Security Audits

Common Internet Security Vulnerabilities

  1. Injection Flaws: Passing unfiltered data to an SQL server, a browser or an LDAP server can result in an injection vulnerability, whereby the hackers can inject malicious code into the data, resulting in harm to the user receiving the data.
  2. Authentication Breach: This happens when a user passing sensitive information through an encrypted secure network suddenly encounters a break of authentication, leaving their sensitive data vulnerable to all the hackers out there.
  3. Cross-Site Scripting: Abbreviated as XSS, this is a very common input sanitization failure. It happens when an attacker force loads malicious JavaScript tags on input, which is returned to the user’s browser unsanitized, resulting in undue harm.
  4. Insecure Direct Object References: When an internal web application object, such as a file or database is exposed to unauthorized users, attackers receive access to these direct object references and make it easier for the site to be compromised.
  5. Security Misconfiguration: Databases and servers can be misconfigured on several levels, resulting in the appearance of several known and unknown vulnerabilities that compromise a web application’s security.
  6. Exposure of Sensitive Data: On the internet, sensitive data includes private user credentials such as credit card information, mailing address, bank account number, user account password and so forth. These informations should be passed through a secure encrypted connection at all times. Failure to do so can result in security vulnerabilities that seriously affect users.
  7. Missing Function Level Access Control: An authorization failure that results when adequate authorization is not performed when a function is called on the server. Performing right authorizations on the server side can avoid this vulnerability.
  8. Cross Site Request Forgery: This happens when a third party website forces the web browser into misusing its authority to fulfill the hacker’s interests. This is basically a deputy attack where the browser itself is confused.
  9. Components with Known Vulnerabilities: Adding strands of code that depict known vulnerabilities, such as corrupt WordPress plugins and Drupal modules, can result in a high-priority security vulnerability.
  10. Unvalidated Redirects and Forwards: An input filtering issue which occurs whenever the said web application contains malicious extensions which cause the trusted but compromised website to redirect to an unsafe, malicious website.