Web Security

CSRF(Cross site request forgery)

  1. Attacker crafts a request to a website that the victim has access to.
  2. Victim is tricked to submit the request which he doesn't intend to.
  3. Victim tricked to changing  his personal information with attackers mobile/email.
How To Fix: This attack can be protected by including csrf token in web forms which keeps changing for every request and every user. Referrer header is another option.

Session fixation

  1. Attacker creates a session by accessing a malicious site.
  2. Persuades victim to login to the site with the same session id. 
  3. Attacker uses the same session and impersonate victim
How To Fix: This attack can be prevented by creating a new session whenever user logs in.

HSTS(HTTP Strict transport security)

  1. If the https protocol is omitted in the url, victim will be allowed to access the un-secured site.
  2. Since, the communication is not secured via http, victim will potentially be vulnerable to man in the middle attacks.
  3. Attacker can view the network traffic between the victim and the site, intercept it and change it.
How To Fix:  Adding Strict-Transport-Security to the response header fixes this vulnerability and tells the browser to treat the site as https
Strict-Transport-Security: max-age=31536000 ; includeSubDomains

XSS (Cross site scripting)

  1. Attacker manipulates the website to return malicious javascript in the response.
  2. Whenever that scirpt gets executed in the victims's browser, it sends the sensitive information of the victim to the attacker such as cookie information.
  3. Now, Attacker can impersonate as a victim, can access the malicious website and do what victim is priviliged to do on it.
How To Fix:
  • Validating the input, Encoding the output, use appropriate content-type response header are used to prevent this attack.
  • CSP and X-XSS-Protection are other mechanisms to protect against this vulnerability using response headers
Content-Security-Policy: script-src https://trustedscripts.example.com - Any attempt to load a script from any source other than what is declared in script-src will be deinied
X-XSS-Protection: 1; mode=block - Response header hints browser to block the cross site script

SQL Injection

  1. Attacker manipulates SQL queries by injecting malicious i/p to the web page.
  2. SQL returns sensitive information back to the web page.
How To Fix:  Stop writing dynanic queries, Using prepared statements, whitelisting input

DOS(Denial of service)/DDOS(Distributed denial of service):

  1. Attack which makes an application to perform slowly.
  2. Attacker attacks the site repeatedly and cause resource outage
How To Fix: Define a load limit, which specifies the number of users allowed to access any given resource at any given time.
X-Rate-Limit-Limit HTTP header is the rate limit ceiling for that given request.
X-Rate-Limit-Remaining HTTP header the number of requests left for the 60 seconds window.





Comments

Post a Comment

Popular posts from this blog

How to create, manage Thread pools in Java?

ThreadPool Creation Executors class provides several static methods to create various types of Thread pools in Java FixedThreadPool, CachedThreadPool, ScheduledThreadPool, WorkStealingPool are different variants of Thread pools available in java. A thread pool can be created by calling the below snippet. ExecutorService fixedPoolExecutorService = Executors . newFixedThreadPool ( 2 ); ThreadPool Management Thread pools are managed by ExecutorService Interface. We get the handle of ExecutorService while creating the Thread Pool. ExecutorService provides submit() method to submit your task. For submitting a task, y ou should create a task either by implementing Runnable or Callable and then pass the task's reference to the submit() method.  Submit() method is overloaded with submit(Runnable task) and submit(Callable Task) and returns Future in both the cases. Runnable version returns Null when we call future.get() whereas callable returns a value. The task of ...
Continue Reading »

LDAP - Basics

Image
What is LDAP? LDAP is a protocol used by clients for accessing the directory server. What is a directory server? The directory server is a storage server which is widely used to store user's data of any organization. It uses LDAP protocol to listen to client requests for performing any read/write operations on it.  Since the directory servers support LDAP protocol for interacting with clients, they are also called as LDAP servers. Who are the clients to directory server? Directory clients can be anything which is capable of interacting with the directory server. Examples of directory clients can be a java application, Apacheds studio (Apache DS studio is similar to SQL developer or TOAD for Oracle), etc.  How data in LDAP servers gets stored? Data in LDAP server gets stored in a directory.  When we add entries to the LDAP, they get stored under the base directory. Some of the entries may contain subentries also. Eventually, This result in data stor...
Continue Reading »