What Is Command Injection Attacks?

What Is Command Injection Attacks?

What Is Command Injection Attacks? – Command injection flaws allow attackers to pass malicious code to different systems via web applications. The attacks include calls to an operating system over system calls, use of external programs over shell commands, and calls to the backend databases over SQL. Scripts in Perl, Python and other languages execute and insert the poorly designed web applications. If a Web Application uses any type of interpreneur, attacker insert malicious code to inflict damage. To perform functions, web applications must use operating system feature and external…

Read More

Classification of Vulnerability?

What Is Vulnerability Scanning?

Classification of Vulnerability? – In a network there are generally two main causes for systems being vulnerable, software or hardware misconfiguration and poor programming practices. Attackers exploit these vulnerabilities to perform various types of attacks on organizational resource. Classification of Vulnerability? Vulnerability present in a system or network are classified into the following categories: Misconfiguration Misconfiguration is the most common vulnerability that is mainly caused by human error, which allows attackers to gain unauthorized access to the system. This may happen intentionally or unintentionally affecting web servers, application platform, database…

Read More

What Is Vulnerability Scanning?

What Is Vulnerability Scanning?

What Is Vulnerability Scanning? – Vulnerability discovery is an integral part of any security assessment. While we prefer manual, specialized tasks that leverage our knowledge and experience during a security audit, automated vulnerability scanners are nonetheless invaluable when used in proper context. In this module, we will provide an overview of automated vulnerability scanning, discuss its various considerations, and focus on both Nessus and Nmap as indispensable tools. Vulnerability Scanning How Vulnerability Scanners Work Vulnerability scanner implementations vary, but generally follow a standard workflow. Most automated scanners will: Detect if…

Read More

What is SNMP Enumeration?

What is SNMP Enumeration?

What is SNMP Enumeration? – SNMP(Simple Network Management Protocol) Enumeration id process of enumerating user accounts and devices on a target system using SNMP This section describes SNMP enumeration, information extracted via SNMP enumeration, and various SNMP enumeration tools used to enumerate user accounts and devices on a target system. SNMP is an application layer protocol that runs on UDP and maintains and manages routers, hubs, and switches on an IP network. SNMP agents run on windows and Unix networks on networking devices. SNMP Enumeration is the process of creating…

Read More

What is Vulnerability Stack?

What is Vulnerability Stack?

What is Vulnerability Stack? – One maintain and accesses web applications through various levels that include custom web applications, third-party components, databases, web servers, operating systems, networks, and security – Vulnerability Stack. All the mechanisms or services employed at each layer help the user in one way or the other to acess the web application securely. When talking about web applications, organization considers security as a critical component because web applications are major sources or attacks – Vulnerability Stack. The following Vulnerability Stack shows the layers and the corresponding element/mechanisms/service…

Read More

What is Privilege Escalation?

What is Privilege Escalation

What is Privilege Escalation? – An attacker can gain access to the network using a non-admin user account and the next step would be to gain administrative privilege escalation. Attacker performs privileges escalation attack which takes advantage of design flaws, programming errors, bugs, and configuration oversights in the OS and software application to gain administrative access to the network and its associated applications. These privileges allows attacker to view critical/sensitive information, delete files, or install malicious programs such as viruses, Trojan, worms, etc. Types of Privilege Escalation Privilege escalation take…

Read More