Java Reference
In-Depth Information
a user. his is typical in the case of applications, which have upload capability for users. Malicious
users may upload iles that contain attack payload, which can result any of the following:
◾
Remote code execution on the Web/app server
◾
Installation of remote rootkits
*
or a complete system compromise
Malicious ile execution is mostly prevalent in PHP Web applications. he attack stems from the
fact the ile- or stream-based input from users is not validated.
5.4.2.4 Cross-Site Request Forgery
Cross-site request forgery is an attack that is from the same family as cross-site scripting. It is pop-
ularly known as CSRF (pronounced
see-surf
). Cross-site request forgery is an attack in which the
user who has logged on to a Web application is forced to send a request to a vulnerable Web appli-
cation that performs an action (through the request) without the user's knowledge. For instance,
a user is logged in to his email and his online bank account at the same time in two browser tabs.
he user receives an email from a source that says that his bank account needs to be updated with
the following information and the information can only be activated once he clicks on the link.
Upon clicking the link, unbeknownst to the user, a request is sent to the bank account to transfer
funds to another account; all this is done without the user's knowledge. he request would look
something like this:
<img src=”http://www.legit-bank.com/amountTransfer.do?frmAcc=document.
form.frmAcc& toAcct=123456&toSWIFTid=22331122&amt=4025.50”>
If the banking application processes requests without validation, then it is vulnerable to CSRF.
CSRF has gained a great deal of attention in recent times and has had the infamous reputation of
being a devastating Web application attack.
5.4.2.5 Cryptographic Flaws
Cryptography is an important consideration for any application with user management
requirements and handling of sensitive information. Implementation of cryptography helps
ensure continued protection of conidentiality and integrity of data at rest and in transit.
Sensitive data stored in databases need to be encrypted to ensure that conidentiality of the
data is not compromised even if the database is. User passwords and account information
must be encrypted to ensure that user account information is not compromised, even if an
attacker accesses the database or the Web server illegally. Cryptography has great beneits
and is a robust security mechanism to protect against breach of conidentiality and integ-
rity, but cryptographic implementations can also sometimes go horribly wrong if improperly
implemented. Cryptographic implementations for Web applications require several factors to
be considered. he encryption algorithm, strength of the encryption key, randomness of the
key, storage location of the encryption key, and key management are some of the factors to be
*
A rootkit is software that is designed to hide the information about a system compromise. Although the rootkit
does not grant an attacker administrator privileges, it piggybacks on another user's access to replace vital system
executables and take control of an operating system.
Search WWH ::
Custom Search