Category: OWASP

Cross-Site Request Forgery Vulnerabilities OWASP

CSRF

Cross-Site Request Forgery Vulnerabilities OWASP Cross-Site Request Forgery(CSRF) is one of the top 10 security vulnerabilities with high risk. It allows a hacker to perform an action on the vulnerable site on behalf of the victim(user). If the site does not validate the original request properly then the attack is possible.   Attacker forges the […]

Sensitive Parameters are Susceptible to Brute force Attacks OWASP

Sensitive Parameters are Susceptible to Brute force Attacks OWASP Sensitive parameters such as username, password, server IP, etc.. will be guessed by the attacker by trying a large combination of attempts. Those parameters are susceptible to Brute Force Attack, it is a one of OWASP vulnerability with medium risk. We should avoid the attacker guessing […]

Apache Tomcat Server Information Disclosure by Verbose OWASP

Tomcat Information Discloser in Error Page

Apache Tomcat Server Information Disclosure by Verbose – OWASP By default, Apache Tomcat server information exposed and leads security issues. It’s one of the OWASP vulnerabilities with low risk. Apache Tomcat server information disclosed in two places such as response header and error screen in the lower version. In the higher version of the tomcat […]

Unauthorized File Upload Vulnerabilities OWASP

Unauthorized File Upload Vulnerabilities OWASP The application should allow the only specific types of files according to the requirement. And we should not allow unauthorized files into the application. It is possible for an attacker to bypass the current restrictions in place and upload an executable application or script. Bypassing the executable file, attackers can […]

Cookie Not Marked as HttpOnly

HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks. Solution <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is […]

Cross‐site Request Forgery

NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist I am a self-learner and passionate […]

How to disable dangerous http methods in apache tomcat server

How to disable dangerous http methods in apache tomcat server Some of the http methods are dangerous and using these http methods may easily hack the application like executing the remote script execution, sql injection, click jacking etc… So dangerous http methods need to be restricted. We need to disable dangerous http method in both […]

How to Disable Apache Tomcat Server version

Tomcat Information Disclosure on Error Page

How to Disable Apache Tomcat Server version By default, Apache Tomcat server version exposed and leads security issues. There are three approaches to hide the Apache Tomcat server version. In which easy-st way is adding one of the attributes in server.xml In this article, we are working on Apache Tomcat 6.0.0. Tomcat Information in Response […]