Home/Tag: Penetration Testing

Pen Testing: Malicious File Execution

What is a Malicious File Execution Vulnerability? Malicious file execution vulnerabilities (also called File Inclusion Vulnerabilities) is a vulnerability that occurs due to user input or uploads to websites not being properly handled or poor data validation by the website/web application. Web applications that are poorly designed or coded may automatically run or parse input that is inputted from a user. [...]

By |2020-01-17T21:27:18+00:00January 8th, 2015|Cyber Risk Management|5 Comments

Pen Testing: SQL Injection/Injection Flaws

What are SQL Injections/Injection Flaws? Injection Flaws allow attackers to run a malicious command or block of malicious code on the back-end (the database) of a targeted web based application. For example, an attacker may send instructions to a vulnerable back-end database via an SQL command to manipulate the functionality of an application or to steal data.  These injected database instructions (hints the [...]

By |2020-01-17T21:28:49+00:00December 18th, 2014|Cyber Risk Management|0 Comments

Pen Testing: Cross Site Scripting (XSS)

What is Cross Site Scripting (XSS)? Cross Site Scripting (XSS) is the first test in a series of controls which exist to protect user data, prevent fraud and secure the organization's web application and environment. Cross Site Scripting (XSS) is a common application layer web attack that, despite originating from a website is actually executed on the users’ computer. In this [...]

By |2020-01-17T21:29:04+00:00December 4th, 2014|Cyber Risk Management|0 Comments