Security breaches on Web Application



Security Breaches on Web Application


Basically we have several types of security breaches on Web application


1. Session Fixation


2. CSRF


3. Click Jacking


Session Fixation



Session fixation, by most definitions, is a subclass of session hijacking. The most common basic flow is:

Step 1. Attacker gets a valid session ID from an application
Step 2. Attacker forces the victim to use that same session ID
Step 3. Attacker now knows the session ID that the victim is using and can gain access to the victim’s account

Step 2, which requires forcing the session ID on the victim, is the only real work the attacker needs to do. And even this action on the attacker’s part is often performed by simply sending the victim a link to a website with the session ID attached to the URL.

We need to make sure about

Fortunately, resolving session fixation is usually fairly simple. The basic advice is:

Invalidate the user session once a successful login has occurred.

The usual basic flow to handle session fixation prevention looks like:

1. User enters correct credentials
2. System successfully authenticates user
3. Any existing session information that needs to be retained is moved to temporary location
4. Session is invalidated (HttpSession#invalidate())
5. New session is created (new session ID)
6. Any temporary data is restored to new session
7. User goes to successful login landing page using new session ID


CSRF (Cross Site Request Forgery)
Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated.

CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing.

If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth. If the victim is an administrative account, CSRF can compromise the entire web application.

For Example

<!DOCTYPE HTML SYSTEM "about:legacy-compat">

<html lang="en">

<head>

      <title>Cross Site Request Forgery Demo</title>

</head>

<body>

      <form id="command" action="http://localhost:8080/sample/100" method="post">

           <input type="hidden" name="_method" value="delete">

          <input value="Win Money!" type="submit">

     </form>

</body>

</html>

Note : We can disable crosssite request forgeries by disabling through application. like csrf.disable() and headers.disable() on HTTP request in Spring Security.


Click Jacking
A clickjack takes the form of embedded code or a script that can execute without the user's knowledge, such as clicking on a button that appears to perform another function.

For Example

<!DOCTYPE HTML SYSTEM "about:legacy-compat">

<html lang="en">

<head>

<title>Clickjacking Demo</title>

<style type="text/css">

#message-content

{ // Content css props of the Page

}

#message-content iframe

{ // css props of the page

}

</style>

</head>

<body>

<form action="#" method="post">

<input id="attack" type="submit" value="Win Money!"/>

</form>

<div id="message-content">

<iframe src="http://localhost:8080/sample/"></iframe>

</div>

</body>

</html>

If we can see both the text "Win Money!" at the top of the page and your target web page successfully loaded into the frame, then your site is vulnerable and has no type of protection against Clickjacking attacks. Now you can directly create a "proof of concept" to demonstrate that an attacker could exploit this vulnerability.

We can avoid this by

Methods to protect a web page from clickjacking can be divided in two macro-categories:


  • Client side protection: Frame Busting
  • Server side protection: X-Frame-Options

Comments

Post a Comment

Popular posts from this blog

How to get the tweets using Kafka producer and Consume it using MongoDB

Kafka_Mongo_Integration Sample POC on Kafka which will pull tweets from twitter and persist in to the MongoDB Technologies: Kafka Zookeeper MongoDB For full code  https://github.com/BrahmaR/KafkaMongoIntegration Kafka Producer: package com.royal.twitter.kafka; import java.util.Properties; import java.util.concurrent.BlockingQueue; import java.util.concurrent.LinkedBlockingQueue; import kafka.javaapi.producer.Producer; import kafka.producer.KeyedMessage; import kafka.producer.ProducerConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import com.google.common.collect.Lists; import com.twitter.hbc.ClientBuilder; import com.twitter.hbc.core.Constants; import com.twitter.hbc.core.endpoint.StatusesFilterEndpoint; import com.twitter.hbc.core.processor.StringDelimitedProcessor; import com.twitter.hbc.httpclient.BasicClient; import com.twitter.hbc.httpclient.auth.Authentication; import com.twitter.hbc.httpcl...
Read more

Monolithic vs Micro Services

Monolithic : Developing and maintaining   the whole application into a Single unit. Micro Services : Developing and maintaining individual services and   deploying as single application using light weight protocols for communication. Feature Monolithic Micro Services Language Constraint We have to write entire application in a single language. Micro services can be developed using multiple languages. We can go with multiple persistent databases and frameworks which is best suitable for a business need.   Digestion It is not possible one developer to digest all the modules in the entire application. Micro services are pieces of application. So, digestion is not a problem. Developer can easily concentrate on the assigned service only. Deployment Deployment is easy but we have to deploy the entire application for a small change. Micro serv...
Read more

AngularJS Flow

AngularJS  is a very powerful JavaScript Framework. It is used in Single Page Application (SPA) projects. It extends HTML DOM with additional attributes and makes it more responsive to user actions. AngularJS is open source, completely free, and used by thousands of developers around the world. It is licensed under the Apache license version 2.0. AngularJS flow with a simple example <!doctype html> <html> <head> <script src = "https://ajax.googleapis.com/ajax/libs/angularjs/1.5.2/angular.min.js" ></script> </head> <body ng-app = "myapp" > <div ng-controller = "HelloController" > <h2> Welcome {{helloTo.title}} to the world of Tutorialspoint! </h2> </div> <script> angular . module ( "myapp" , []) . controller ( "HelloController" , function ( $scope...
Read more