ShareADC Hacker Intelligence Initiative
The Imperva Hacker Intelligence Initiative goes inside the cyber-underground and provides analysis of the trending hacking techniques and interesting attack campaigns.
| Selected Tag: Remote File Inclusion | Show All | |
 
|
NEW: Report #16 -- Get What You Give: The Value of Shared Threat IntelligenceImperva's ADC analyzed real-world traffic from sixty Web applications in order to identify attack patterns. The report demonstrates that, across a community of Web applications, early identification of attack sources and attack payloads can significantly improve the effectiveness of application security. Furthermore, it reduces the cost of decision making with respect to attack traffic across the community. Here's how, based on the traffic analyzed by the ADC:
Tags: Hackers, Hacking, Web Application Security, Database Security, Application Security, Remote File Inclusion, Local File Inclusion, Comment Spam |
|
Report #10 -- Dissecting a Hacktivist AttackThe fundamental tenet of Web 2.0, user-generated content, is also the Achilles Heel from a security standpoint. Why? Allowing the upload of user-generated content to the website can be extremely dangerous as the server which is usually considered by other users and the application itself as "trusted" now hosts content that can be generated by a malicious source. Tags: Hacktivist, Web Application Attacks, Hacking, Lulzsec, Remote File Inclusion, RFI, Passwords |
|
Report #9 -- Automation of AttacksHow do hackers automate? What do they automate? And most importantly: How can security teams block automated attacks? The latest Hacker Intelligence Initiative from Imperva's Application Defense Center will help you answer these questions and many more. Tags: Automated Web Application Attacks, Hacking, SQL Injection, SQLi, Remote File Inclusion, RFI, sqlmap, Havij, NetSparker, libwww-perl |
|
Report #8 -- Remote and Local File Inclusion Vulnerabilities 101Remote and local file inclusion (RFI/LFI) attacks are a favorite choice for hackers and many security professionals aren't noticing. RFI/LFI attacks enable hackers to execute malicious code and steal data through the manipulation of a company's web server. RFI was among the four most prevalent Web application attacks used by hackers in 2011. In fact, RFI/LFI was used most prominently by hacktivists. Most recently, a military dating website was breached using RFI/LFI by hacktivist group Lulzsec. RFI and LFI attacks take advantage of vulnerable PHP Web application parameters by including a URL reference to remotely hosted malicious code, enabling remote execution. PHP is a programming language designed for Web development and is in use across more than 77 percent of applications on the Internet. Tags: File Inclusion, Remote File Inclusion, RFI, LFI, Web Application Attacks, Hacktivist, Hacking |
|
Edition #2 -- Imperva's Web Application Attack Report (January 2012)Imperva monitored and categorized attacks across the internet targeting 40 different enterprise and government web applications. The WAAR outlines the frequency, type and geography of origin of each attack to help security professionals better prioritize vulnerability remediation. Tags: Application Security, Remote File Inclusion, RFI, SQL Injection, SQLi, Local File Inclusion, LFI, Cross Site Scripting, XSS, Directory Traversal, DT, Data Security, Web Application Attacks |
|
Report #1 -- Remote File InclusionWe begin our first report by describing an attack which usually flies under the radar – Remote File Inclusion (RFI). Although these attacks have the potential to cause as much damage as the more popular SQL Injection and Cross-Site Scripting (XSS) attacks, they are not widely discussed. HII has documented examples of automated attack campaigns launched in the wild. This report pinpoints their common traits and techniques, as well as the role blacklisting can play in mitigating them. Tags: Google Hacking, Web Application Attacks, Buffer Overflow, CSRF, SQL Injection, Cross-Site Scripting, XSS, Search Engine Poisoning, SEP, Botnets, Remote File Inclusion, RFI |
| Selected Tag: Remote File Inclusion | Show All | |
