Checkmarx Launches Infrastructure as Code Scanning Solution to Secure Cloud-Native Applications: KICS

Introduction to the AppSec Knowledgebase

Week after week, an increasing number of corporations and governments become the victims of cybercrime. These exploitations lead to losses of revenue and reputation which can are often impossible to recover for the affected organizations. The best defense in the fight against cybercrime is ensuring that your code in free of the vulnerabilities that can

Read More ›

Session Hijacking

Session Hijacking is the exploitation of the web session control mechanism, where the hacker exploits vulnerable connections and steals HTTP cookies to gain unauthorized access to sensitive information/data stored in web servers. This kind of attack, also known as Cookie Hijacking or TCP Session Hijacking, can be performed in many kinds of ways. Besides using

Read More ›

Session Fixation

This hacking methodology basically involves the taking over of the victim’s session with the web server after he’s logged in. This is made possible by exploiting limitations in the application’s Session ID (SID) management. While authenticating a user, the vulnerable application doesn’t assign a new SID, making it possible to use an existing SID for

Read More ›

Path Traversal

Path Traversal attacks are made possible when access to web content is not properly controlled and the web server is compromised. This is basically an HTTP exploit that gives the hackers unauthorized access to restricted directories. They eventually manipulate the web server and execute malicious commands outside its root directory/folder. These attacks are executed with

Read More ›

LDAP Injection

Lightweight Directory Access Protocol (LDAP) is an open and vendor-neutral directory service protocol that runs on a layer above the TCP/IP stack. It provides the appropriate mechanism for accessing and modifying data directories, things that are commonly used today while developing intranet and internet (web) applications. LDAP injections (queries) can be used to exploit vulnerable

Read More ›