Source Code Review Continues….
Introduction
Before moving further to explore more vulnerabilities which you can look after just performing the “Secure Code Reviews”. You can review my previous blog on the same topic and you can learn some more with this blog.
https://gupta-bless.medium.com/basics-of-source-code-review-4c263652202
Both SQLi and XSS are examples of major vulnerabilities that can occur when proper input validation is not performed, and both of these vulnerabilities can have a high severity because they allow attackers to gain access to the database, retrieve data from the database, or target any other user. I have already discussed some of these major vulnerabilities in a previous blog post of mine. As we move forward with this topic, we will talk about some key security flaws in this blog, such as the Local File Inclusion and Weak Cryptographic Hash flaws. Let’s go through each of these holes in security one at a time.
Local File Inclusion / Path Manipulation (Input Validation)
LFI and path manipulation vulnerability exists due to insufficient input validation on the parameters that are…
