One of the questions which comes to my mind when ever i visit any website is "Are We Secure?"
We meet people day in day out who still run there business in traditional way failing to realize the importance of security, security is just a cost burden which is not a revenue generator for them. Be it a developer, manager, a corporate head what it matters to them is money and the end result i.e. software, a website.
When we see attacks happening around us on TV all we have to say is that administration is not effectively protecting us, failing to realize that we ourselves have neglected the same while we were carrying out our jobs.
As a responsible citizen i take this forum to introduce all to the mindset of an hacker further we also go on to talk about the Web attacks happening around us.For all developers developing solutions it becomes really important to know what is the vision of an hacker and keep it in mind while designing there solutions.
Stage 1 :-Information Gathering
What does a robber looks for when he choices for a home to rob?
He looks to gather information about the home, people, what valuables will he get ?
Similar to robber an hacker always thinks the same way he try's to gather information about the website or software from the various available online forums to know more about the solution and the weak areas.
Stage 2:- Scanning
What does robber looks for once he has choice his target?
Robers always try to rob a house which are easy to break in he always asks this How easy is it for him to break in?. Similarly hackers targets the system which are weak he try to scan the networks and website to know the known open ports and access.
Stage 3:- Discovery
What does robber need once he knows the entry points?
He will try to identify the tools which will help him in executing his job, similarly hacker always try to look for available exploits or customize exploits from available online forums such as milw0rm, osvdb etc.
Stage 4:- Exploit
Now the robber/hacker is ready to rob your home!!! He will try to exploit the vulnerabilities/weakness in your home or software to gain access into it.
Stage 5:- Covering Tracks
Once he has done the theft he will always try to do it in such a manner that there is no evidence to prove his doings. Similar an hacker will try to perform similar act by trying to removing all his occurrence of attacks.
What can we do to ?
Well be aware of what is happening across the online forums, there are forums which provide information about exploits for various software weakness. Also we much try to incorporate best practices such as OWASP Top 10, SANS etc.
Some of the security layers which we must have are
1. Application Layer Defense.
2. Session Layer Defense.
3. Network Layer Defense.
The attackers are now moving from traditional network layers attacks to application layer. Following are some of the top defects which are easy to find and exploited by attackers.
1. Input Validation.
Possible Attacks :-SQL Injection,Cross Site Scripting, Cross Site Request Forgery, HTTP Response Splitting.
Cause & Impact:-
SQL injection:- The website does not validate the input parameters i.e. all the request parameters sent by an enduser.An attacker can exploit this vulnerability to query the database and can lead to creating a replica of the database. If the application contains customer sensitive information then an attacker can use this information for spamming or could sell the information to competitor firm.
Cross Site Scripting:- The website does not validate the input/output parameters i.e. all the request parameters sent by/ an enduser. An attacker can use this to redirect the response of the user to his choice of servers whereby leading to transfer of sensitive information such as user credentials, account information. This attack could can be used to defame a website whereby impacting the brand image of the company.
Cross Site Request Forgery:-The website does not assign a dynamic IDs to the post request parameters i.e. all the request parameters sent by enduser are static page Ids.This attack can be used general data manipulation in the name of others.
HTTP Response Splitting:-The website does not validate the user input and response from the server contains invalidated user input. This attack could lead to redirecting user response to the server of attackers choice .
2. Authorization Bypass
Possible Attacks:- Horizontal Authorization Bypass, Vertical Authorization Bypass using URL/Parameter Manipulation and Packet replay.
Cause & Impact:-
URL/Parameter Manipluation:- The website does not validate the authorization privilege of a user before serving any content. An attacker could use this to gain acccess to administrator roles and privalges.
Packet Replay:- The website does not map the session ID of an user with the user uniquely defined parameters. An attacker could use this to gain acccess to administrator roles and privalges by replying the packet in case the website is over insecure channel i.e. HTTP.
There are couple of other important issues which will be covered in the upcoming post such as Session layer attacks, Configuration Management issues, Log Management issues, In- Secure Channels and Network layer attacks.
Hope this post would be informative to you and would like to hear your comments on the above highlighted problems.
