A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
-
Updated
Jan 29, 2024
A threat actor may interfere with an application's processing of extensible markup language (XML) data to view the content of a target's files
A threat actor may re-use a stolen or leaked session identifier to access the user's account
Data classification defines and categorizes data according to its type, sensitivity, and value
A threat actor may guess the target credentials using a known username and password pairs gathered from previous brute-force attacks
Data states refer to structured and unstructured data divided into three categories (At Rest, In Use, and In Transit)
A threat actor may cause a vulnerable target to include/retrieve remote file
A threat actor may gain unauthorized access using the default username and password
A threat actor may bypass the Completely Automated Public Turing test to tell Computers and Humans Apart (captcha) by breaking the solving logic, human-assisted solving services, or utilizing automated technology
A threat actor may gain access to data and functionalities by bypassing the target authentication mechanism
Access Control is using security techniques to protect a system against unauthorized access
A threat actor may list files on a misconfigured server
A threat actor may cause a vulnerable target to include/retrieve local file
Threat intelligence or Cyber Threat Intelligence is the process of identifying and analyzing gathered information about past, current, and future cyber threats (Collecting information about a potential threat, then analyzing that information to learn more about the negative events)
A threat actor may alter structured query language (SQL) query to read, modify and write to the database or execute administrative commands for further chained attacks
A threat actor may alter the XML path language (XPath) query to read data on the target
The practice of ensuring that people or objects have the right level of access to assets
A threat actor may access the user's account using a stolen or leaked valid (existing) session identifier
Countermeasures or safeguards for detecting, preventing, and mitigating cyber threats and attacks (Protect assets)
A threat actor may tamper with a stream that gets deserialized on the target, causing the target to access data or perform non-intended actions
A threat actor may trick a user into using a known session identifier to log in. after logging in, the session identifier is used to gain access to the user's account
Add a description, image, and links to the infosecsimplified topic page so that developers can more easily learn about it.
To associate your repository with the infosecsimplified topic, visit your repo's landing page and select "manage topics."