Insufficient Transport Layer Protection Authenticating over non-‐SSL. Obviously bad Sending session IDs over non-‐SSL Session hijacking Firesheep Not sending everything over SSL JavaScript injection Insecure Cryptographic Storage Obviously bad Storing passwords in plaintext. Still bad Using unsalted hashes. Using raw hash function (MD5,SHA1,etc). Better but not great Using a keyed hash function (HMAC-SHA1). Best Using a slow function (PBKDF2,bcrypt,scrypt). Cross-Site Request Forger y Confused deputy problem. Classic example Filelocker doesn’t have any CSRF protection. Joe is a Filelocker admin. I get Joe to visit a specially crafted form. Joe’s browser submits form along with his cookies. I not have admin <form method="POST" action="[path to filelocker]/admin_interface/grant_user_permission?format=json"> <input type="hidden" name="us...
SQL Injection , XSS , CRSF , Security misconfiguration and CSSLP