if u want daily update of hacking ..likre this page. Attacking Web Application Simplified The Web application community is served by an organization called OWASP (the Open Web Application Security Project). OWASP is a non-profit global organization that focuses on providing information to help improve Web application security. OWASP has developed an awareness document called the OWASP Top Ten. This document lists the most critical Web application security flaws. The list represents the consensus opinion of the worldwide security community. The goal of the OWASP Top Ten is to educate companies and government agencies and help them create more secure Web application environments. Top 10 Most Critical Web Application Attacks Summary of OWASP Top Ten: 1.Cross Site Scripting (XSS) Can occur when a Web application sends user data to a Web browser without first encoding or validating it. Flaws in XSS allow attackers to pass in a script as user data that is then executed in the user’s browser. Possible consequences include user session hijack, phishing, the introduction of worms and website defacement. 2.Injection Flaws Can occur when user data is sent to interpreter software as part of a query. An attacker can insert data that is interpreted as a command which may change or expose data. SQL injection is the most common type. Other injection types include PHP, HTTP, MX and Operation System (OS). 3.Malicious File Execution Can occur when application code is vulnerable to RFI (remote file inclusion). Allows attackers to execute potentially devastating attacks by including hostile data and code. Affects XML, PHP and systems that accept filenames and user files. 4.Insecure Direct Object Reference When application developers inadvertently expose references to internal objects such as directories, files and database record in URLs or forms, attackers can manipulate these references to gain access to unauthorized data. 5.Cross Site Request Forgery (CSRF) Can force an authenticated session to send requests to a Web application, effectively causing the unsuspecting user to initiate a hostile action on behalf of the attacker. A CSRF attack can tap into the full power of a targeted Web application. 6.Information Leakage and Improper Error Handling Deficiencies in application architecture can cause sensitive data and internal information to be revealed during error handling. Attackers can exploit these vulnerabilities and steal secure data or conduct even more serious attacks. 7.Broken Authentication and Session Management Unsecured login and logout processing can allow attackers to compromise authentication tokens, passwords and keys. 8.Insecure Cryptographic Storage Most Web applications don’t do enough encryption of credentials and sensitive data. Unprotected data can be stolen by attackers and used for credit card fraud, identity theft and other crimes. 9.Insecure Communications Unencrypted network traffic is another source of Web application vulnerability. Possible sources of attack include SSL certificate spoofing and interception of text HTTP requests. 10. Failure to Restrict URL Access When Web applications try to protect Web pages through restricted URLs, attackers can gain access by detecting URL links. Once restricted URL is discovered, attackers can access Web pages directly and possibly perform unauthorized operations.
Posted on: Thu, 12 Sep 2013 08:14:29 +0000