CGI Vulnerabilities
by Aleksandar Stancin - for Help Net Security
Bookmark and Share
By using a cgi scanner you can safely find out by yourself for any insecure CGI's on your system. And, surely you want to do that, you don't want to leave anybody any options for manipulating with your system. You can use any other CGI scanner, it should work just fine. Most of them have plugins of some kind to keep them up-to-date with vulnerabilities.

And thus cameth the conclusion

CGI vulnerabilities exist, and new ones are being found on a daily basis. And, of course, they will be exploited for this or that purpose. Unfortunately, if you have to use them, you can only hope that a patch exists or will be soon put out. Alternative, if you're into programming, you can try to fix them yourself.

So, if you use CGI's, use them wisely. Check them out, constantly as you try new ones. A good thing would be to regularly check sites like cgisecurity and Help Net Security for new CGI vulnerabilites, as they appear on a daily basis. It is of vital importance to keep an eye on new vulnerabilities concerning any software you run on your web. It will help you prevent any malicious activities against your site. Apply patches that become available sooner or later for the same issues. Applying patches reduces the risk level to minimum. Consider running utilites such as above mentioned suexec and CGIWrap on your web.

Hopefully, this article brought you in speed with the term cgi-bin vulnerabilities. Of course, much more can be said here, but for starters and for getting acguinted, this should do just fine. If you'd like to find out more, a lot of good information and links can be found at the sites mentioned in throught the article.

Last but not least, I'd like to thank Zenomorph from cgisecurity for his help and suggestions. Believe it or not, this concludes today's easy reading material!

Spotlight

Nine patterns make up 92 percent of security incidents

Posted on 23 April 2014.  |  Researchers have found that 92 percent of the 100,000 security incidents analyzed over the past ten years can be traced to nine basic attack patterns that vary from industry to industry.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Thu, Apr 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //