Welcome to Scribd!

Vulnerability

Uploaded by

0% found this document useful (0 votes)

10 views1 page

The document discusses several security vulnerabilities found in a modern web application including: access control flaws, cross-site scripting via user-controllable elements, plain text credential transmission allowing session hijacking, information disclosure via server version leaks and application errors, lack of anti-CSRF tokens and HTTP-only cookies, and improper input validation. Private IP addresses and email addresses were also disclosed.

Original Description:

Copyright

Available Formats

TXT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Report this Document

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

0% found this document useful (0 votes)

10 views1 page

Vulnerability

Uploaded by

jagdish

Copyright:

Available Formats

Download as TXT, PDF, TXT or read online from Scribd

Flag for inappropriate content

Jump to Page

You are on page 1of 1

Search inside document

.

Access control flaw

.script alert xss payload
credential sent in plain text
session hijacking
server leakes version information
user agent fuzzer login page
user controllable HTML element attribute
x- content type option header missing patrient
absence of anti csrf token
Application error disclosure
concurrent login
content security policy header
cookei no http only flag
Improper validation
information disclosure-suspicious comment
modern web application
private IP disclosure

cleartext submission of password

password field with autocomplete enabled
Email addresses disclosed

COMPTIA Security+ Cheat Sheet
Document2 pages
COMPTIA Security+ Cheat Sheet
arekbee
100% (3)
Report For Foophones: by Utkarsh Munra
Document37 pages
Report For Foophones: by Utkarsh Munra
suraj fb
No ratings yet
Mastering Modern Web Penetration Testing
From Everand
Mastering Modern Web Penetration Testing
Prakhar Prasad
No ratings yet
Web Attack
Document5 pages
Web Attack
Dron patel
No ratings yet
ZAP Scanning: Project 2
Document24 pages
ZAP Scanning: Project 2
Sabyasachi dutta
No ratings yet
Cross Site Scripting (XSS)
Document18 pages
Cross Site Scripting (XSS)
Danilo Rangel Arruda Leite
No ratings yet
Cross Site Scripting (XSS)
Document18 pages
Cross Site Scripting (XSS)
Shiva Raju
No ratings yet
Web Application Assesment Checklist
Document1 page
Web Application Assesment Checklist
Jesus Arturo Espinoza
No ratings yet
Cross-Site Request Forgery: Collin Jackson
Document31 pages
Cross-Site Request Forgery: Collin Jackson
Ade Haryanto Sagala
No ratings yet
Line Notify Api - Ja
Document6 pages
Line Notify Api - Ja
Rodjanasak Sitthiporn
No ratings yet
Parameter Tampering: Troy Hunt @troyhunt
Document10 pages
Parameter Tampering: Troy Hunt @troyhunt
nicolas ortiz
No ratings yet
Secure Coding Standard TEMP
Document5 pages
Secure Coding Standard TEMP
Akash Kayyath
No ratings yet
Modulo 6 - Clase 4
Document29 pages
Modulo 6 - Clase 4
Armando Cajahuaringa
No ratings yet
Pentest Book: Pentesting Web Checklist Recon Phase
Document9 pages
Pentest Book: Pentesting Web Checklist Recon Phase
joya
No ratings yet
HCSCP1203 Web Security Protection
Document77 pages
HCSCP1203 Web Security Protection
3tvuz
No ratings yet
Lecture 1: Introduction To Internet Programming: SOK Sokharith Royal University of Phnom Penh 015 909 969
Document16 pages
Lecture 1: Introduction To Internet Programming: SOK Sokharith Royal University of Phnom Penh 015 909 969
taingren
No ratings yet
API Security
Document51 pages
API Security
ambogahawatta2002
No ratings yet
Undoing Work Ethics Course-310-330
Document21 pages
Undoing Work Ethics Course-310-330
prospectingrights
No ratings yet
Phishing and Malicious Javascript: John Mitchell
Document40 pages
Phishing and Malicious Javascript: John Mitchell
vschauhan
100% (3)
Overview of Asyncos Api For Cisco Security Management Appliances
Document8 pages
Overview of Asyncos Api For Cisco Security Management Appliances
ilija
No ratings yet
Web Pentesting Checklist
Document10 pages
Web Pentesting Checklist
mina medhat
No ratings yet
Browser Security Model: John Mitchell
Document74 pages
Browser Security Model: John Mitchell
salim ucar
No ratings yet
The Top 10 Security Weakness (Vulnerabilities) in Web Applications (OWASP Top 10)
Document33 pages
The Top 10 Security Weakness (Vulnerabilities) in Web Applications (OWASP Top 10)
Rushit D. Brahmbhatt
100% (1)
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
Document13 pages
Web Application Penetration Testing Checklist: More Than 200 Custom Test Cases Prepared By: Tushar Verma Recon Phase
Hafa kali
No ratings yet
HTML5 Security Cheat Sheet
Document7 pages
HTML5 Security Cheat Sheet
NikolaMilosevic
No ratings yet
Session Management Cheat Sheet
Document2 pages
Session Management Cheat Sheet
Roman Potapov
No ratings yet
10a - Web Security
Document14 pages
10a - Web Security
Alif Faisal
No ratings yet
Web App Pentesting Checklist
Document3 pages
Web App Pentesting Checklist
clcik
No ratings yet
Phish Tester: Automatic Testing of Phishing Attacks Abstract
Document5 pages
Phish Tester: Automatic Testing of Phishing Attacks Abstract
Manoj Kumar Mohan
No ratings yet
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
Document13 pages
Web Application Penetration Testing Checklist: More Than 200 Custom Testcases Prepared By: Tushar Verma Recon Phase
holog
No ratings yet
Phase2 Security Report
Document64 pages
Phase2 Security Report
Anonymous r3xb805E
No ratings yet
HTTP Respnse Spliting
Document5 pages
HTTP Respnse Spliting
DARKNEIT 7
No ratings yet
XSS
Document4 pages
XSS
anil
No ratings yet
Line Notify Api
Document6 pages
Line Notify Api
Rodjanasak Sitthiporn
No ratings yet
Grice Presentation
Document6 pages
Grice Presentation
anil
100% (1)
An toàn hệ thống web
Document74 pages
An toàn hệ thống web
nhi
No ratings yet
V 4 Apidocs
Document101 pages
V 4 Apidocs
goce
No ratings yet
Cargill Web Application Scanning Report
Document27 pages
Cargill Web Application Scanning Report
Hari King
No ratings yet
Oauth2 Auth Flows
Document11 pages
Oauth2 Auth Flows
Công Quạ
No ratings yet
Saleh Abd Alrahman Bit Ze3
Document6 pages
Saleh Abd Alrahman Bit Ze3
abd alrahman saleh
No ratings yet
Browser Security Model: John Mitchell
Document74 pages
Browser Security Model: John Mitchell
nhi
No ratings yet
A Review Paper On Cryptographic Hash Function
Document11 pages
A Review Paper On Cryptographic Hash Function
hamid khan
No ratings yet
Web Application Security
Document65 pages
Web Application Security
jghc
No ratings yet
Wapiti Vulnerability Report: Target: Http://123.231.148.147:8081/webservice
Document7 pages
Wapiti Vulnerability Report: Target: Http://123.231.148.147:8081/webservice
Plokodot Plokodot
No ratings yet
Session - 2019-22 Branch-Cs&It Semester - V Name - Amit Kumar Verma ROLL NO. - R19CA1CA0004 Course Code - 3ibca 501
Document18 pages
Session - 2019-22 Branch-Cs&It Semester - V Name - Amit Kumar Verma ROLL NO. - R19CA1CA0004 Course Code - 3ibca 501
Amit Verma
No ratings yet
Assignment Full Stack
Document2 pages
Assignment Full Stack
noorullahmd461
No ratings yet
VAPT Training
Document4 pages
VAPT Training
katruvale737
No ratings yet
Devops Technical Test
Document6 pages
Devops Technical Test
Richard Phillips
No ratings yet
Browser Security Model: John Mitchell
Document72 pages
Browser Security Model: John Mitchell
Caessar Logic
No ratings yet
Interview Preparation Part-2
Document23 pages
Interview Preparation Part-2
Abdul Mateen Ukkund
100% (1)
Script FPR Anything To Be Good
Document10 pages
Script FPR Anything To Be Good
Alexandra-Diana Cretu
No ratings yet
Authentication Methods To Achieve Security. They Are
Document18 pages
Authentication Methods To Achieve Security. They Are
Fenil Desai
No ratings yet
RESTful Authentication With Flask
Document18 pages
RESTful Authentication With Flask
Radhakrishnan Rk
No ratings yet
Jenko Hwong - New Phishing Attacks Exploiting OAuth Authentication Flows
Document42 pages
Jenko Hwong - New Phishing Attacks Exploiting OAuth Authentication Flows
Pac
No ratings yet
Authorization IdentityServer4v2
Document21 pages
Authorization IdentityServer4v2
nambir
No ratings yet
New Security APIs in WebSphere Portal
Document14 pages
New Security APIs in WebSphere Portal
Jun Liu
100% (1)
Advanced XSS
Document8 pages
Advanced XSS
William Caceres
No ratings yet
Module Scripts: Javascript Where The Browser Would Have To Load and Evaluate
Document4 pages
Module Scripts: Javascript Where The Browser Would Have To Load and Evaluate
test
No ratings yet
Week7 Lecture1 Chapter 2
Document32 pages
Week7 Lecture1 Chapter 2
smarham334
No ratings yet
Web Penetration Testing with Kali Linux - Second Edition
From Everand
Web Penetration Testing with Kali Linux - Second Edition
Ansari Juned Ahmed
No ratings yet