The importance of being earnest (when it comes to web security)

May 21, 2015 by AdrianC

We live in an Internet era and no one wants to have a website that is vulnerable to web attacks - as this means losing money, time and credibility. Web security wasn't regarded as a "big problem" before the year 2000, however social networking websites and an increase in the adoption rate of the Web, as a means for business, have changed all this, and now more and more hackers are trying to compromise the WWW security for personal gain... and some even for fame and fun.

So what are the most important threats when it comes to web security, and most importantly, how to avoid them? Let's find out:

Cross Site Scripting

Cross Site Scripting (also called XSS or CSS) is one of the most common hacking techniques and it involves the leveraging (exploiting) of vulnerabilities in a web application's code in order to allow the attacker to send malicious content to an end user and collect data from the victim. XSS attacks occur through various types of user input, from simple forms submitted by normal users to more complex attacks such as: JSON script, XML web service, exploited cookies etc.

Here is an example of a simple Non-Persistent XSS attack:

  • The attacker crafts an URL and sends it to the victim by various ways 
  • This way, the attacker can provide a link that leads to an executable which will be downloaded and installed automatically, without the user noticing it. This executable can be a virus, a trojan or other malicious software.

The basic protection method against XSS attacks is to pass all external data through a filter (because, when it comes to the Internet, we should not trust external sources). Also, in order to further prevent XSS attacks, the user input must be properly sanitized (special characters such as " or ' are not passed to the SQL query), the output variables must be encoded before they are returned to the end-user and the input parameters must be filtered for special characters.

SQL Injection

SQL injection is used mainly for stealing data from organizations, and it's a code injection technique (obviously) which exploits the security vulnerabilites of an application and inserts malicious SQL statements into the entry fields that are used for execution (a login form, for example). Considering that this type of attack can be directed at any type of SQL database, it has a wide pool of potential "victims" (both normal users and business users).

Here is an example of a syntax error that can be used for SQL injection:

a';DROP TABLE users; SELECT * FROM userinfo WHERE 't' = 't'; --

A simple example of an SQL injection attack can be the following:

  • A normal user enters his username and password into a Login form
  • After the credentials are submited, an SQL query will be generated and submited to the database, granting acces to the user
  • During this process, the hacker can insert crafted SQL commands in order to bypass the Login form and discover what lies behind it
  • In this way, the hacker can communicate directly with the database and extract, update or delete entries from the tables

SQL injection can be performed in areas such as login pages, search pages, feedback forms, support and product request forms, shopping carts etc.

The first step in preventing SQL injection attacks is data sanitization and validation. Other preventive measures are: setting the magic_quotes_gpc variable off, install patches regularly, perform thoroughly automated tests for discovering SQL vulnerabilities.

Although these are the most used web attacks, there are many more types of attacks, such as: Path Disclosure, Denial of Service, Code Execution, Memory Corruption, Buffer Overflow etc. Neglecting web security is a serious issue, which involves huge time and money loses for companies (and even for end-users). Taking in account the notorious Heartbleed incident from 2014, developers will certainly be more security minded when developing their applications.

Is your web security good enough to prevent XSS or SQL injection attacks?


Tags: Security  Web 


Comments

No comments yet.

Your Comment:







Blog Home   SBP Home
RSS Feed       Contact








 Blog Archives  |  Terms of Use  |  Privacy Policy
© 2017 SBP Romania. All rights reserved.