Remediation Tips

Cross-site Scripting
Cross-site scripting is a type of attack that can be carried out to compromise users of a website. The exploitation of an XSS flaw enables attackers to inje...
Tue, 24 Mar, 2020 at 3:15 PM
SQL Injection
SQL injection flaws are very critical as they allow a remote attacker to gain access to the underlying database. In the worst case scenario, the attacker ca...
Tue, 24 Mar, 2020 at 3:24 PM
Local File Inclusion / Path Traversal
Local file inclusion (LFI) and path traversal vulnerabilities occur when user-supplied data is able to probe the underlying file system of the server. In ot...
Tue, 24 Mar, 2020 at 3:28 PM
Microsoft IIS Tilde Vulnerability
This vulnerability is caused by the tilde character (~) with the old DOS 8.3 name convention (SFN) in a HTTP request. It allows a remote attacker to disclos...
Fri, 21 Feb, 2020 at 5:43 PM
Input Autocomplete
Appears when you tell the browser to save your password. The browser stores completed form fields and password locally and automatically fill them when a us...
Fri, 21 Feb, 2020 at 5:43 PM
PHP NULL Session
The PHP null session is a vulnerability that enables the attacker to disclose the path of the executing scripts on the local file system. What can happen? ...
Tue, 24 Mar, 2020 at 3:33 PM
Mixed Content
Mixed content issues arise when web sites use HTTPS to deliver their pages, but allow some of the resources to be delivered in plaintext (HTTP). What can h...
Tue, 24 Mar, 2020 at 3:39 PM
HTTPS Stripping
HTTPS Stripping forces a victim’s browser into communicating with an adversary in plaintext HTTP instead of the encrypted HTTPS (SSL). The attacker, placed ...
Tue, 24 Mar, 2020 at 3:42 PM
SSL BEAST
Only SSLv3.0, TLSv1.0 and lower protocol versions of HTTPS are vulnerable. This vulnerability is based on a misuse of the Initialisation Vector (IV) that se...
Tue, 24 Mar, 2020 at 5:53 PM
Login CSRF
Login CSRF is a type of attack where the attacker can force the user to log in to the attacker’s account on a website and thus reveal information about what...
Tue, 24 Mar, 2020 at 3:52 PM