input validation – Page 2 – WindowsTechs.com

How would you test the security of a flat file processing application?

Posted on September 30, 2021 by Redacted for Privacy

Pheraphs the question is more about how does the back-end of an application that takes a flat file with a specific template as input handles such input.

Continue reading How would you test the security of a flat file processing application?→

How would you test the security of a flat file processing application?

Posted on September 30, 2021 by Redacted for Privacy

How would you test the security of a flat file processing application?
Perhaps the question is more about how does the back-end of an application that takes a flat file with a specific template as input handle such input.

Continue reading How would you test the security of a flat file processing application?→

CWE-915 (overpost/mass assignment) and antiforgery when not saving posted object to storage

Posted on August 11, 2021 by scott.korin

Veracode has found overpost or mass-assignment flaws (CWE 915) in our MVC portal. Technically, this is true, but I am wondering how much of an effort we would need to put into this, especially since we are already using antiforgery tokens… Continue reading CWE-915 (overpost/mass assignment) and antiforgery when not saving posted object to storage→

How to generate malicious input at processing stage?

Posted on July 24, 2021 by Infra

I am developing an application and It needs to be highly secured. Because of that reason, I am researching more security vulnerabilities and I found the below paragraph. This is related to input validation and I have already implemented cl… Continue reading How to generate malicious input at processing stage?→

WordPress, Apache Struts Attract the Most Bug Exploits

Posted on March 18, 2020 by Tara Seals

An analysis found these web frameworks to be the most-targeted by cybercriminals in 2019. Continue reading WordPress, Apache Struts Attract the Most Bug Exploits→

Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions

Posted on November 3, 2017 by Michael Mimoso

Siemens has fixed a remotely executable vulnerability in some versions of its SIMATIC PCS 7 distributed control system, and said that it is working on a fix for remaining affected versions. Continue reading Siemens Update Patches SIMATIC PCS 7 Bug in Some Versions→

Workarounds Available for Flaws in Siemens RUGGEDCOM Gear

Posted on March 29, 2017 by Michael Mimoso

Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available. Continue reading Workarounds Available for Flaws in Siemens RUGGEDCOM Gear→

Java, Python FTP Injection Attacks Bypass Firewalls

Posted on February 23, 2017 by Michael Mimoso

Newly disclosed FTP injection vulnerabilities in Java and Python that are fueled by rather common XML External Entity (XXE) flaws allow for firewall bypasses. Continue reading Java, Python FTP Injection Attacks Bypass Firewalls→

Java, Python FTP Injection Attacks Bypass Firewalls

Posted on February 23, 2017 by Michael Mimoso

Critical Vulnerability Patched in Roundcube Webmail

Posted on December 7, 2016 by Michael Mimoso

Open source webmail provider Roundcube was patched against a vulnerability that could be trivially exploited to run code on servers or access email accounts. Continue reading Critical Vulnerability Patched in Roundcube Webmail→