Cross-Site Request Forgery Vulnerabilities OWASP Cross-Site Request Forgery(CSRF) is one of the top 10 security vulnerabilities with high risk. It allows a hacker to perform an action on the vulnerable site on behalf of the victim(user). If the site does not validate the original request properly then the attack is possible. Attacker forges the […]
Sensitive Parameters are Susceptible to Brute force Attacks OWASP Sensitive parameters such as username, password, server IP, etc.. will be guessed by the attacker by trying a large combination of attempts. Those parameters are susceptible to Brute Force Attack, it is a one of OWASP vulnerability with medium risk. We should avoid the attacker guessing […]
Apache Tomcat Server Information Disclosure by Verbose – OWASP By default, Apache Tomcat server information exposed and leads security issues. It’s one of the OWASP vulnerabilities with low risk. Apache Tomcat server information disclosed in two places such as response header and error screen in the lower version. In the higher version of the tomcat […]
Information Disclosure by Test, Old and Backup Files OWASP Information disclosure by test, old and backup files that are not required for the application. This is one of the security vulnerability with info risk. We need to remove the unwanted test files. old files and backup files. Backup files and test files keep outside fo […]
Unauthorized File Upload Vulnerabilities OWASP The application should allow the only specific types of files according to the requirement. And we should not allow unauthorized files into the application. It is possible for an attacker to bypass the current restrictions in place and upload an executable application or script. Bypassing the executable file, attackers can […]
HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks. Solution <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is […]
NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is my web technologies blog. My specialties are Java / J2EE, Spring, Hibernate, Struts, Webservices, PHP, Oracle, MySQL, SQLServer, Web Hosting, Website Development, and IAM(ForgeRock) Specialist I am a self-learner and passionate […]
How to disable dangerous http methods in apache tomcat server Some of the http methods are dangerous and using these http methods may easily hack the application like executing the remote script execution, sql injection, click jacking etc… So dangerous http methods need to be restricted. We need to disable dangerous http method in both […]
Blind SQL INJECTION occurs when data input by a user is interpreted as an SQL command rather than as normal data by the backend database. This is common vulnerability and the vulnerability by executing a test SQL query on the backend database. Type of SQL Injections SQL Injections Blind Sql Injection Boolean Based Sql Injection […]
How to Disable Apache Tomcat Server version By default, Apache Tomcat server version exposed and leads security issues. There are three approaches to hide the Apache Tomcat server version. In which easy-st way is adding one of the attributes in server.xml In this article, we are working on Apache Tomcat 6.0.0. Tomcat Information in Response […]
COPYRIGHTS © 2019 - 2023 Narayana Tutorial. ALL RIGHTS RESERVED terms of service | privacy policy | returns and refund policy
