Answered

Running Head: INCLUSION 1

INCLUSION 3

Inclusion

Professor’s name:

Student’s name:

Date

The concept of file inclusions is established as being part of every single advanced server with subject to the side scripting language subject to the web. Therefore, the aspect of file inclusion vulnerability is established as being a web vulnerability type that commonly affects web applications that significantly rely on the subject of the scripting run time. The file inclusion vulnerability results from the application building a path with subject to the executable code through the application of an attacker-controlled variable on the basis of an approach that enables the attacker to have control with regards to which particular file execution is to be undertaken at a run time. The concept of file inclusion vulnerability is dangerous basing on the fact that permitting an unvalidated user input with regards to the control of files with a dynamic inclusion in an HTML file has the possibility of resulting in malicious code execution (Sabih, 2018).

The distinction between RFI and LFI includes the fact that the RFI is established as a vulnerability type whereby it is often located in the PHP running websites while in the LFI the attacker has to undertake the uploading of the malicious script with subject to the target server with the main objective of local execution (Baloch, 2017).

Various approaches can be employed in the prevention of a security breach. These approaches include the controlling of employees from accessing data from the beginning. Another prevention measure is the application of firm-based systems and devices only, the application of cloud, and requiring wiping technology addition with subject to personal devices alongside putting a plan in place. Various programming languages are vulnerable to this type of attack, including the python, Perl, NodeJS, JRuby, and PHP (Stuttard & Pinto, 2011).

References

Baloch, R. (2017). Ethical hacking and penetration testing guide. CRC Press.

Sabih, Z. (2018). Learn ethical hacking from scratch: Your stepping stone to penetration testing. Packt Publishing.

Stuttard, D., & Pinto, M. (2011). The web application hacker's handbook: Discovering and exploiting security flaws. John Wiley & Sons.