|
Here are just a few examples of the test that we could potentially do on your systems:ABRUPT SESSION TERMINATIONA Hacker can reroute session identifiers and obtain access to an account, after the victim "thinks" he has disconnected. A hacker can obtain the session IDs from various cookies hidden on a shared computer, or by web pages containing hidden fields, or by the network (tracing or sniffing the wire), etc. PRIVILEGE ESCALATIONPrivilege escalation vulnerabilities enable users with less privilege to access pages and run code that should only be permited to power users, admins or user with more privilege. This vulnerability indicates that the right to launch certain actions or to see specific data is not managed on the application server. MUTUAL USERSimultaneous cross-user vulnerabilities will enable a hacker to see sensitive information and in return enable the hacker to execute specific operations that, in theory, should only be accessible to the permitted, normal user. URL JUMPURL Jumping (escaping a predetermined action of an application) will enable malicious users to bypass the normal steps set in place by the online application. The end result will be that those users will be able to execute commands in ways that were not planned or that were not thought possible. CROSS-SITE REQUEST FORGERY (CSRF)Cross-site request forgery, also known as a one-click attack or session riding and abbreviated as CSRF or XSRF, is a type of malicious exploit of a website whereby unauthorized commands are transmitted from a user that the website trusts. Unlike cross-site scripting (XSS), which exploits the trust a user has for a particular site, CSRF exploits the trust that a site has in a user's browser. SESSION FIXATIONIn computer network security, session fixation attacks attempt to exploit the vulnerability of a system which allows one person to fixate (set) another person's session identifier (SID). Most session fixation attacks are web based, and most rely on session identifiers being accepted from URLs (query string) or POST data. Certaines applications qui continuent à utiliser la même session ID après l'établissement de la connexion donnent un accès illimité illicite à vos données. EXAMPLES OF OUR AUTOMATED TESTSAcquire Session ID |
2024 © Wolf Technologies
Wolf Technologies |