Welcome to Scribd. Sign in or start your free trial to enjoy unlimited e-books, audiobooks & documents.Find out more
P. 1
Security Vulnerabilities in a Web Application

Security Vulnerabilities in a Web Application

Ratings: (0)|Views: 8,447|Likes:
Published by rupeshkumar_rj
This document provides an insight on the various application related security vulnerabilities which a web application may have. These vulnerabilities provide the hackers (ethical hackers) an easy way to attack the application and hinder its functionality or steal confidential information/data.
This document provides an insight on the various application related security vulnerabilities which a web application may have. These vulnerabilities provide the hackers (ethical hackers) an easy way to attack the application and hinder its functionality or steal confidential information/data.

More info:

Published by: rupeshkumar_rj on Aug 31, 2010
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as DOC, PDF, TXT or read online from Scribd
See more
See less

06/10/2013

pdf

text

original

 
Application Related SecurityVulnerabilities in a Web Application
APPLICATION RELATEDSECURITY VULNERABILITIESIN AWEB APPLICATION
- 1 -
 
Application Related SecurityVulnerabilities in a Web Application
Who should read this?
 This document provides an insight on the various application related security vulnerabilities whicha web application may have. These vulnerabilities provide the hackers (ethical hackers) an easyway to attack the application and hinder its functionality or steal confidential information/data. The vulnerabilities covered in this document are the ones which were identified by the application-
®
Rational AppScan
, when run on an IIS-based application.
®
Rational AppScan,
is a tool which is used to identify the vulnerable areas in a web application. Itprovides us a handful of information about the vulnerability and various ways to fix it. This document is partially based on the reports that were received from the
®
Rational AppScan.
Document Revision History
DateVersionAuthorRemarks
19-Jul-20101.0Rupesh Kumar R JainFinalized the document to upload.21-Jul-20102.0Rupesh Kumar R JainAdded two more vulnerabilities in thelist.Added the document history section.- 2 -
 
Application Related SecurityVulnerabilities in a Web Application
TABLE OF CONTENTS
Cross-Site Scripting..................................................................................................................................................................7
Security Risks........................................................................................................................................................................7Possible Causes.....................................................................................................................................................................7Technical Description............................................................................................................................................................7General Fix Recommendations...........................................................................................................................................11References and Relevant Links...........................................................................................................................................11
Stored Cross-Site Scripting...................................................................................................................................................12
Security Risks......................................................................................................................................................................12Possible Causes...................................................................................................................................................................12Technical Description..........................................................................................................................................................12General Fix Recommendations...........................................................................................................................................16References and Relevant Links...........................................................................................................................................16
SQL Injection..........................................................................................................................................................................17
Security Risks......................................................................................................................................................................17Possible Causes...................................................................................................................................................................17Technical Description..........................................................................................................................................................17General Fix Recommendations...........................................................................................................................................18References and Relevant Links...........................................................................................................................................19
Database Error Pattern Found.............................................................................................................................................20
Security Risks......................................................................................................................................................................20Possible Causes...................................................................................................................................................................20Technical Description..........................................................................................................................................................20General Fix Recommendations...........................................................................................................................................21References and Relevant Links...........................................................................................................................................22
SQL Query in Parameter Value............................................................................................................................................23
Security Risks......................................................................................................................................................................23Possible Causes...................................................................................................................................................................23Technical Description..........................................................................................................................................................23General Fix Recommendations...........................................................................................................................................23References and Relevant Links...........................................................................................................................................23
Cross-Site Request Forgery...................................................................................................................................................24
Security Risks......................................................................................................................................................................24Possible Causes...................................................................................................................................................................24Technical Description..........................................................................................................................................................24General Fix Recommendations...........................................................................................................................................25References and Relevant Links...........................................................................................................................................25
Link Injection (facilitates Cross-Site Request Forgery).....................................................................................................26
Security Risks......................................................................................................................................................................26Possible Causes...................................................................................................................................................................26Technical Description..........................................................................................................................................................26General Fix Recommendations...........................................................................................................................................27
- 3 -

Activity (23)

You've already reviewed this. Edit your review.
1 hundred reads
1 thousand reads
Mario Inf liked this
consult29 liked this
windua liked this
vijithvbc liked this
Oleg Sniv liked this
Mervyn1987 liked this
Sujatha Pawar liked this
Sujatha Pawar liked this

You're Reading a Free Preview

Download
scribd
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->