What Is the POODLE Attack?

The POODLE attack (Padding Oracle on Downgraded Legacy Encryption) exploits a vulnerability in the SSL 3.0 protocol (CVE-2014-3566). This vulnerability lets an attacker eavesdrop on communication encrypted using SSLv3. The vulnerability is no longer present in the Transport Layer Security protocol (TLS), which is the…

Read more

Why Is Directory Listing Dangerous?

Directory listing is a web server function that displays the directory contents when there is no index file in a specific website directory. It is dangerous to leave this function turned on for the web server because it leads to information disclosure. For example, when…

Read more

What Are Google Hacks?

The terms Google hacking, Google hacks, or Google dorking refer to attacks that use Google or another search engine to find vulnerable web servers and websites. Google hacking is based on inventing specific search queries, often using wildcards and advanced search operators (such as intitle,…

Read more

What is Remote File Inclusion (RFI)?

Using remote file inclusion (RFI), an attacker can cause the web application to include a remote file. This is possible for web applications that dynamically include external files or scripts. Potential web security consequences of a successful RFI attack range from sensitive information disclosure and…

Read more