About Web Application Security – OWASP

May 15, 2018 | Views: 3319

Begin Learning Cyber Security for FREE Now!

FREE REGISTRATIONAlready a Member Login Here

Security is a very important topic and has gained a lot of prominence in recent years. Developing a secure Web application is a very difficult task nowadays, as there are several technologies involved and consequently several types of attacks that can be carried out against Web applications, with new vulnerabilities and attacks coming up over time.

In companies, in general, it’s common to find some infrastructure environments with outdated software such as operating system, DBMS, application servers and libraries in general. But a large part of the attacks occurs because of vulnerabilities present in the application itself. The software developer has a very important role to codify the best algorithms and to have knowledge of numerous technologies and standards for Web development and the system administrator to design and maintain a good infrastructure environment. In this scenario get up the role of the security professional to make analyzes and security tests in conjunction with the system development and administration team. Therefore it’s very important that companies invest enough in information security, so as not to lose the confidence of their clients and avoid possible damages.

Let’s talk about some vulnerabilities that are commonly found in Web applications.

  • SQL Injection

Sample/imagine that this is a form field.:

[ ‘; delete from usuarios; ]

Notice that the command is simple, but this attack can cause catastrophic damage to a company. We are in this illustrative example trying to insert an SQL statement that serves to delete all records from the user’s table of the application. Of course, this assuming that the name of the table that stores the users of the application is users.

In addition to entering SQL commands to erase application information, you can also enter commands to obtain sensitive user information. As was the case with large companies like Yahoo, eBay in the past.

Sample II/imagine that this is a form login field.:

Username: [ ‘or 1 or ‘a’= ‘a ]

Password: [ * * * * * * * * * ]

In this other example, we are testing a possibility of concatenating the login and password parameters directly in the String that assembles the SQL command. This is exactly what generates the vulnerability if it were possible to generate the SQL statement:

select * from users where login = ” or 1 or ‘a’ = ‘a’ and password = ‘12345678’

Final result: FALSE or TRUE OR True AND false

And this logical operation will result in true, as if the query had returned a valid user registry of the database, thus causing the application to log in normally.

  • Cross-site Scripting

I learned of this vulnerability after October 4, 2005, when I investigated the attack by Samy Kamkar, a security professional who wrote a malicious JavaScript code. The attack was carried out on the Myspace site, which at that time was considered the largest social network on the internet.

Samy developed a script that made users who visited his profile, automatically add him as a friend, and also added on the victim’s page a category called My Heroes with the text: but most of all, Samy is my hero. By the way, Samy had few friends =) … 0/ and less than 24 hours, Samy was the most popular user on Myspace, hitting the mark of 1 million friends.

To check more details of this beautiful story, visit http://samy.pl/popular/

In the case of MySpace, the risk occurred because the application accepted JavaScripts codes being injected into web form fields, due to the lack of adequate treatment of the information entered by the users. In this attack, the objective is to send JavaScript commands that will be executed by the victim’s browser, in order to deceive them. Major companies have introduced this vulnerability as Twitter and Orkut in mid-2005.

  • Cross-Site Request Forgery

This attack works by including a link or script on a page that accesses a site where the user is known (or assumed) that the user has been authenticated. This attack is more complicated because we need to know the technologies that we are going to attack, as well as knowing very well the model of authentication and use of cookies and sessions. I’ll stop here, otherwise, this article will be too long.

To learn more about these attacks and many others as well as how to prevent them in Web applications, I recommend that you follow the work of OWASP (https://owasp.org), a leading open community focused on application security.

The Open Web Application Security Project is an open community, started in 2001, to enable organizations to keep their applications reliable, with a focus on security. The project offers free documents, tools, forums and security studies.

One of the most popular documents among information security professionals in the Top 10, an elaborate study-based list containing the top 10 most critical risks in applications. The document outlines the risks in detail, shows examples of how they work, and also teaches you how to prevent them.

For those who work or are learning about this field of information security, I strongly recommend analyzing and testing the Owasp Juice Shop Project application. 

Owasp Juice Shop Project focuses on the practice of CTFs. CTF stands for Capture the flag. They are competitions that involve diverse competences of the professionals of this field.

Links:

https://www.owasp.org/index.php/OWASP_Juice_Shop_Project

I want to contribute more in my free time. I hope you find something that brings value to you.  If you are new to the area tell me your difficulties, if you already act, we will share knowledge and techniques.

Do not hesitate to contact me!

Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Use Cybytes and
Tip the Author!
Join
Share with Friends
FacebookTwitterGoogle+LinkedInEmail
Ready to share your knowledge and expertise?
2 Comments
  1. I have been though the basics and lnows what these techniques are but I really do not understand how do they work or how to use tools. Its reaaly difficult for beginners. Any help or guidance will be highly appreciated. Thank you sir

  2. great info Sir for a beginner like me…..Thanks

Comment on This

You must be logged in to post a comment.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play
 

Support Cybrary

Donate Here to Get This Month's Donor Badge

 
Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?

Continue
Cancel