Query Parameter SSL

URL contain a sensitive query parameter and stored in the browser history. Web application may be configured log the URL of all request. So, result is sensitive parameter is saved in the log.

Fix:

The solution to this problem requires two steps:

· If necessary then pass sensitive data. Once a user is authenticated with a session ID limited lifetime.

· Use non-persistent, session level cookies to hold session IDs and other private data.

The advantage of using session level cookies to carry this information:

· They are not stored in the browsers history or on the disk

· They are usually not stored in server logs

· They are not passed to embedded resources such as images or javascript libraries

. They only apply to the domain and path for which they were issued

Insecure HTTP Methods Enabled

Attacker sends a request of type "OPTIONS" to the Web server of your application to determine what HTTP methods are supported by the server. Allow: HEAD, GET, PUT, POST, DELETE, TRACE, OPTIONS

The header Allow includes a list of supported HTTP methods.

Application is insecure if Allow header contains methods such as DELETE or PUT.

Symmetric & Asymmetric Encryption

Symmetric Encryption

Symmetric encryption is the best-known technique. Use a secret key, which can be a number, word, or string of random letters, is applied on a message to change the content in a particular way. It is very simple as shifting each letter by a number of places in the alphabet. Both sender and recipient know the secret key, Secret key can encrypt and decrypt all messages.

Asymmetric Encryption

When secret keys is exchanging over the Internet might be going the wrong hands. After kept the secret key anyone decrypt the message. Solution is asymmetric encryption, in which there are two related keys--a key pair. A public key is easily available to anyone who want to send a message. A second, private key is kept secret, so that only you know it.

Encrypt message by using the public key can only be decrypt by applying the same algorithm, but by using the matching private key. If message encrypt by using the private key can only be decrypt by using the matching public key.

SQL Injection

Nowadays SQL injection is a common attack that use malicious SQL injection code for database manipulation to access information.

                                                                                OR

When exploiting SQL injection, the web application display error message from the database. Database complaining that the query syntax is incorrect.

                                                                                OR

Gain the unauthorized access to the website through the SQL Injection and take the information.

How to exploit:-

EX

Take a simple username (admin) and password we choose

‘ OR ‘a’=’a

From users WHERE user=’admin’ AND password=’ ‘ OR ’a’=’a’

‘a’ = ‘a is a true value

Let's analyze

Username=’admin’ AND Password=’’ OR ‘a’=’a’

Means username password true

Use Burp suite tool and inject the customize attack through Intruder

Here we introduce some SQL attack.

 or 1=1
or 1=1--
admin' or '1'='1
admin' or '1'='1'--
admin' or '1'='1'# ………….etc

How to Fix:-

1.       Use stored procedure

2.       Use parameterize query

3.       Limit database permission and privilege

4.       Avoid display database error directly to the user

5.       Use the regular expression to identify the text block and sql statements

Clickjacking Attack and Prevention

Clickjacking:-

This type of attack requires an attacker to use javascript. Attacker insists a user perform an undesired action by clicking on a concealed link. The attacker loads another page on it in a transparent layer.

                                                                                                OR

The attacker hijacks the click event of their page and routing them to another page.

<HTML>

                <head>

                                <title>click</title>

                </head>

                <body>

                <p>website vulnerable clickjacking</p>

                <iframe src=”url” width=”500” height=”500”></iframe>

                </body>

</HTML>

Defend:-

Use clear click functionality in No script. You can use the relaxed setting but make sure you can enable the clear click. This prevents the clickjacking attacks.

Server-side: Sending the proper Content Security Policy (CSP) frame-ancestors directive response headers

The two most popular are X-Frame-Options: Deny and X-Frame-Options: SameOrigin.

Client-side: Most commonly use frame busting code typically consists of a "conditional statement" and a "counter-action" statement. The aim of this technique is to prevent a site from functioning when it is loaded inside a frame.