We meet people day in day out who still run there business in traditional way failing to realize the importance of security, security is just a cost burden which is not a revenue generator for them. Be it a developer, manager, a corporate head what it matters to them is money and the end result i.e. software, a website.
When we see attacks happening around us on TV all we have to say is that administration is not effectively protecting us, failing to realize that we ourselves have neglected the same while we were carrying out our jobs.
As a responsible citizen i take this forum to introduce all to the mindset of an hacker further we also go on to talk about the Web attacks happening around us.For all developers developing solutions it becomes really important to know what is the vision of an hacker and keep it in mind while designing there solutions.
Stage 1 :-Information Gathering
What does a robber looks for when he choices for a home to rob?
He looks to gather information about the home, people, what valuables will he get ?
Similar to robber an hacker always thinks the same way he try's to gather information about the website or software from the various available online forums to know more about the solution and the weak areas.
Stage 2:- Scanning
What does robber looks for once he has choice his target?
Robers always try to rob a house which are easy to break in he always asks this How easy is it for him to break in?. Similarly hackers targets the system which are weak he try to scan the networks and website to know the known open ports and access.
Stage 3:- Discovery
What does robber need once he knows the entry points?
He will try to identify the tools which will help him in executing his job, similarly hacker always try to look for available exploits or customize exploits from available online forums such as milw0rm, osvdb etc.
Stage 4:- Exploit
Now the robber/hacker is ready to rob your home!!! He will try to exploit the vulnerabilities/weakness in your home or software to gain access into it.
Stage 5:- Covering Tracks
Once he has done the theft he will always try to do it in such a manner that there is no evidence to prove his doings. Similar an hacker will try to perform similar act by trying to removing all his occurrence of attacks.
What can we do to ?
Well be aware of what is happening across the online forums, there are forums which provide information about exploits for various software weakness. Also we much try to incorporate best practices such as OWASP Top 10, SANS etc.
Some of the security layers which we must have are
1. Application Layer Defense.
2. Session Layer Defense.
3. Network Layer Defense.
The attackers are now moving from traditional network layers attacks to application layer. Following are some of the top defects which are easy to find and exploited by attackers.
1. Input Validation.
Possible Attacks :-SQL Injection,Cross Site Scripting, Cross Site Request Forgery, HTTP Response Splitting.
Cause & Impact:-
SQL injection:- The website does not validate the input parameters i.e. all the request parameters sent by an enduser.An attacker can exploit this vulnerability to query the database and can lead to creating a replica of the database. If the application contains customer sensitive information then an attacker can use this information for spamming or could sell the information to competitor firm.
Cross Site Scripting:- The website does not validate the input/output parameters i.e. all the request parameters sent by/ an enduser. An attacker can use this to redirect the response of the user to his choice of servers whereby leading to transfer of sensitive information such as user credentials, account information. This attack could can be used to defame a website whereby impacting the brand image of the company.
Cross Site Request Forgery:-The website does not assign a dynamic IDs to the post request parameters i.e. all the request parameters sent by enduser are static page Ids.This attack can be used general data manipulation in the name of others.
HTTP Response Splitting:-The website does not validate the user input and response from the server contains invalidated user input. This attack could lead to redirecting user response to the server of attackers choice .
2. Authorization Bypass
Possible Attacks:- Horizontal Authorization Bypass, Vertical Authorization Bypass using URL/Parameter Manipulation and Packet replay.
Cause & Impact:-
URL/Parameter Manipluation:- The website does not validate the authorization privilege of a user before serving any content. An attacker could use this to gain acccess to administrator roles and privalges.
Packet Replay:- The website does not map the session ID of an user with the user uniquely defined parameters. An attacker could use this to gain acccess to administrator roles and privalges by replying the packet in case the website is over insecure channel i.e. HTTP.
There are couple of other important issues which will be covered in the upcoming post such as Session layer attacks, Configuration Management issues, Log Management issues, In- Secure Channels and Network layer attacks.
Hope this post would be informative to you and would like to hear your comments on the above highlighted problems.
Sphere: Related Content
No comments:
Post a Comment