Cross-Site Request Forgery Vulnerabilities OWASP Cross-Site Request Forgery(CSRF) is one of the top 10 security vulnerabilities with high risk. It allows a hacker to perform an action on the vulnerable site on behalf of the victim(user). If the site does not validate the original request properly then the attack is possible. Attacker forges the […]
Tag: owasp
Sensitive Parameters are Susceptible to Brute force Attacks OWASP
Sensitive Parameters are Susceptible to Brute force Attacks OWASP Sensitive parameters such as username, password, server IP, etc.. will be guessed by the attacker by trying a large combination of attempts. Those parameters are susceptible to Brute Force Attack, it is a one of OWASP vulnerability with medium risk. We should avoid the attacker guessing […]
Apache Tomcat Server Information Disclosure by Verbose OWASP
Apache Tomcat Server Information Disclosure by Verbose – OWASP By default, Apache Tomcat server information exposed and leads security issues. It’s one of the OWASP vulnerabilities with low risk. Apache Tomcat server information disclosed in two places such as response header and error screen in the lower version. In the higher version of the tomcat […]
Information Disclosure by Test, Old and Backup Files OWASP
Information Disclosure by Test, Old and Backup Files OWASP Information disclosure by test, old and backup files that are not required for the application. This is one of the security vulnerability with info risk. We need to remove the unwanted test files. old files and backup files. Backup files and test files keep outside fo […]
Unauthorized File Upload Vulnerabilities OWASP
Unauthorized File Upload Vulnerabilities OWASP The application should allow the only specific types of files according to the requirement. And we should not allow unauthorized files into the application. It is possible for an attacker to bypass the current restrictions in place and upload an executable application or script. Bypassing the executable file, attackers can […]
How to send request data in Ajax HTTP GET and POST?
How to send request data in Ajax HTTP GET and POST? In this post, going to show How to send request data in Ajax HTTP GET and POST? How to send data insecure? what is the best Http method to send request data? How to send data in the query string in Http GET and […]
Cookie Not Marked as HttpOnly
HTTPOnly cookies cannot be read by client-side scripts, therefore marking a cookie as HTTPOnly can provide an additional layer of protection against cross-site scripting attacks. Solution <session-config> <cookie-config> <http-only>true</http-only> </cookie-config> </session-config> NarayanaswamyHello! I am Narayanaswamy founder and admin of narayanatutorial.com. I have been working in the IT industry for more than 12 years. NarayanaTutorial is […]
How to disable dangerous http methods in apache tomcat server
How to disable dangerous http methods in apache tomcat server Some of the http methods are dangerous and using these http methods may easily hack the application like executing the remote script execution, sql injection, click jacking etc… So dangerous http methods need to be restricted. We need to disable dangerous http method in both […]
How to Disable Apache Tomcat Server version
How to Disable Apache Tomcat Server version By default, Apache Tomcat server version exposed and leads security issues. There are three approaches to hide the Apache Tomcat server version. In which easy-st way is adding one of the attributes in server.xml In this article, we are working on Apache Tomcat 6.0.0. Tomcat Information in Response […]