[Forgot Password]
Login  Register Subscribe












Paid content will be excluded from the download.

Matches : 909 Download | Alert*

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

When malformed or abnormal HTTP requests are interpreted by one or more entities in the data flow between the user and the web server, such as a proxy or firewall, they can be interpreted inconsistently, allowing the attacker to "smuggle" a request to one device without the other device being aware of it.

The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

The application searches for critical resources using an externally-supplied search path that can point to resources that are not under the application's direct control.

The software does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

A product calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

The software does not encrypt sensitive or critical information before storage or transmission.

The product uses a fixed or controlled search path to find resources, but one or more locations in that path can be under the control of unintended actors.

The software does not verify, or incorrectly verifies, the cryptographic signature for data.

The program allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Pages:      Start    2    3    4    5    6    7    8    9    10    11    12    13    14    15    ..   90

© SecPod Technologies