- SQL INJECTION
- CROSS-SITE SCRIPTING
- COMMAND EXECUTION
- CLICKJACKING
- CROSS-SITE REQUEST FORGERY
- DIRECTORY TRAVERSAL
- REFLECTED XSS
- DOM-BASED XSS
- FILE UPLOAD VULNERABILITIES
- BROKEN ACCESS CONTROL
- OPEN REDIRECTS
- UNENCRYPTED COMMUNICATION
- USER ENUMERATION
- INFORMATION LEAKAGE
- PASSWORD MISMANAGEMENT
- PRIVILEGE ESCALATION
- SESSION FIXATION
- WEAK SESSION IDS
- XML BOMBS
- XML EXTERNAL ENTITIES
- DENIAL OF SERVICE ATTACKS
- EMAIL SPOOFING
- MALVERTISING
- LAX SECURITY SETTINGS
- TOXIC DEPENDENCIES
SQL INJECTION
If you are vulnerable to SQL Injection, attackers can run arbitrary commands against your database.
Let's say our username is user@email.com and password is password (which is wrong)
Now if the hacker is writing something like password' (with ' )
When it is simple SQL statement it will throw an error like below
Now if hacker enter : ' or 1=1--
"The double dashes (--) we entered caused the database to ignore the rest of the SQL statement, allowing us to be authenticated without having to supply the real password."
Protection
Parameterized Statements
Object Relational Mapping
Escaping Inputs
Sanitizing Inputs
For more information
For more information
_________________________________________________________________________________
CROSS-SITE SCRIPTING
Protection
1. Escape dynamic content: Like to replace " with "
2. Implement a Content-Security-Policy: Modern browsers support Content-Security Policies
_________________________________________________________________________________
COMMAND EXECUTION
Many web applications call operating system processes via the command line. If your application calls out to the OS, you need to be sure command strings are securely constructed.
Further reading https://www.owasp.org/index.php/Command_injection_in_Java
_________________________________________________________________________________
As an application author, you need to be sure your users aren't having their clicks stolen by attackers.
_________________________________________________________________________________
If an attacker can forge HTTP requests to your site, they may be able to trick your users into triggering unintended actions.
Anti-Forgery Tokens
Representation State Transfer (REST) is a series of design principles that assign certain types of action (view, create, delete, update) to different HTTP verbs.
Ensure Cookies are sent with the SameSite Cookie Attribute
_________________________________________________________________________________
DIRECTORY TRAVERSAL
You need to be sure URLs describing file paths are safely interpreted, lest a hacker try to get access to sensitive files on your server.
_________________________________________________________________________________
FILE UPLOAD VULNERABILITIES
Ensure Upload Files Cannot Be Executed
Rename Files on Upload
Validate File Formats and Extensions
_________________________________________________________________________________
REFLECTED XSSWhen building a website, you need to be sure you do not accidentally create a channel that allows malicious JavaScript to be bounced off your server - a "reflected" cross-site scripting attack.
_________________________________________________________________________________
DOM-BASED XSS
Some cross-site scripting attacks don't require server vulnerabilities. If you make use of URI fragments in your site, you need to ensure they cannot be abused to inject malicious JavaScript.https://www.acunetix.com/websitesecurity/cross-site-scripting/?utm_source=hacksplaining&utm_medium=post&utm_campaign=articlelink
_________________________________________________________________________________
All resources on your site need to have access control implemented, even if they aren't intended to be discoverable by a user. Relying on security through obscurity will lead to problems.
Content Management Systems
LDAP
_________________________________________________________________________________
OPEN REDIRECTS
Most web-applications make use of redirects. If your site forwards to URLs supplied in a query string, you could be enabling phishing attacks.
_________________________________________________________________________________
UNENCRYPTED COMMUNICATION
Insufficient encryption can make you vulnerable to man-in-the-middle attacks. Be sure to use HTTPS whenever transmitting any type of sensitive information.
_________________________________________________________________________________
INFORMATION LEAKAGE
Revealing system information helps an attacker learn about your site, and gives them an idea how it might be attacked.
sending extention like *.jsp and error or exception to user pages
Disable the “Server” HTTP Header and Similar Headers
Use Clean URLs
Ensure Cookie Parameters are Generic
Disable Client-Side Error Reporting
Sanitize Data Passed to the Client
Sanitize Template Files
Ensure Correct Configuration of Your Web Root Directory
_________________________________________________________________________________
PASSWORD MISMANAGEMENT
Safe treatment of passwords is essential to a secure authentication system - yet many websites still get this wrong.
Use Third-Party Authentication if Possible
Ensure Password Complexity
Allow Password Resets via Email
Prevent Brute-Forcing
Store Passwords With A Strong Hash, Salted
Timeout Sessions After Inactivity, and Provide a Logout Function
Use HTTPS for Secure Communication
