6 Deadly techniques waiting to unleash mayhem on Web Applications ~ PCCare247.com PCCare247.com Blog, PC Care 247 Tech Support Redefined

Thursday, 5 April 2012

6 Deadly techniques waiting to unleash mayhem on Web Applications

PCCare247 Spyware Removal
Hackers Inc. is always working hard to develop new techniques which would allow it to gain unauthorized access to Web applications. But then again somehow in spite of a slew of techniques out there; the ones that really end up standing out are:

SQL injection: Using this technique hackers end up creating database queries by copying Web client input. A one of those scenarios where hackers end up constructing input query strings which if not carefully inspected and if rejected by the application would end up returning confidential data.

Cross-site scripting: In this technique hackers tend to insert scripting code (such as JavaScript or ActiveX) into an input string; thereby causing a Web server to expose sensitive information such as usernames and passwords.

OS command injection: These are applications which tend to create operating system commands from Web input; such as accessing a file and displaying its contents. In a scenario where input strings are not carefully checked, hackers are successful in creating input which ends up displaying unauthorized data or modifies files or system parameters.

Session hijacking: Via this technique hackers end up gaining access to a logged-in session by guessing the contents of a session token based on knowledge of token format. The technique further ends up enabling a hacker to take over a session and access the original user's sensitive account information.

Parameter or URL tampering: Web applications end up embedding parameters or URLs in returned Web pages or otherwise work towards updating cookies with authorization parameters. Hackers can modify these parameters, URLs or cookies and cause a Web server to divulge sensitive information.

Buffer overflows: Application code should always keep a check on the input data lengths to input data doesn't overflow at the end of a buffer and modify adjacent storage. For hackers quickly end up learning about those applications which end up failing in checking for overflows and creating inputs which caused the error in the first place. www.pccare247.com

No comments:

Post a Comment

PCCare247.com Copyright © 2012-2013 by PCCare247 Solutions (P) Ltd.