Skip to main content

Fixing Web Exploits

Possible Fixing List

  • Does it establish an HTTP or HTTPS connection?
  • Does it navigate to a particular path or route within a web application?
  • Does the exploit make use of a vulnerability that doesn't require prior authentication?
  • If not, how does the exploit gain authentication within the web application?
  • How are the GET or POST requests formulated to provoke and take advantage of the vulnerability?
  • Does it depend on default application configurations (e.g., the web application's path) that might have been altered post-installation?
  • Will anomalies like self-signed certificates disrupt the exploit's functioning?