In its latest Hacker Intelligence Initiative report, Imperva analyzes remote and local file inclusion (RFI/LFI) attacks as favored by LulzSec.
===> Imperva suggests a number of ways to mitigate against RFI/LFI attacks. These include finding your own vulnerabilities using the same methods as the hackers: dorking (otherwise known as ‘Google hacking’, which uses the search engines to find hints of possible vulnerabilities); and the use of both commercial and free vulnerability scanners. <===
Also useful would be a web application firewall (WAF) and blacklisting known attacks IPs. The report also notes that the application code can be written to exclude RFI attacks, so detailed code review is advisable.
Learn more:
- http://www.scoop.it/t/securite-pc-et-internet?tag=Prison
- http://www.scoop.it/t/securite-pc-et-internet?tag=Jail...