Home ยป Common Web-Based Applications Attacks

Common Web-Based Applications Attacks

The Open Web Application Security Project (OWASP) is a worldwide free and open community focused on improving the security of application software

The primary aim of the OWASP Top 10 is to educate developers, designers, architects and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities.

 OWASP Top 10 List:

1. Cross Site Scripting (XSS)
2. Injection Flaws
3. Malicious File Execution
4. Insecure Direct Object Reference
5. Cross Site Request Forgery (CSRF)
6. Information Leakage and Improper Error Handling
7. Broken Authentication and Session Management
8. Insecure Cryptographic Storage
9. Insecure Communications
10.Failure to Restrict URL Access

 

1. Cross Site Scripting (XSS)

  • Allows attackers to execute script in the victim’s browser - session hijacking, web site defacement, hostile content insertion, phishing, and remote browser control
  • Could be established within a different frame, a different (invisible) window, a client-side script, an image source etc.

 

2. Injection Flaws

  • Occurs when user-supplied data is sent to DB as part of a query
  • Other injections include: OS command injection, MX injection, HTTP header injection (cookies, requests) PHP
     

 

3. Malicious File Execution

  • Remote File Inclusion – PHP, XML
  • Local ASP execution
  • Very popular in attacks on CMS

 

4. Insecure Direct Object Reference

  • Includes references to files, paths, database keys, reflection by class name (e.g. JDBC connector class)
  • Almost any reference that can be reached by URL
  • Java & .NET are vulnerable to reflection in case the classloader is capable of remote class loading
  • Remote referencing includes: Web Services, CORBA, RMI, RPC

 

5. Cross Site Request Forgery (CSRF)

  • Uses an authenticated session to send unauthenticated requests
  • Could be established within a different frame, a different (invisible) window, a client-side script or an image source
     

6. Information Leakage and Improper Error Handling

  • Stack traces, database dumps, error codes
  • Reveal valuable infrastructure & configuration information to the attacker
  • Assist in injection attacks
  • Inconsistent messages differentiate success from failure

 

7. Broken Authentication and Session Management

  • Vulnerable logout, password management, timeout, remember me, secret question, and account update mechanisms
  • Client-side variables
  • Inconsistent authorization
  • Easily-guessable tokens

 

8. Insecure Cryptographic Storage

  • Not encrypting sensitive data
  • Using home grown algorithms
  • Insecure use of strong algorithms
  • Continued use of proven weak algorithms (Including, MD5, SHA-1, RC3, RC4)
  • Hard coding keys, and storing keys in unprotected stores (code & cleartext)
     

9. Insecure Communications

  • Assume all communication between customers and web applications is compromised
  • Clear text HTTP requests can be sniffed
  • URL, POST and cookie parameters are at risk
  • Old, default SSL certificates are vulnerable to spoofing
     

10.Failure to Restrict URL Access

  • Web server / DB / Application user ACL flaws
  • “Forceful browsing” – jumping to guessed, default and old URLs
  • Links can be obtained from: hidden fields, client-side code, robots.txt, configuration files, static XML files, directory access