prashant singhNov 11, 20181 min readHTTP RESPONSE AND OTHER METADATADistributed Abnormally Long request HTTP flood attacker volumetric attack, allien using a botnet “Zombie army”. It is bring down the...
prashant singhSep 7, 20181 min readOvely permissive CORSOrigin header is sent by the browser in a CORS request and indicates that origin request. It may be spoofed outside the browser, so need...
prashant singhSep 4, 20181 min readQuery Parameter SSLURL contain a sensitive query parameter and stored in the browser history. Web application may be configured log the URL of all request....
prashant singhSep 1, 20181 min readInsecure HTTP Methods EnabledAttacker sends a request of type "OPTIONS" to the Web server of your application to determine what HTTP methods are supported by the...
prashant singhAug 29, 20181 min readWeb Application Source Code Disclosure Pattern FoundIt is possible to retrieve the source code from server side script and also may possible to expose the business logic or sensitive...
prashant singhAug 13, 20181 min readSALT, NONCE, RAINBOWSalt A new salt (form of encryption) is randomly generated for each password. Setting a salt and a password are concatenated and...
prashant singhAug 3, 20181 min readAuthentication and Authorization· Authentication is the process of verifying who you are. When you log on to a PC with a user name and password you are authenticating. ·...
prashant singhJul 5, 20181 min readSymmetric & Asymmetric EncryptionSymmetric Encryption Symmetric encryption is the best-known technique. Use a secret key, which can be a number, word, or string of random...
prashant singhJul 3, 20183 min readPotential File Upload or File UploadUser want facility to upload the file. An attacker take the privilege of this facility to upload the malicious file. It have potential to...
prashant singhJun 30, 20181 min readValidation RuleYou can add input validation to Web Forms pages by using validation controls. To make sure that all the required parameters exist in a...
prashant singhJun 28, 20181 min readDenial of Service (DoS) Denial of service attacks are most common to take website and servers down. It is easy to attack and hard to protect. The way to prevent...
prashant singhJun 26, 20181 min readNull byte InjectionIt is also possible to pass the null character in the URL, which creates a vulnerability known as Null Byte Injection. In the URL it is...
prashant singhJun 22, 20181 min readViewstate user key & Double submit cookieCSRF Attack protection to all pages that inherit from the site.master page. 1. All web form pages data modification use the site.master...
prashant singhJun 20, 20181 min readAnti-CSRF and AJAXThe Form token is make problem for AJAX request, Ajax is send the JASON data not a HTML form because of this form token not be validated...
prashant singhJun 16, 20181 min readAuthentication Bypass Using HTTP Verb Tampering or Body ParametersMany web server allow access control using HTTP Methods, enabling access using one or more methods. The problem is that many...
prashant singhJun 14, 20181 min readAnti Forgery Token Prevention For CSRFAnti-Forgery Token It is help to prevent the CSRF attack, ASP.NET MVC uses anti forgery token. 1. The client request HTML page contain a...
prashant singhJun 7, 20181 min readClickjacking Attack and PreventionThis type of attack requires an attacker to use javascript. Attacker insists a user perform an undesired action by clicking on a...
prashant singhMay 31, 20181 min readBlind SQL InjectionIt is nearly same as normal SQL injection but the difference is that it retrieved the data from the database. It asks a true and false...
prashant singhMay 31, 20181 min readSQL InjectionNowadays SQL injection is a common attack that use malicious SQL injection code for database manipulation to access information. OR When...
prashant singhMay 31, 20181 min readPenetration Testing & Risk Assessment Penetration is a process to inject, exploit and evaluate the vulnerability of a system. It is include scanning, auditing, risk assessment...
