In the most obvious cases, a SQL injection flaw may be discovered and conclusively verified by supplying a single item of unexpected input to the application. In other cases, bugs may be extremely subtle and may be difficult to distinguish from other categories of vulnerability or from benign anomalies that do not present any security … Read more
Almost every web application employs a database to store the various kinds of information that it needs in order to operate. For example, a web application deployed by an online retailer might use a database to store the following information: ■ User accounts, credentials, and personal information ■ Descriptions and prices of goods for sale … Read more
The topic of code injection is a huge one, encompassing dozens of different languages and environments, and a wide variety of different attacks. It would be possible to write an entire book on any one of these areas, exploring all of the theoretical subtleties of how vulnerabilities can arise and be exploited. Because this is … Read more
Issues relating to access apply not only to the web application itself but also to the other infrastructure tiers which lie beneath it — in particular, the application server, the database, and the operating system. Taking a defense-in-depth approach to security entails implementing access controls at each of these layers to create several layers of … Read more
Before starting to probe the application to detect any actual access control vulnerabilities, you should take a moment to review the results of your application mapping exercises, to understand what the application’s actual requirements are in terms of access control, and therefore where it will probably be most fruitful to focus your attention. The easiest … Read more
Common Vulnerabilities Access controls can be divided into two broad categories: vertical and horizontal. Vertical access controls allow different types of users to access different parts of the application’s functionality. In the simplest case, this typically involves a division between ordinary users and administrators. In more complex cases, vertical access controls may involve fine-grained user … Read more
The application’s session management functionality should be closely integrated with its mechanisms for logging, monitoring, and alerting, in order to provide suitable records of anomalous activity and enable administrators to take defensive actions where necessary: ■ The application should monitor requests that contain invalid tokens. Except in the most trivially predictable cases, a successful attack … Read more
The defensive measures that web applications must take to prevent attacks on their session management mechanisms correspond to the two broad categories of vulnerability that affect those mechanisms. In order to perform session management in a secure manner, an application must generate its tokens in a robust way and must protect these tokens throughout their … Read more