Page 5 - D:\Lori\Documents\CyberSMR24Aug2020\

P. 5

Click on each of the following boxes to learn more about the more common vulnerabilities
In summary
In recent years, we are seeing leading
Types of vulnerabilities and threats companies educate their developers on
Click each input validation to learn more. strategies to develop more secure

Input validation Input Validation application, plus technology solutions
are available to scan application code to
Command injection Path or Directory Traversal identify potential exposures. This is to

Parameter validation Unicode Encoding Having a basic knowledge of these
vulnerabilities and threats will support
Session management URL Encoding your evaluation of a client’s secure

coding practices, and in the review of
Replay attack Buffer Overflow reports issued in conjunction with
attack and penetration engagements.
SQL Injection

Client side validation Click each of the three types of XSS vulnerabilities.

Cross-site scripting (XSS) Types of XSS Vulnerabilities

Nonpersistent XSS vulnerabilities, or
reflected vulnerabilities

Persistent XSS vulnerabilities, stored
or second order vulnerabilities

DOM (Document Object Model) or
local cross-site scripting

1 2 3 4 5 6