Dina Shkolnik

Category //

Dina Shkolnik

How to Approach Application Security?

Application security has changed over the years. While initially dominated by Penetration (Pen) Testing and Manual Code Reviews, the evolution of programming has forced this industry to become more advanced. There are different ways to approach application security today. Security

Read More »

How will the AppSec Beginner’s Guide Help Me?

Whether you are a developer, an aspiring ethical hacker or an information security manager – understanding and implementing good application security is mandatory. We strongly recommend you make use of the information and resources in this AppSec Beginners Guide, which

Read More »

What is AppSec?

The modern web application is a complex piece of software that can contain millions of lines of code (LOC). The dynamic nature of these applications means that they can be exploited and manipulated if the code integrity is not up

Read More »

Cybercrime – Affecting Organizations Worldwide

With more and more organizations offering their services via online channels, cybercrime has picked up significantly. Banking, e-commerce, retail, health, defense, government, transportation and other websites have given hackers (and commercial attackers) a large choice of potential targets to exploit.

Read More »

Session Hijacking

Session Hijacking is the exploitation of the web session control mechanism, where the hacker exploits vulnerable connections and steals HTTP cookies to gain unauthorized access to sensitive information/data stored in web servers. This kind of attack, also known as Cookie

Read More »

Session Fixation

This hacking methodology basically involves the taking over of the victim’s session with the web server after he’s logged in. This is made possible by exploiting limitations in the application’s Session ID (SID) management. While authenticating a user, the vulnerable

Read More »

Path Traversal

Path Traversal attacks are made possible when access to web content is not properly controlled and the web server is compromised. This is basically an HTTP exploit that gives the hackers unauthorized access to restricted directories. They eventually manipulate the

Read More »

LDAP Injection

Lightweight Directory Access Protocol (LDAP) is an open and vendor-neutral directory service protocol that runs on a layer above the TCP/IP stack. It provides the appropriate mechanism for accessing and modifying data directories, things that are commonly used today while

Read More »

OS Command Injection

OS Command Injection attacks occur when the hacker attempts to execute system level commands through a vulnerable web application.  These high impact server/application injections help the hacker to bypass administrator privileges and execute malicious OS commands. Just like SQL injections,

Read More »

Cross-site Request Forgery (CSRF)

CSRF attacks manipulate the inability of the web applications to authenticate user access, putting entire networks at risk. This session-riding, which allows the hacker to use an active session of the victim to perform actions on his behalf without his

Read More »
Skip to content