OWASP or Open Web Security Project is a non-profit charitable organization focused on improving the security of software and web applications. Show
The organization publishes a list of top web security vulnerabilities based on the data from various security organizations. The web security vulnerabilities are prioritized depending on exploitability, detectability and impact on software.
The main aim of OWASP Top 10 is to educate the developers, designers, managers, architects and organizations about the most important security vulnerabilities. The Top 10 security vulnerabilities as per OWASP Top 10 are:
SQL InjectionDescription Injection is a security vulnerability that allows an attacker to alter backend SQL statements by manipulating the user supplied data. Injection occurs when the user input is sent to an interpreter as part of command or query and trick the interpreter into executing unintended commands and gives access to unauthorized data. The SQL command which when executed by web application can also expose the back-end database. Implication
Vulnerable Objects
Examples:
Logging into an application without having valid credentials. Valid userName is available, and password is not available. Test URL: http://demo.testfire.net/default.aspx User Name: sjones Password: 1=1′ or pass123 SQL query created and sent to Interpreter as below SELECT * FROM Users WHERE User_Name = sjones AND Password = 1=1′ or pass123; Recommendations
Cross Site ScriptingDescription Cross Site Scripting is also shortly known as XSS. XSS vulnerabilities target scripts embedded in a page that are executed on the client side i.e. user browser rather then at the server side. These flaws can occur when the application takes untrusted data and send it to the web browser without proper validation. Attackers can use XSS to execute malicious scripts on the users in this case victim browsers. Since the browser cannot know if the script is trusty or not, the script will be executed, and the attacker can hijack session cookies, deface websites, or redirect the user to an unwanted and malicious websites. XSS is an attack which allows the attacker to execute the scripts on the victim’s browser. Implication:
Vulnerable Objects
Examples 1. http://www.vulnerablesite.com/home?”<script>alert(“xss”)</script> The above script when run on a browser, a message box will be displayed if the site is vulnerable to XSS. The more serious attack can be done if the attacker wants to display or store session cookie. 2. http://demo.testfire.net/search.aspx?txtSearch <iframe> <src = http://google.com width = 500 height 500></iframe> The above script when run, the browser will load an invisible frame pointing to http://google.com. The attack can be made serious by running a malicious script on the browser. Recommendations
Broken Authentication and Session ManagementDescription The websites usually create a session cookie and session ID for each valid session, and these cookies contain sensitive data like username, password, etc. When the session is ended either by logout or browser closed abruptly, these cookies should be invalidated i.e. for each session there should be a new cookie. If the cookies are not invalidated, the sensitive data will exist in the system. For example, a user using a public computer (Cyber Cafe), the cookies of the vulnerable site sits on the system and exposed to an attacker. An attacker uses the same public computer after some time, the sensitive data is compromised. In the same manner, a user using a public computer, instead of logging off, he closes the browser abruptly. An attacker uses the same system, when browses the same vulnerable site, the previous session of the victim will be opened. The attacker can do whatever he wants to do from stealing profile information, credit card information, etc. A check should be done to find the strength of the authentication and session management. Keys, session tokens, cookies should be implemented properly without compromising passwords. Vulnerable Objects
Implication
Examples
Recommendations
Insecure Direct Object ReferencesDescription It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. Implication
Vulnerable Objects
Examples: Changing “userid” in the following URL can make an attacker to view other user’s information. http://www.vulnerablesite.com/userid=123 Modified to http://www.vulnerablesite.com/userid=124 An attacker can view others information by changing user id value. Recommendations:
Cross Site Request ForgeryDescription Cross Site Request Forgery is a forged request came from the cross site. CSRF attack is an attack that occurs when a malicious website, email, or program causes a user’s browser to perform an unwanted action on a trusted site for which the user is currently authenticated. A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. A link will be sent by the attacker to the victim when the user clicks on the URL when logged into the original website, the data will be stolen from the website. Implication
Vulnerable Objects
Examples The victim is logged into a bank website using valid credentials. He receives mail from an attacker saying “Please click here to donate $1 to cause.” When the victim clicks on it, a valid request will be created to donate $1 to a particular account. http://www.vulnerablebank.com/transfer.do?account=cause&amount=1 The attacker captures this request and creates below request and embeds in a button saying “I Support Cause.” http://www.vulnerablebank.com/transfer.do?account=Attacker&amount=1000 Since the session is authenticated and the request is coming through the bank website, the server would transfer $1000 dollars to the attacker. Recommendation
Security MisconfigurationDescription Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality. Sometimes such flaws result in complete system compromise. Keeping the software up to date is also good security. Implication
Vulnerable objects
Examples
Recommendations
Insecure Cryptographic StorageDescription Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. (*Hashing is transformation of the string characters into shorter strings of fixed length or a key. To decrypt the string, the algorithm used to form the key should be available) Implication
Vulnerable objects
Examples In one of the banking application, password database uses unsalted hashes * to store everyone’s passwords. An SQL injection flaw allows the attacker to retrieve the password file. All the unsalted hashes can be brute forced in no time whereas, the salted passwords would take thousands of years. (*Unsalted Hashes – Salt is a random data appended to the original data. Salt is appended to the password before hashing) Recommendations
Failure to restrict URL AccessDescription Web applications check URL access rights before rendering protected links and buttons. Applications need to perform similar access control checks each time these pages are accessed. In most of the applications, the privileged pages, locations and resources are not presented to the privileged users. By an intelligent guess, an attacker can access privilege pages. An attacker can access sensitive pages, invoke functions and view confidential information. Implication
Vulnerable objects:
Examples
http://www.vulnerablsite.com can be modified as http://www.vulnerablesite.com/admin Recommendations
Insufficient Transport Layer ProtectionDescription Deals with information exchange between the user (client) and the server (application). Applications frequently transmit sensitive information like authentication details, credit card information, and session tokens over a network. By using weak algorithms or using expired or invalid certificates or not using SSL can allow the communication to be exposed to untrusted users, which may compromise a web application and or steal sensitive information. Implication
Vulnerable objects
Recommendations
Examples: 1. An application not using SSL, an attacker will simply monitor network traffic and observes an authenticated victim session cookie. An attacker can steal that cookie and perform Man-in-the-Middle attack. Unvalidated Redirects and ForwardsDescription The web application uses few methods to redirect and forward users to other pages for an intended purpose. If there is no proper validation while redirecting to other pages, attackers can make use of this and can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages. Implication
Examples 1.http://www.vulnerablesite.com/login.aspx?redirectURL=ownsite.com Modified to http://www.vulnerablesite.com/login.aspx?redirectURL=evilsite.com Recommendations
Which type of vulnerability allows an attacker to execute a malicious script in user browser?Cross-site Scripting (XSS) Cross-site Scripting (XSS) is a client-side code injection attack. The attacker aims to execute malicious scripts in a web browser of the victim by including malicious code in a legitimate web page or web application.
Which of the following attacks allows an attacker to enter the malicious data into a website?C. A SQL injection attack allows an attacker to send commands to the database server to access data.
What are some exploits that a malicious user can execute in a browser?Top 8 website vulnerabilities a hacker can exploit. SQL Injection: ... . Broken authentication and session management: ... . Cross Site Scripting (XSS): ... . Insecure direct object reference: ... . Wrong Security Configuration: ... . Cross Site Request Forgery (CSRF): ... . Remote Code Execution: ... . Username Enumeration:. Which of the following is a vulnerability in web browser?The Top 10 security vulnerabilities as per OWASP Top 10 are:
Insecure Direct Object References. Cross Site Request Forgery. Security Misconfiguration. Insecure Cryptographic Storage.
|