web

What is XML External Entity Injection (XXE)? # This vulnerability has to do with how certain web applications process XML data.

What is Server Side Request Forgery? # SSRF is a vulnerability that allows attackers to cause the application to make requests to an unintended location from the server that the application is running on.

What Are Race Conditions? # Race conditions are relatively common and are closely related to business logic flaws.

What Are File Upload Vulnerabilities? # These vulnerabilities are often present when web applications contain file upload functionality that do not sufficiently validate things like the file’s name, type, contents, or size.

What is Access Control? # Access control is how we describe the constraints that we place on an authorized user in the context of accessing resources and performing actions.

What Are Business Logic Vulnerabilities # Business logic vulnerabilities are flaws in the design or implementation of an application that let attackers produce unintended behavior.

Information disclosures seem to be highly contextual depending on where you find them and what kinds of protections are in place.

What is OS Command Injection? # This type of command injection allows attackers to execute system commands on the server that is running the vulnerable application.

This will be one of the much shorter entries in the list of applied review sections because path traversal is pretty straight forward.

For this applied review, we are going to go through authentication, which is an important part of securing your web applications.