Vulnerability in relation to web application is any weakness or flaw that an attacker can use as a link point in order to have access to the application and its underlying layers so as to compromise the information assurance. Vulnerability can best be described as the conjunction of these three things – first, the weakness or susceptibility of the web application, accessibility of the weakness by the attacker, and the attacker’s ability to exploit the weakness.
DESCRIPTION OF VULNERABILITIES
The automated process of proactively identifying vulnerabilities of computing systems in a network in order to determine if and where a system can be exploited andthreatened While public servers are important for communication and data transfer over the Internet, they open the door to potential security breaches by threat agents, such as malicious hackers. Vulnerability scanning employs software that seeks out security flaws based on a database of known flaws, testing systems for the occurrence of these flaws and generating a report of the findings that an individual or an enterprise can use to tighten the networks security.
Vulnerability scanning typically refers to the scanning of systems that are connected to the Internet but can also refer to system audits on internal networks that are not connected to the Internet in order to assess the threat of rogue software or malicious employees in an enterprise.
1. XPATH INJECTION
2. CROSS SITE SCRIPTING
3. SQL INJECTION
XPATH INJECTION DESCRIPTION
XPath is a query language used to select data from XML data sources. It is increasingly common for web applications to use XML data files on the back-end, using XPath to perform queries much the same way SQL would be used against a relational database. XPath injection, much like SQL injection, exists when a malicious user can insert arbitrary XPath code into form fields and URL query parameters in order to inject this code