Security Audit

Our Web Application Pentest ( WAP) attempts to address the Owasp top 10 & SANS top 20 web application vulnerabilities and other exploitable loopholes of your web application . Along with it our WAP team also test web applications for Business logic flaws that can directly or indirectly effect the functioning of application.

Trainings

We are here to help you solve your biggest query- where and how to start? CDI has brought various courses in Ethical Hacking in Chandigarh where all you technology lovers will be given the much needed push to move forward and create a niche for yourself in the field. From Beginner to Expert level we have many kinds of training patterns.

Call Us : +91-771045-0011 | +91-771045-0022

2 out of 3 Web Applications are vulnerable! Netsparker said!

Application Security Company Netsparker said, after a survey they came to know that 2 out of every three web applications are vulnerable to the most dangerous attacks SQL Injection and Cross Site Scripting (XSS). This is the result of internal code errors made by the web application developers. Less skills of developers is also a big reason behind it.

Netsparker select 396 total web applications for testing under this survey. After testing the security experts of Netsparker found that, 278 web applications were vulnerable to big major attacks. Most of the Web applications were vulnerable to SQL Injection and XSS attack. This is the 68% of total web applications. Majority of Websites was vulnerable to both Local File inclusion and Remote file inclusion.

What is SQL Injection?

In OWASP top 10 attacks list SQLi is at number one. During 1998 it was originally discovered and discussed publically. So we can say that it is very ancient attack. Actually SQLi flaws are very easily fixable problems which have been unnoticed and neglected by most of the web application developers. Rising number of SQL injection attacks is a major issue in cyber world. SQLi attack could be done manually and with the help of automated tools as well. Manually SQLi is very time- consuming in which attacker repeatedly intercepts data packets and sends a number of different Structure Query Language (SQL) payloads to exploit the SQLi vulnerabilities. This is the reason why attackers mostly prefer the automated tools to scan the web applications and exploit the SQLi flaws.

Cross Site Scripting?

Cross-site scripting (XSS) is a security exploit in which the attacker inserts malicious coding into a link that appears to be from a trustworthy source. When someone clicks on the link, the embedded programming is submitted as part of the client's Web request and can execute on the user's computer, typically allowing the attacker to steal information. Cross site scripting is nothing but injection of client side scripts into a website. These scripts can be HTML scripts or JavaScript scripts.

Also read: New Cyber Security Action Plan has been launched by President “Barack Obama”! 

SQL Injection and Cross Site Scripting were two major vulnerabilities. There were many other vulnerabilities have been founded by the researchers. In these vulnerabilities, RFI, LFI, Open Redirection, Frame injection, Remote Code Execution and Cross Site Request Forgery are included.

How to protect Web Applications?

To keep web applications safe from all these flaws, developers have to learn all the basic and advanced coding techniques, which are must to protect web application from XSS and SQL Injection. Even a small mistake can lead the whole business to a huge risk. IT Companies should organize seminars of experts, to provide latest security knowledge to their developers.

Source: SC Magazine

Leave a Reply

Name
Email id
Contact No
Comment

See more of Cyber Intelligence by logging in.
Connect with cyber security experts,Discover job opportunities,Online Training, Information Security Advisory and lot more.