Chris Young - Infosec Consultant & Pentester (Page 4)

Web Application Vulnerabilities 101 - Directory Traversal

Apr 16, 2018 OWASP web app testing

Web Application Vulnerabilities 101 - Directory Traversal

Directory traversal aims to access files and directories that are stored outside the web root folder. By manipulating variables that reference files with “dot-dot-slash (../)” sequences

DVWA - File Inclusion

Apr 16, 2018 File Inclusion OWASP web app testing

DVWA - File Inclusion

LFI & RFI are commonly found in poorly written PHP code, allows an attacker to include a local or remote PHP file into the webservers running

CSRF - Cross Site Request Forgery

Apr 16, 2018 OWASP web app testing CSRF

CSRF - Cross Site Request Forgery

CSRF refers to an attack against authenticated web applications using Cookies wherein an attacker is able to trick a victim into making a request that

XSS - Cross Site Scripting

Apr 13, 2018 OWASP web app testing XSS

XSS - Cross Site Scripting

XSS in an input validation weakness which allows an attacker to inject a payload into a response from the application. When the payload can included

XXE - XML External Entity

Apr 13, 2018 OWASP web app testing XXE

XXE - XML External Entity

The XML External Entity (XXE) attack is a type of attack against an application that parses XML input. An XXE attack typically occurs when XML