Attack Vectors
Jump to navigation
Jump to search
References http://java.boot.by/scea5-guide/ch08s03.html
Input Validation
- data type
- format
- length
- range
- nulls
- special characters e.g. [ % * | '
- square brackets special in sql server?
Output sanitation
- prevent special tags being output by user generated content
- change content
- malicious scripts
- screen this on input?
Buffer overflow
- typically attack on input parameters
- may also target output sanitisation, data injection
Data Injection
- inject malicious code along with normal user data
- pop up windows - window injection
- hijack pop up window from a second site
- data passed to DB - sql injection
- prevent with input validation
- input, query strings, cookies - sever side validation
XSS Cross site scripting
- links or scripts included in user generated content
- javascript, vbscript, activex, html, flash
- gathers data from other users
- steel accounts, change privileges, steel information, poison content
Improper error handling
- disclosure of errors on failure
- information leaked can be used to generate an attack
- display user friendly messages
- e.g. unique reference that can be looked up in logs
- don't display stack trace or internal details of error
Insecure data transfer/storage
- use cryptographic techniques for sensitive data
- prevents eves dropping
- prevent tampering
Weak session identifiers
- session identifiers before authorised
- session identifier passed over insecure channels
- failure to validate the session identifier
- failure to expire session
Weak security tokens
- poor passwords - guessable
- echoing back passwords e.g. in cookie without proper encryption
- use strong/multifactor authentication
- digital certificates, biometrics, smart cards
- validate passwords
Weak password exploits
- weaknesses: guessable, captured from keystrokes, password cracking tools
- most common security issue
- see above - weak security tokens
Weak encryption
- faster computers => algorithms/key lengths becoming viable to brute force attacks
- weaknesses in algorithms discovered e.g. MD5
- use longer key lengths - approved algorithms e.g. AES, SHA
Session theft
- steeling/snooping/reusing/guessing sessionid/session cookie
- invalidate session after use
- encrypt session information
- use secure channel SSL/TLS
Insecure configuration
- particularly web tier
- certificate configuraion/encryption settings
- default/debugging accounts
- unnecessary/insecure plugins/options
- unnecessary ports
- authentication configuration
- credential management
Broken access control
- ability to view source
- restricted files
- configuration data
- penetration test
Policy failures
- organisations policy must have all required rules
- rules must not conflict - appropriate qualification
- issues for design
Audit and Loggin
- Key to non-repudiation
- Required to diagnose/foil attacks
- required to resolve bugs/race conditions
- Should be secured and restricted access
DOS DDOS (distributed) denial of service
- impact logging
- router filtering
- fault tolerant redundant servers
- host name verification
- secure pipe, intercepting web agent, intercepting validator patterns
MITM man in the middle
- SSL/TLS IPSEC or secure pipe pattern
Multiple sign on
- user has to log in multiple times
- possible to exploit multiple simultaneous sessions/ loss of productivity forcing logout from each application
- use SSO to resolve
Deployment problems
- review and test infrastructure security policies
- verify application policies consistent with infrastructure policies
Code quality
- coding review
- secure code scanning