Documenti di Didattica
Documenti di Professioni
Documenti di Cultura
1. Injection
An injection of code happens when an attacker sends invalid data to the
web application with the intention to make it do something different
from what the application was designed/programmed to do.
Perhaps the most common example around this security vulnerability is
the SQL query consuming untrusted data. You can see one of OWASP’s
examples below:
This query can be exploited by calling up the web page executing it with
the following URL: http://example.com/app/accountView?id=’or’1’=’1,
causing the return of all the rows stored on the database table.
The preferred option is to use a safe API, which avoids the use of
the interpreter entirely or provides a parameterized interface or
migrate to use Object Relational Mapping Tools (ORMs).
Note: Even when parameterized, stored procedures can still
introduce SQL injection if PL/SQL or T-SQL concatenates queries
and data, or executes hostile data with EXECUTE IMMEDIATE or
exec().
Use positive or “whitelist” server-side input validation. This is not
a complete defense as many applications require special
characters, such as text areas or APIs for mobile applications.
For any residual dynamic queries, escape special characters using
the specific escape syntax for that interpreter.
Note: SQL structure such as table names, column names, and so
on cannot be escaped, and thus user-supplied structure names
are dangerous. This is a common issue in report-writing
software.
Use LIMIT and other SQL controls within queries to prevent mass
disclosure of records in case of SQL injection.
2. Broken Authentication
To avoid broken authentication put into practice not leaving the login
page for admins publicly accessible to all visitors of the website:
/wp-admin/ on WordPress,
/index.php/admin on Magento,
The second most common form of this flaw is allowing users to brute
force username/password combination against those pages.
Types of Vulnerabilities
Passwords
Credit card numbers
Credentials
Social Security Numbers
Health information
Personally Identifiable Information
Other personal information
We have created a DIY guide to help every website owner install an SSL
certificate to their website.
Over the last few years, sensitive data exposure has been one of the
most common attacks around the world. Some examples of data leaks
that ended up in exposing sensitive data are:
Not encrypting sensitive data is the main reason why these attacks are
still so widespread. Even encrypted data can be broken due to weak:
key generation process;
key management process;
algorithm usage;
protocol usage;
cipher usage;
password hashing storage techniques.
Most XML parsers are vulnerable to XXE attacks by default. That is why
the responsibility of ensuring the application does not have this
vulnerability lays mainly on the developer.
virtual patching,
API security gateways,
Web Application Firewalls (WAFs) to detect, monitor, and block
XXE attacks.
And that’s the problem with almost all major content management
systems (CMS) these days. By default, they give worldwide access to
the admin panel. Most of them also won’t force you to establish a
second-factor authentication method (2FA).
The above makes you think a lot about software development with a
security-first philosophy. Access control issues are also present in other
areas:
Examples of Access
Scenario #1: The application uses unverified data in a SQL call that is
accessing account information:
pstmt.setString(1,request.getParameter(“acct”));
ResultSetresults =pstmt.executeQuery( );
http://example.com/app/accountInfo?acct=notmyacct
http://example.com/app/getappInfo
http://example.com/app/admin_getappInfo
Developers are going to be more familiar with the above scenarios, but
remember that broken access control vulnerabilities can be expressed
in many forms through almost every web technology out there; it all
depends on what you use on your website.
There are things you can do to reduce the risks of broken access
control:
6. Security Misconfigurations
Hackers are always looking for ways to penetrate websites, and security
misconfigurations can be an easy way in. Here are some examples of
things that hackers usually try to exploit in order to gain unauthorized
access:
unpatched flaws
default configurations
unused pages
unprotected files and directories
unnecessary services
One of the most common webmaster flaws is to keep the CMS default
configurations.
There are settings you may want to adjust to control comments, users,
and the visibility of user information. The file permissions are another
example of a default setting that can be hardened.
network services,
platform,
web server,
application server,
database,
frameworks,
custom code,
pre-installed virtual machines,
containers,
storage.
The danger behind XSS is that it allows an attacker to inject content into
a website and modify how it is displayed, forcing a victim’s browser to
execute the code provided by the attacker while loading the page.
An XSS vulnerability gives the attacker almost full control of the most
important software of computers nowadays: the browsers.
Types of XSS
1. Reflected XSS:
Typically the user will need to interact with some malicious link
that points to an attacker-controlled page, such as malicious
watering hole websites, advertisements, or similar.
2. Stored XSS:
The application or API stores unsanitized user input that is
viewed at a later time by another user or an administrator.
Stored XSS is often considered high or critical risk.
3. DOM XSS:
8. Insecure Deserialization
Note: OWASP informed that this security risk is added by an industry
survey and not on quantifiable data research.
Every web developer needs to make peace with the fact that
attackers/security researchers are going to try to play with everything
that interacts with their application–from the URLs to serialized objects.
a:4:{i:0;i:132;i:1;s:7:"Mallory";i:2;s:4:"user";
i:3;s:32:"b6a8b3bea87fe0e05022f8f3c88bc960";}
a:4:{i:0;i:1;i:1;s:5:"Alice";i:2;s:5:"admin";
i:3;s:32:"b6a8b3bea87fe0e05022f8f3c88bc960";}
The best way to protect your web application from this type of risk is
not to accept serialized objects from untrusted sources.
We can all agree that failing to update every piece of software on the
backend and frontend of a website will, without a doubt, introduce
heavy security risks sooner rather than later.
The report for hacked website for 2017 shows that at the time of the
infection:
The question is, why aren’t we updating our software on time? Why is
this still such a huge problem today?
This might be a little too dramatic, but every time you disregard an
update warning, you might be allowing a now known vulnerability to
survive in your system. Trust me, cybercriminals are quick to investigate
software and update changelogs.
Vulnerable Applications
Keeping audit logs are vital to staying on top of any suspicious change
to your website. An audit log is a document that records the events in a
website so you can spot anomalies and confirm with the person in
charge that the account hasn’t been compromised.
remote scanner
website blacklist scanner
server-side scanner
DNS scanner
SSL scanner
uptime scanner