Path Traversal Primer for Java Developers

Path Traversal

Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as […]

Path Traversal In Primer for Java Developers

Path Traversal

Path Traversal attacks occur when the user can specify content to be written on the server. An attacker, relying on the application to pass unsanitized data into a file API, could overwrite files containing sensitive information on the host system running the application. The file access operation will most likely inherit the same permissions as […]

Parameter Tampering Primer for Java Developers

reducing security risk

Parameter tampering can occur when web applications transmit important data to the client expecting the value to be returned on the next query. This is called round-tripping. This is done as a convenience to the developer typically because it is considered too difficult to maintain these values in a server session construct. The risk round-tripping […]

Padding Oracle Primer for Java Developers

padding oracle

The Padding Oracle attack is associated with Modern Symmetric(single key to encrypt/decrypt) Cryptographic systems that use a block cipher. Block ciphers work on encrypting fixed length group of bits called blocks. To enhance security, block ciphers have added modes of operation which support the repeated operation of the cipher across several blocks. Since the original plaintext is never […]

OGNL injection Primer for Java Developers

OGNL Injection

OGNL Injection occurs when the Expression Language (EL) interpreter attempts to interpret user-supplied data without validation enabling attackers to inject their own EL code. Object Graph Navigation Language (OGNL) was developed to provide developers with an easy way to extract data from an object model like a scripting language. It is similar to a server side […]