Web Application Security

Posts

Web Security in few lines

Insufficient Transport Layer Protection Authenticating over non-‐SSL. Obviously bad Sending session IDs over non-‐SSL Session hijacking Firesheep Not sending everything over SSL JavaScript injection Insecure Cryptographic Storage Obviously bad Storing passwords in plaintext. Still bad Using unsalted hashes. Using raw hash function (MD5,SHA1,etc). Better but not great Using a keyed hash function (HMAC-SHA1). Best Using a slow function (PBKDF2,bcrypt,scrypt). Cross-Site Request Forger y Confused deputy problem. Classic example Filelocker doesn’t have any CSRF protection. Joe is a Filelocker admin. I get Joe to visit a specially crafted form. Joe’s browser submits form along with his cookies. I not have admin <form method="POST" action="[path to filelocker]/admin_interface/grant_user_permission?format=json"> <input type="hidden" name="us...

About Security

Most Important People Security (Increase Expenses) Developers (Increase Profits) Executives (Increase Profits) Sales (Increase Profits) Business Development (Increase Profits)

Smurf Attack

Definition - What does Smurf Attack mean? A smurf attack is a type of denial of service attack in which a system is flooded with spoofed ping messages. This creates high computer network traffic on the victim’s network, which often renders it unresponsive. Smurfing takes certain well-known facts about Internet Protocol and Internet Control Message Protocol (ICMP) into account. ICMP is used by network administrators to exchange information about network state, and can also be used to ping other nodes to determine their operational status. The smurf program sends a spoofed network packet that contains an ICMP ping. The resulting echo responses to the ping message are directed toward the victim’s IP address. Large number of pings and the resulting echoes can make the network unusable for real traffic. Techopedia explains Smurf Attack The following steps lead to a smurf attack: Huge numbers of ICMP requests a...

How applications get build in the real world!!!!!!!

Some Important things

Filter Input & Escape Output, always. Use prepared statements, filter your query params. Disable magic_quotes, register_globals, allow_url_fopen. Give minimum permissions to daemons, processes, people. Regenerate your session id’s and use tokens. Use common sense.

jQuery safety

Some jquery methods are unsafe, particularly .append() and the jquery selector $('') which can also create nodes $('<img>') will generate a img node. Only a few jquery methods should be passed unescaped input Safe methods .text() .attr() .prop() .val() Unsafe methods .html() $() .append*() .wrap*() .prepend*() .before() .after() .insert*()

Stealing from the storage (HTML 5 Vulnerabilities)

Attack Get the data from the storage(cookie,passwd,etc). Storage your xss shellcode Unlimit the path. Defense Don’t store sensitive data in local storage. Don't use local storage for session identifiers. Stick with cookies and use the HTTP Only and Secure flags.