Categories
Web Application Security

SQL Injection: Basics and Defence

Structured Query Language (SQL) is used all over the web and is potentially vulnerable to an injection attack any time that user input is insecurely concatenated into a query. An injection attack allows an attacker to alter the logic of the query and the attack can lead to confidential data theft, website defacement, malware propagation and host/network compromise.

Categories
Web Application Security

IDOR: Insecure Direct Object Reference

In my experience Insecure Direct Object Reference is one of the least well known vulnerabilities out there, but it’s a very simply issue to explain. It’s a vulnerability that generally leads to loss of confidential data but can result in the less of modification of data too.

Categories
Web Application Security

XSS: Cross-site Scripting: Lesson 2, Contexts!

Sometimes when I’m chatting to security engineers and developers I hear them say that the only characters you need to encode (or strip) are < and >. This often comes around due to .Net’s security filter which restricts any alpha-character from appearing after a < character. This filter prevents a lot of XSS attacks but it’s definitely not complete.

Categories
Web Application Security

XSS: What is Cross-site Scripting? Lesson 1, Basics

Cross-site Scripting is the third vulnerability on the OWASP Top 10 and it is a vulnerability that can allow an attacker to steal confidential data, execute functions on a vulnerable site, virtually deface a site or redirect the user to a malicious page.

Categories
Web Application Security

CSRF: What Is Cross-Site Request Forgery?

Often abbreviated to CSRF and often pronounced as “Sea-Surf” is an attack against a Web Application that abuses an application’s trust in the user. An attacker’s aim is to cause a function to execute on the application using the user’s authentication credentials simply by causing the user’s browser to request that function in the normal way, but from a malicious site.

Categories
Web Application Security

Burp Suite Keyboard Shortcuts!

If you use Burp Suite a lot then you’ll no doubt love the interface – moving between tools is really fast and the interface is just friendly; however I recently heard someone complaining that it’s annoying that it’s mouse-only and you can’t use hotkeys to swap between tabs and move between tools…but you can!

Categories
Web Application Security

SOP: Same-Origin Policy Basics

Same-Origin Policy (SOP) is a critical part of the security implemented within a web browser. It’s the part of your browser’s security system that prevents malicious pages from reading confidential information from other sites. So thepiratebay.com can’t read data from barclays.com because it’s blocked by SOP.

Categories
Cheat Sheets Web Application Security

Path Traversal Cheat Sheet: Windows

Got a path/directory traversal or file disclosure vulnerability on a Windows-server and need to know some interesting files to hunt for? I’ve got you covered Know any more good files to look for? Let me know! Are you on a Linux server? Try this one instead: Path Traversal Cheat Sheet: Linux

Categories
Web Application Security

Apache Struts: CVE-2014-0094 and CVE 2014-0050

Struts is an extensible framework used for creating enterprise Java Web Applications.

In Struts 1.x there is a problem related to how the ActionForm bean population machanism works, whereas in Struts 2.x there is an issue in how ParametersInterceptor allows access to the ‘class’ parameter that is directly mapped to the getClass() method and allows ClassLoader manipulation. Long story short, this can allow attackers to execute arbitrary Java code remotely.

Categories
Web Application Security

CRIME against TLS?

Compression Ratio Info-leak Made Easy

CRIME is an attack against SSL, like Heartbleed, but it has a much smaller probability of exploitation. The authors of CRIME also wrote the BEAST attack. The attack can allow an attacker to recover web cookies and thereby perform session hijacking attacks, much like BEAST and the specific restrictions for the attack are similar.