answer

Running Head: FILE INCLUSION VULNERABILITY 1

FILE INCLUSION VULNERABILITY 3

File inclusion vulnerability

Professor’s name:

Student’s name:

Date

Definition

A file inclusion vulnerability is a form of web vulnerability that commonly affects web applications that depends on a scripting runtime. This vulnerability is mostly caused by an inappropriate input validation technique, where the input of a user is transferred to the file without appropriate validation. There are two major types of this vulnerability namely, local file inclusion and remote file inclusion.

Dangers

This vulnerability is dangerous because it enables an attacker to utilize a remote code execution in developing a web shell on the web server that is utilized for web defacement. This vulnerability can also lead to malicious executions of codes on a server and can also reveal existing data on sensitive files. This vulnerability is among the most common susceptibilities that has facilitated attackers to carry out their major attacks.

Differences between remote and local inclusion

As mentioned earlier, there are two types of file inclusion vulnerability. Local file inclusion vulnerability one where the included file is already existing on the server hosting the targeted application. The attacker aims to access sensitive files with critical data such as configuration files. Remote file inclusion on the other hand, includes a remote file on the server of the victim. To achieve this, the attacker includes the URL connected to the malicious file in one of the URL’s GET parameters. The major difference between the two is that in remote file inclusion, the attacker uses a remote file while in local file inclusion, the attacker uses local files.

Methods of preventing security breaches

To prevent security breaches, various measures can be used. One can control the employees’ access to data. This can be done by only allowing employees to access only files and data that are required in their job. One can also prevent it by using secure transfer methods. One should ensure that they have tamper proof packaging before transferring their data in order to avoid breaches.

Vulnerable programming languages

Various programming languages are vulnerable to this form of attacks. It is argued that some programming languages are powerful and secure than others, but the truth is, every programming language has its own advantages and disadvantages. The most common susceptible programming language that is prone to file inclusion vulnerability is such as C, Java, JavaScript and Python.

References

Baloch, R. (2017). Ethical hacking and penetration testing guide. CRC Press.

Halton, W., Weaver, B., Ansari, J. A., Kotipalli, S. R., & Imran, M. A. (2017). Penetration testing: A survival guide. Packt Publishing.

Sabih, Z. (2018). undefined. Packt Publishing.