Posts

Showing posts from October, 2020

Broken authentication and Session management

Image
Authentication is the process of verifying who you are. It is a security procedure that ensures and verifies the identity of the user. What is a Session?   Session is the server-side storage of user information to maintain user interaction with the web site. Servers typically generate a unique token for each connection, which is known as session ID. The session ID should be stored on the server-side and not on the client-side.  Broken authentication : Authentication is “broken” when the application allows an attacker to identify or bypass the authentication mechanism. Broken Authentication is in one of the OWASP Top 10 Vulnerabilities. Broken authentication is caused by poorly implemented authentication and session management mechanisms. It allows an attacker to compromise passwords, keys, session ID's or to exploit other implementation flaws to take over a victim’s account. Common risk factors includes:  Default account  Inadequate password policy  User En...

Guide to CSRF

Image
W hat is CSRF? Let’s unpack!   CSRF (Cross-Site Request Forgery) is a web security vulnerability that allows an attacker to induce victims to perform actions that they don’t intend to perform.  The victim can be forced to execute those actions through any method that gets them to load a resource automatically. Eg – img tag, script tag, onload form submit, etc.  This happens unknowingly because the actions are performed by the victim’s browser, not by the victim explicitly. Synonyms  -   Session Riding , One-click attack , XSRF , Sea Surf , Hostile Linking . To perform CSRF attack the attacker/malicious user should determine the right value of all the form fields and URL inputs. It works by exploiting the trust of a web site which it has on its user. Pre-requisite - In order to exploit CSRF vulnerability, the user should be logged into the target application means the user’s session should be active. Impact -   The impact of this attack depends on the appl...

Ultimate XSS tutorial

Image
             T oday, in this article,  we will see one of the most common web application vulnerabilities that is Cross-Site Scripting aka XSS.