Learn about code vulnerability, why it happens, and how to eliminate it
Select a tutorial and start sharpening your skills!
This is a free version.
Forceful (or forced) browsing is a common attack technique used to gain access to web server resources that are restricted, or resources that are accessed outside of the intended (correct) sequence. An attacker carries out the attack by guessing, knowing or inferring the correct URL directly. If the restricted URLs, scripts, or files that reside in the web server directory are not enforced with appropriate authorization or sequencing logic, they can be vulnerable to forceful browsing attacks.
5-8 MIN
Excessive logging relates to the storing of information pertaining to the application state within local or remote (in the case of remote crash dumps etc) log files. When this information contains sensitive data this can present a security risk. Sensitive information can include: Passwords, personally identifiable information, payment card details, and other (static or temporary) application secrets.
5-8 MIN
Cached login credentials are convenient for users because even when they’ve logged out they do not need to re-enter (again) their username and password to authenticate. However they can present an unnecessary security risk, and there are more secure patterns for achieving user convenience.
5-8 MIN
When switching between applications an automatic screenshot of application is taken and cached to allow users to easily identify the status of each running app. In certain scenarios this feature could lead to unintended leakage of sensitive information depending upon the context of the application.
5-8 MIN
Auto-complete stores completed form field and passwords locally in the app, so that these fields are filled automatically when the user visits the site again. However, this allows storing of passwords or other sensitive text fields for which the app's auto-complete feature is enabled, introducing unnecessary security risk.
5-8 MIN
There are number of patterns for creating, reading, updating and deleting data locally in Android. Some approaches are more secure than others. Understand how insecure local data storage can weaken the security of mobile apps.
5-8 MIN
Vulnerabilities in local file data store occur when developers assume that users or malware will not have access to the file and subsequently store sensitive information in such data-stores on the device. This can typically lead to a security issue, should developers use local file data store for storing sensitive information e.g. Encryption Keys, Hardcoded passwords.
5-8 MIN
Client Side Injection vulnerabilities occur when developers trust external data without validating or sanitizing this input first. This can subsequently lead to security issues, including data leakage or execution of malicious code.
5-8 MIN