Currently, nginx is the most popular web server, recently beating Apache. It is lightweight, fast, robust, and supports all major operating systems. It is the web server of choice for Netflix, WordPress.com, and other high traffic sites. An nginx server can easily handle 10,000 inactive HTTP connections with as little as 2.5 MB of memory. […]
One of the most comfortable ways to build web pages is by using server-side templates. Such templates let you create HTML pages that include special elements that you can fill and modify dynamically. They are easy to understand for designers and easy to maintain for developers. There are many server-side template engines for different server-side […]
The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the successor to SSL (Secure Socket Layer). The recent Acunetix 2020 […]
Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when a user requests www.acunetix.com without specifying a file (such as […]
The terms Google hacking, Google hacks, or Google dorking refer to attacks that use Google or another search engine to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using wildcards and advanced search operators (such as intitle, inurl, intext, filetype, and more), to locate badly configured web […]
Security teams worldwide face similar challenges – both independent teams and those that are part of medium and large organizations. Due to the cybersecurity skill gap, such teams often lack in numbers. On the other hand, their clients keep providing more work. As a result, the team is not able to manually process the task […]
A web shell is a malicious script used by an attacker with the intent to escalate and maintain persistent access on an already compromised web application. A web shell itself cannot attack or exploit a remote vulnerability, so it is always the second step of an attack (this stage is also referred to as post-exploitation). […]
In part 1 of this series, we looked at what a web shell is and why an attacker would seek to use one. In part 2 of this series, we’ll be looking at some specific examples of web shells developed using the PHP programming language. Web shells exist for almost every web programming language you […]
In part 2 of this series, we looked at specific examples of web shells in the PHP programming language. In part 3 of this series, we’ll be looking at some techniques that attackers use to keep web shells hidden. Commands can be sent to the web shell using various methods with HTTP POST request being […]
Back in 2007, the partner event registration page of the Microsoft UK events website has been defaced by a hacker who managed to discover and exploit a web application vulnerability in one of the parameters used by the form on the website. Read more in this article about how an SQL injection vulnerability, server-side enabled […]
We hate spam, we obviously will not spam you!
Copyright © TSP 2024. All rights reserved. Designed by Enovate LLC
