Remote Code Execution (RCE)

Description

Remote code execution is a vulnerability that can allow an attacker to remotely execute commands.
An RCE vulnerability can lead to loss of control over the system or its individual components, as well as theft of sensitive data.

Bussines Impact

An attacker could exploit this vulnerability to execute any code of his choice on a remote machine via the Internet. An attacker would gain full access to the servers and could herm the website significantly.

Recommendation

To prevent this vulnerability from occurring in the future, make sure that the end-user does not have the option to write directly to the system, such as writing to files/terminals, etc.

In addition, Always check the input of the user who arrives and verify that this is not malicious code.
In addition, check the input of the user who arrives and verify that this is not malicious code.

More Details

In order to reduce the number of vulnerabilities in your environment, it’s recommended to patch and update all of your software.
Attackers almost always hold a list of the most recently known vulnerabilities and happily exploit them.

Reference

https://owasp.org/www-community/attacks/Code_Injection

Explaining API

We’ve talked about API’s Vulnerability in here, but i feel like there’s much more to talk about and explain since this is a big and

Read More »

Exposing the GIT

Let’s start with defining the meaning of GIT. GIT – is an open-source system which we use as a tool to store data and information

Read More »

Passwords 101

Unlike basketballs, “passwords” are things we don’t want to be passed around, especially in a society built around the idea that “mystery” is appealing. We

Read More »