"Web App Vulnerabilities Flying Under Your Radar"

Shandon Lewis, a senior Web application penetration tester at Backward Logic gave a presentation, titled Vulnerabilities in Web Applications That Are Often Overlooked, in which he highlighted the importance of concentrating on small Web application vulnerabilities as they are more likely to be used by attackers to infiltrate targets than zero-day vulnerabilities. Web application bugs that are considered to be of low severity can have a significant impact on businesses. According to Lewis, the infiltration into targets is often successful because of  phishing attacks, physical intrusion, and the use of weak credentials. This article continues to discuss the importance of looking at low-severity Web application bugs, the components of weak credentials, user enumeration, and rate limiting. 

Dark Reading reports "Web App Vulnerabilities Flying Under Your Radar"