News »Browse Articles »
Common Web Application Vulnerabilities (Top 5 Vulnerabilities) --- Web Security Testing
0
Common Web Application Vulnerabilities (Top 5 Vulnerabilities) --- Web Security Testing
1) Authentication & Authorization
=====================
One of the biggest web application weaknesses is the failure to provide a means of strong authentication to verify the end user is who they claim. Prior to accessing a web application, a server may require the end user to authenticate themselves to identify the user or to determine the user`s access privileges. Without such authentication employed, attackers could access to another user`s account, view sensitive information or perform unauthorized functions.
To mitigate this risk:
==============
•Employ strong authentication with encrypted credentials.
•Require reauthentication at specified time intervals or movement between web pages.
•Regularly test authentication and all potential ways to circumvent authentication.
•Implement authorization (access control).
2) Session Security & Session IDs
=====================
Most web sites maintain session state to determine access rights or user settings during the users` sessions. When users log in to an application, the Web server issues an identifier to the user known as a session ID. This session ID can, and should, be random and also set to expire at the completion of the session.
However, the session ID can also be predetermined (or sequential) and persistent (or not set to expire). The server uses the session identifier with associated data with each successive request. Session tokens often are not properly protected allowing attackers to compromise passwords, keys, session cookies, or other tokens that can defeat authentication restrictions and assume other users` identities. For example, the user`s session ID is displayed in the URL.
Even if authentication is required, it may be possible for a user to authenticate using legitimate credentials, but then change the session ID in the URL line to access another user`s data without requiring reauthentication
To mitigate this risk:
==============
•Assign random, nonsequential session IDs and require reauthentication when accessing additional records.
•Protect account credentials and session tokens.
•Require all cookies have an expiration date so that session tokens are only valid for a predetermined period after the last request by the user.
•Change session tokens when the user moves from an SSL-protected resource to a non-SSL-protected resource.
•Invalidate the session token at the server-side when the user logs out.
•Confirm that the session token is nonpersistent and is never written to the browser`s history or cache.
3) SQL Injection Vulnerabilities
====================
Many web applications don`t properly strip user input of unnecessary, special characters or validate information contained in a web request before using that input directly in SQL queries. SQL is a programming language that is used by many applications to talk with back-end databases. SQL Injection is an attack technique that takes advantage of the web application to extract or alter information from the database. Hackers enter SQL queries or characters into the web application to execute an unexpected action that can then act in a malicious way.
Such queries can result in access to unauthorized data, bypassing of authentication or the shut down of a database even if the database resides on the web server or on a separate server. Without proper controls in place, attackers can attack back-end components through a web application.
To mitigate this risk:
==============
•Validate user input to ensure only legitimate data is sent to the web server. Strip user input of and invalid special characters before using that input directly in SQL queries. Check input for appropriate/expected length.
•Ensure the application will not process SQL commands from the user.
•Design and program web applications in a manner that prevents client-supplied values from being treated as SQL syntax.
•Perform strict input validation on any client input.
•Implement logical security at the database level -- specify users, roles, and permissions at the database layer.
•Conduct regular testing and identification of potential SQL injection vulnerabilities.
4) Buffer Overflows
============
Web applications may be vulnerable to buffer overflows, which occur when a program attempts to store more data in a static buffer than it was designed to manage. The additional data overwrites and corrupts memory, allowing an attacker to insert arbitrary instructions on the web server or to crash the system.
To mitigate this risk:
==============
•Identify buffer overflows during testing by entering progressively larger values into form inputs, header and cookie fields.
•Prevent code insertion by unauthenticated sources.
•Validate input field length.
5) Cross-Site Scripting (XSS)
==================
A Web application can bring an attack to an end-user`s browser by using the web browser of other web users who are viewing the page. A hacker could create a web site that takes advantage of a cross site scripting flaw. An unknowing user could visit this hacker`s web site (for example, by clicking on a link within an e-mail they have received from a friend) and the hacker`s malicious code could then be executed on the unknowing user`s system. A successful attack can disclose the end user`s session token, attack the local machine, or spoof content to fool the user.
