Java Reference
In-Depth Information
he attacker logs in to the application and sends the server issued session ID 30000 to another
unsuspecting user of the application:
https://www.vulnerablesite.com/login.jsp?sessionid=3000
he unsuspecting legitimate user clicks on the link and is transported to the login page of the vul-
nerable Web application. he user, unknowing of the attacker's intentions, enters his credentials into
the login screen, upon which the application accepts the request with the session ID 3000, as it is
recognized as an already established valid session. he hacker, now with full knowledge of the session
ID, can access the user's account at https://www.vulnerablesite.com/account.jsp?sessionid=3000.
Session ixation attacks are quite common in Web applications, and it is critical to ensure that
session ixation attacks are prevented with appropriate coding practices.
5.4.2.8 Unrestricted URL Access
Every Web application has a number of URLs, which are required for viewing information or for
performing actions on the Web application. In several situations, the only measure of protection
for URLs is that they aren't presented to unauthorized users, but attackers may and usually will
ind URLs that are meant for only authorized users and access these pages, view data, and perform
actions that may subsequently lead to a compromise of the Web application. For instance, the Web
application administrator may be able to access
http://www.vulnerable-site.com/admin/adduser.jsp
his page might be meant only for an admin user of the application to add users to the application.
If this URL is unprotected, then an attacker can perform a cursory scan, popularly referred to as
crawling of a Web site
, and may discover URLs that are unprotected. In several cases, insuicient
access controls for URLs may cause URLs to be exposed to unauthorized users.
Another popular vulnerability type exposing URLs to unauthorized users is that several Web
applications enforce user authorization through JavaScript. By disabling JavaScript or using a Web
application proxy, unauthorized users may perform all the activities that may be performed by
users with higher privileges.
Unrestricted URL access needs to be ixed with strong authentication and authorization mech-
anisms implemented to ensure that sensitive URLs for a Web application are enforced efectively
through server-side mechanisms.
5.4.3 Basic Understanding of Threats and Associated Concepts
hreat
can be deined as anything that can identify the vulnerability and potentially exploit it.
We have already explored the concept of a threat in Chapter 3. hreats are omnipresent in every
environment and are always part of the world around us. Web applications are no diferent. We
have explored the common Web application attacks in the previous section and have looked at
several threat types. Web applications are especially diicult to protect well because they are all
exposed on the Web! A Web application may be used by millions of users all over the world. It is
open to these users at any time and at any place. Hackers are a threat to such Web applications.
Hackers can exploit Web application vulnerabilities like SQL injection and cross-site scripting
and gain control over an application. hey can use the Web application to channel attacks against
Search WWH ::
Custom Search