Hard-coded credentials refer to embedding authentication information such as usernames, passwords, API keys, or cryptographic keys directly into the source code. Developers might do this for convenience, testing, or quick deployment. However, these credentials often remain in production, creating vulnerabilities.
HTTP Response Splitting is a web application vulnerability that occurs when an attacker is able to manipulate HTTP headers to split the response sent to the client. This manipulation exploits the way headers are processed by web servers and browsers, allowing attackers to inject malicious content into the response stream. The result can be a range of attacks, from cross-site scripting (XSS) to cache poisoning and web cache poisoning, all of which can disrupt business operations, damage brand reputation, and compromise sensitive data.