To mitigate this risk:
==============
•Filter input so end-user data cannot be interpreted as scripted content
Source:
http://Do not remember
=====================
One of the biggest web application weaknesses is the failure to provide a means of strong authentication to verify the end user is who they claim. Prior to accessing a web application, a server may require the end user to authenticate themselves to identify the user or to determine the user`s access privileges. Without such authentication employed, attackers could access to another user`s account, view sensitive information or perform unauthorized functions.
To mitigate this risk:
==============
•Employ strong authentication with encrypted credentials.
•Require reauthentication at specified time intervals or movement between web pages.
•Regularly test authentication and all potential ways to circumvent authentication.
•Implement authorization (access control).
2) Session Security & Session IDs
=====================
Most web sites maintain session state to determine access rights or user settings during the users` sessions. When users log in to an application, the Web server issues an identifier to the user known as a session ID. This session ID can, and should, be random and also set to expire at the completion of the session.
However, the session ID can also be predetermined (or sequential) and persistent (or not set to expire). The server uses the session identifier with associated data with each successive request. Session tokens often are not properly protected allowing attackers to compromise passwords, keys, session cookies, or other tokens that can defeat authentication restrictions and assume other users` identities. For example, the user`s session ID is displayed in the URL.
Even if authentication is required, it may be possible for a user to authenticate using legitimate credentials, but then change the session ID in the URL line to access another user`s data without requiring reauthentication
To mitigate this risk:
==============
•Assign random, nonsequential session IDs and require reauthentication when accessing additional records.
•Protect account credentials and session tokens.
•Require all cookies have an expiration date so that session tokens are only valid for a predetermined period after the last request by the user.
•Change session tokens when the user moves from an SSL-protected resource to a non-SSL-protected resource.
•Invalidate the session token at the server-side when the user logs out.
•Confirm that the session token is nonpersistent and is never written to the browser`s history or cache.
3) SQL Injection Vulnerabilities
====================
Many web applications don`t properly strip user input of unnecessary, special characters or validate information contained in a web request before using that input directly in SQL queries. SQL is a programming language that is used by many applications to talk with back-end databases. SQL Injection is an attack technique that takes advantage of the web application to extract or alter information from the database. Hackers enter SQL queries or characters into the web application to execute an unexpected action that can then act in a malicious way.
Such queries can result in access to unauthorized data, bypassing of authentication or the shut down of a database even if the database resides on the web server or on a separate server. Without proper controls in place, attackers can attack back-end components through a web application.
To mitigate this risk:
==============
•Validate user input to ensure only legitimate data is sent to the web server. Strip user input of and invalid special characters before using that input directly in SQL queries. Check input for appropriate/expected length.
•Ensure the application will not process SQL commands from the user.
•Design and program web applications in a manner that prevents client-supplied values from being treated as SQL syntax.
•Perform strict input validation on any client input.
•Implement logical security at the database level -- specify users, roles, and permissions at the database layer.
•Conduct regular testing and identification of potential SQL injection vulnerabilities.
4) Buffer Overflows
============
Web applications may be vulnerable to buffer overflows, which occur when a program attempts to store more data in a static buffer than it was designed to manage. The additional data overwrites and corrupts memory, allowing an attacker to insert arbitrary instructions on the web server or to crash the system.
To mitigate this risk:
==============
•Identify buffer overflows during testing by entering progressively larger values into form inputs, header and cookie fields.
•Prevent code insertion by unauthenticated sources.
•Validate input field length.
5) Cross-Site Scripting (XSS)
==================
A Web application can bring an attack to an end-user`s browser by using the web browser of other web users who are viewing the page. A hacker could create a web site that takes advantage of a cross site scripting flaw. An unknowing user could visit this hacker`s web site (for example, by clicking on a link within an e-mail they have received from a friend) and the hacker`s malicious code could then be executed on the unknowing user`s system. A successful attack can disclose the end user`s session token, attack the local machine, or spoof content to fool the user.
To mitigate this risk:
==============
•Filter input so end-user data cannot be interpreted as scripted content
Source:
http://Do not remember