In this modern era, web security and vulnerabilities are an interesting and very hot topic for the user who are directly or in-directly connected with web. The vast majority of exposure have been driven by the large corporations that have fallen unfortunate victim to high profile attack from malicious users. These vulnerabilities have resulted in exposure of all your confidential and personal information like emails, passwords, contact number, credential details etc. These days, web security becomes a priority for every companies. Here we have tried to provide an effective approach for providing security mind-set which would help reader to understand all the pitfalls to be aware of along with healthy dose of paranoia. The post is made along with the only motive to improve the software security across the globe. Here are some common mistakes usually done by the users.
Broken authentication may comes with several other problems including passwords might not get encrypted either in transit or storage, url may contain all the session id and thus there is a chance of its leakage to some one else. Sessions fixation may be then possible, session id might be predictable and last but most scary session hijacking might be possible at that time.
Prevention : Using framework is the most straightforward way to avoid these severe vulnerabilities.
Infection flaws are the second most common mistake. It usually result from a classic failure to make filter all the untrusted input. The vulnerability often arises when you pass unfiltered data to the SQL injection (SQL server), to the LDAP server, to the browsers etc. The main problem is that the attacker can easily inject commands to these entities leading towards hijacking client browsers and severe data loss.
Prevention: The good news is that securing against malware is just a matter of properly filtering your input whether it can be trusted or not. But the bad news is that all the inputs needs to get filtered properly, unless it can be trusted. It is recommended to rely on your frameworks as filtering is very hard to do.
Insecure Direct Object Reference (IDOR)
This is one among a classic case of trusting user input and then paying the price in a resulting privacy and security vulnerability. A direct object reference is basically means that an internal object such as database key or file is exposed to the user. The main problem with this is that the attacker can provide this reference if the authorization is broken or not enforced and thus the attacker will get access to do things they want. Another common example of vulnerability is password reset function that mainly rely on the user input. Soon after clicking the valid URL attacker will be capable to modify the user name field with the admin in the URL.
Prevention: This severe problem can be solved by just storing data internally and are not relying on it being transferred or passed from the client via CGI parameter. Sessions variables in frameworks are well suited for this purpose.
Sensitive Data Exposure
This web security vulnerability is all about crypto and resource protection. Sensitive or confidential data should be encrypted at all the times including in transit and at rest. Passwords and credit card information should never travel or be stored encrypted as well passwords should always be hashed. The hashing/crypto algorithm must not be a weak one when in doubt use RSA(2048 bits and up) and AES(256 bits and ups). Sensitive data and session’s IDs should not be travelling in the URLs and cookies must have its secure flag on.
In storage: It is very much important to notice, you need to lower your exposure, if you don’t need your valuable data to be shared with anyone. Never ever store your credit card details ever as you don’t want to deal with being PCI complaint. Always sign up with with a payment processor such as Braintree or Stripe. All your sensitive data must be stored in encrypted form and you must make sure that all the passwords are hashed.
In transit: Always use https with a proper certificate and Perfect Forward Secrecy (PFS). Never ever accept anything over non-https connections. Always keep your secure flag on cookies.
Using Components with known Vulnerability
It is basically a deployment/maintenance issue. Before incorporating any new code, do some research possibly some auditing. It mainly cause due after using the code that you got from any random person or due to some forum that might be very convenient. There are many cases for instance sites got owned not because the programmers were stupid but due to third party software which remained un-patched for years in production.
The main lesson here we get is that the software development does not mainly end when th application is deployed. There has to be documentations, plans and tests on how to keep it updated and maintained especially when it contain any open sources components or any 3rd party.
Stay up-to-date: Always use latest versions of every thing and have a plan to update them on regular basis.
Exercise caution: Have caution while using such components. Before putting any code first of all examine it throughly.
I hope that this post will manage to tickle your brain little bit and will help you in providing a healthy dose of web security vulnerabilities awareness.