesses the information, it will break the chain of custody and prevent accurate auditing.
Improper Validation of Data:
Cross-Site Request Forgery (CSRF): In this attack, a link is sent via chat or email to an end user. Once the link is clicked on, the attacker can exploit the trust a browser has for a particular site. The attacker can then gain access to a trusted website that contains the user's sensitive information.
Insecure Direct Object Reference: IDOR is an extremely broad category of vulnerabilities. They happen when a developer or web application exposes an internal implementation object such as a directory, file, database records, form parameter, URL or key. An attacker can manipulate the internal implementation object to access unauthorized objects or controls. Unless an access control check is utilized, the attacker may gain access to functionality for which the developer didn't wish to provide access.
Example: Open Redirect. This is when a web application has a parameter that is not implemented correctly. By using a white list, the attacker can create a phishing attack and lure potential victims to an alternate website by redirecting the user.
Insecure Cryptographic Storage: Cryptographic functions are constantly used to protect information and credentials. But when the information is stored insecurely, unauthorized personnel and attackers can gain access to the sensitive data. Insecure Cryptographic Storage usually happens when the developers encrypt the stored data incorrectly, use inappropriate cyphering, or when they erroneously believe that the encryption they've developed will protect the data.
Insecure communications: When communication between a client and server takes place over non-secure or non-encrypted channels, the developer is allowing the communication channel to be viewed by unauthorized people. This occurs when the developer doesn't secure their client-to-server or server-to-database connections or other connections that pass sensitive data to and within the back end. Corresponding through email is another insecure form of communication unless you have protocol (IMAP, SMTP, POP3) SSL encryption enabled. You will have to find out if your Internet Service Provider (ISP) supports it, but this will secure the messages between your email client and your ISP.
Example:A developer creates an application that stores information from users in a database that is located on a separate network segment. If there is not an SSL securing the communication channel between the user and web server, then he has an insecure client-to-server connection. If a developer forgets or fails to encrypt the connection, the database on the separate network and his web server, he has an insecure server-to-database connection.
Malicious File Execution:
Buffer Overflows: When a buffer reaches its limit on data storage, the additional information that can't be stored in the buffer goes into adjacent buffers. This overflowing data can accidentally overwrite or corrupt valid data being stored in the buffers. If a hacker were to use a buffer overflow attack, they could fill the buffer with data containing malicious code which can corrupt any buffer it enters.
Sub domain Scanning: While scanning the main domain, the scan searches the domain's DNS server and any other DNS server provided by the user for any sub domains.
Unrestricted File Uploads: If there is a web application that doesn't restrict certain files and code from being entered into the system, attackers can upload malicious files. These malicious files can take over the system or overloaded file systems, sending the attacks to the systems back ends.
HTTP Verb Tampering: In an insecure application, an attacker can send certain HTTP verbs into web applications and gain access to admin areas.
Example: An attacker can use the HTTP HEAD method to go around authentication and authorization systems in insecure web applications.
Source Code Disclosure: Attackers can retrieve the server-side application source code by using source code disclosure attacks. If the attacker gains access to the source code, he will be able to have deeper knowledge of the Web application logic, the parameters, and how the application deals with requests.
Check for Common Files:
Check for Email Addresses:
Microsoft Office Possible Sensitive Information:
Local Path Disclosure:
Trojan Shell Scripts:
Default Account Passwords: