Directory indexing exposes server file structures when no default index page exists, enabling attackers to find backup files, config files, and naming conventions. … More Directory Indexing Attacks: When Your Web Server Reveals Too Much
Information leakage through HTML comments, verbose error messages, and plaintext data gives attackers the clues needed for SQL Injection and other attacks. … More Information Leakage Attacks: How Applications Unintentionally Reveal Sensitive Data
HTTP Verb Tampering exploits misconfigured VBAAC rules by using unlisted HTTP methods to bypass access controls. Covers the vulnerability, examples, and prevention. … More HTTP Verb Tampering: Bypassing Security Controls with Unexpected HTTP Methods
Site probing is the initial reconnaissance phase of web attacks. Attackers map OS, web server, database, and parameters to build an attack strategy. … More Site Probing: How Attackers Scan and Map Your Web Application
OS Commanding attacks inject operating system commands through unsanitised web application input, executing them with the web server’s privileges. … More OS Commanding Attacks: Injecting System Commands Through Web Applications
SQL Injection passes crafted commands through unsanitised input to manipulate backend databases — bypassing authentication, extracting all data, or executing DROP TABLE. Covers four attack categories and prevention. … More SQL Injection: The Attack That Can Empty Your Entire Database
