Default configurations with debugging and information disclosure. You are almost garanteed to trip on one of those. Sometime it gives you access to way too much information, like environment configuration, accounts name (and even passwords, I saw that two weeks ago), installation paths, generated reports etc.
XSS is still really frequent too. Sébastien On Mon, Oct 5, 2009 at 2:16 PM, steve jacobs <[email protected]> wrote: > Out of interest, I'd be interested to know what vulnerabilities show up in > most apps you review? I guess gaping SQLi flaws are rare in companies with > decent programmers, but are there some vulnerabilties that show up time and > time against when you do these security audits? I'm seriously intreged in > the w3af framework. What would you say are the top offenders (vulnerability > wise) that always show up in almost any app? > > Thanks, > Steve J. > > ________________________________ > Have more than one Hotmail account? Link them together to easily access > both. > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register now! > http://p.sf.net/sfu/devconf > _______________________________________________ > W3af-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/w3af-users > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ W3af-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/w3af-users
