Support
Articles and Tutorials
Policy
FAQ
Glossary
Products
Sax2 NIDS
Sax2 Screenshots
Buy Now
White Papers
Awards
Download
Contact Us

Consulting:

Technical Support:

Sales:

General Information:

 

 
  

document Argument Injection or Modification

Description Argument Injection or Modification is a specific case of attack, which belongs to Injection attacks familly. Modifying or injecting...

 document Buffer Overflow

Abstract Writing outside the bounds of a block of allocated memory can corrupt data, crash the program, or cause the execution of malicious...

 document Format String

Abstract Allowing an attacker to control a function's format string may result in a buffer overflow. Description Format string vulnerabilities...

document Log Forging

Abstract Writing unvalidated user input to log files can allow an attacker to forge log entries or inject malicious content into the...

 document Missing XML Validation

Abstract Failure to enable validation when parsing XML gives an attacker the opportunity to supply malicious input. Description Most...

document Process Control

Abstract Executing commands from an untrusted source or in an untrusted environment can cause an application to execute malicious commands on...

document String Termination Error

Abstract Relying on proper string termination may result in a buffer overflow. Description String termination errors occur when: Data...

 document Struts: Duplicate Validation Forms

Abstract Multiple validation forms with the same name indicate that validation logic is not up-to-date. Description If two validation forms...

 document Struts: Erroneous validate() Method

Abstract The validator form defines a validate() method but fails to call super.validate(). Descripti on The Struts Validator uses a form's...

document Struts: Form Does Not Extend Validation Class

Abstract All Struts forms should extend a Validator class. Description In order to use the Struts Validator, a form must extend one of the...

document Struts: Form Field Without Validator

Abstract Every field in a form should be validated in the corresponding validation form. Description Omitting validation for even a single...

 document Struts: Plug-in Framework Not In Use

Abstract Use the Struts Validator to prevent vulnerabilities that result from unchecked input. Description Unchecked input is the leading...

 document Struts: Unused Validation Form

Abstract An unused validation form indicates that validation logic is not up-to-date. Description It is easy for developers to forget to...

 document Struts: Unvalidated Action Form

Abstract Every Action Form must have a corresponding validation form. Description If a Struts Action Form Mapping specifies a form, it must...

 document Struts: Validator Turned Off

Abstract This action form mapping disables the form's validate() method. Description An action form mapping should never disable validation....

 document Struts: Validator Without Form Field

Abstract Validation fields that do not appear in forms they are associated with indicate that the validation logic is out of date. ...

 document Unchecked Return Value: Missing Check against Null

Abstract Ignoring a method's return value can cause the program to overlook unexpected states and conditions. Description Just about every...

 document Unsafe JNI

Abstract Improper use of the Java Native Interface (JNI) can render Java applications vulnerable to security flaws in other...

 document Unsafe Reflection

Abstract An attacker may be able to create unexpected control flow paths through the application, potentially bypassing security...

document Validation performed in client

Overview Performing validation in client side code, generally JavaScript, provides no protection for server-side code. An attacker can simply...

document Session Fixation

Description Authenticating a user without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated...