CGI Vulnerabilities
by Aleksandar Stancin - for Help Net Security
By using a cgi scanner you can safely find out by yourself for any insecure CGI's on your system. And, surely you want to do that, you don't want to leave anybody any options for manipulating with your system. You can use any other CGI scanner, it should work just fine. Most of them have plugins of some kind to keep them up-to-date with vulnerabilities.

And thus cameth the conclusion

CGI vulnerabilities exist, and new ones are being found on a daily basis. And, of course, they will be exploited for this or that purpose. Unfortunately, if you have to use them, you can only hope that a patch exists or will be soon put out. Alternative, if you're into programming, you can try to fix them yourself.

So, if you use CGI's, use them wisely. Check them out, constantly as you try new ones. A good thing would be to regularly check sites like cgisecurity and Help Net Security for new CGI vulnerabilites, as they appear on a daily basis. It is of vital importance to keep an eye on new vulnerabilities concerning any software you run on your web. It will help you prevent any malicious activities against your site. Apply patches that become available sooner or later for the same issues. Applying patches reduces the risk level to minimum. Consider running utilites such as above mentioned suexec and CGIWrap on your web.

Hopefully, this article brought you in speed with the term cgi-bin vulnerabilities. Of course, much more can be said here, but for starters and for getting acguinted, this should do just fine. If you'd like to find out more, a lot of good information and links can be found at the sites mentioned in throught the article.

Last but not least, I'd like to thank Zenomorph from cgisecurity for his help and suggestions. Believe it or not, this concludes today's easy reading material!

Spotlight

How to talk infosec with kids

Posted on 17 September 2014.  |  It's never too early to talk infosec with kids: you simply need the right story. In fact, as cyber professionals itís our duty to teach ALL the kids in our life about technology. If we are to make an impact, we must remember that children needed to be taught about technology on their terms.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Sep 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //