We will first take a look at what OWASP has to say on the threat agents and attack vectors. “Exploitation of access control is a core skill of attackers. SAST and DAST tools can detect the absence of access control but cannot verify if it is functional when it is present. Access control is detectable …
XML External Entities
For this vulnerability, all of the provided material is within this course from Portswigger Web Academy here. I also added in the information provided by OWASP to get a solid understanding of this vulnerability. OWASP To start this off, we need a solid understanding of this vulnerability before we do anything else. We will start …
Sensitive Data Exposure
Port swigger does not have any material regarding this so I will be using the one provided by OWASP. In short, Sensitive Data exposure is anytime sensitive information is not adequately protected. This can stem from Broken authentication, phpinfo pages, as well as improper handling of sensitive data being transmitted. To really understand this vulnerability …
Broken Authentication
For this section, I will be using the information provided from the OWASP website which can be viewed here. To understand what broken authentication it is better to first understand what the potential threat agents and attack vectors are. “Attackers have access to hundreds of millions of valid username and password combinations for credential stuffing, …