Forem: Gincy Mol A G

Web Cache Poisoning

Gincy Mol A G — Sat, 15 Jan 2022 09:07:03 +0000

Web cache poisoning attacks target the intermediate storage points such as POP servers, load balancers, proxies etc which reside between web servers and client devices.

Instead of passing to the server a request that the CDN already knows its response to (static file), it can return a response immediately to the client and reduce both server load and response time when the cache responds.

The response caches to avoid wasting time processing requests frequently send to Servers and CDNs (Content delivery networks, Cloudflare for example).

Web cache poisoning involves two phases:

Attackers must obtain a response from the back-end server that recklessly contains some kind of dangerous payload.
After the successful request, make sure that the response is cached and subsequently served to the intended victims.

Even Though being a known vulnerability, web cache poisoning continues to turn up around the web.

In wide research of numerous websites, including some most popular internet services, security researcher Iustin Ladunca (Youstin) discovered 70 cache poisoning vulnerabilities recently with diverse impacts.

More detailed version along with how you can avoid these vulnerabilities is published at : https://beaglesecurity.com/blog/vulnerability/web-cache-poisoning.html

Session Security

Gincy Mol A G — Wed, 13 Jan 2021 09:57:53 +0000

Over the years, web application security began with sessions and now sessions are based on tokens to improve overall session security.

According to the most recent OWASP Top 10, “Application implementations related to authentication and session management are often implemented incorrectly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities temporarily or permanently.”

These security flaws can be extremely critical to web applications. This can impact high risk to businesses. Not just the exposure of sensitive data, but it can also allow hackers to steal accounts from others and impersonate users. Both internal and external attackers can take advantage of these vulnerabilities.

A session is started when a user authenticates to an authentication server to prove their identity using a password or another authentication protocol. Session management needs secure cryptographic network communications, ie, secure sharing of secrets with authenticated users.

Some of the popular attacks on session:

Manipulator in the middle attack (MITM) occurs when an attacker intercepts a request between a user and the server.
Cross-site scripting (XSS) is a security exploit which allows an attacker to inject malicious scripts into a website.
Cross-site request forgery (CSRF) is an attack that forces an authenticated end-user to execute unwanted actions on a web application.
Session fixation is an attack that permits an attacker to hijack into a valid user session.

How to secure a session:

HTTPS communication
Validate JWT tokens
Do not hardcode tokens
Secure and HTTPonly cookies
Lengthy and random session ID

More detailed version along with how you can avoid these vulnerabilities is published at : https://beaglesecurity.com/blog/article/session-security.html

Store and Secure Sensitive Data in Web Applications

Gincy Mol A G — Wed, 14 Oct 2020 11:16:09 +0000

Software security is utterly essential. A secured web application is the most essential requirement for any online business. If the web application has any security vulnerabilities, it’s prone to attacks.

Before a web application host is hosted on a web server and exposed to the external world, it must be secured properly. Architects, developers, database administrators - everyone plays a key role in choosing the most secure mechanisms suitable for a particular application. Testers with expertise in cyber security should perform security tests on the application. Whatever security measures that are going to be implemented, should be reviewed thoroughly and should conform to industry best practices.

Understanding the necessary data that needs to be stored and encrypting them is one of the most important things to be followed by every web developer. Securing data is the most significant aspect of application security. These data can include any information like:

Passwords
Encryption keys
Passphrases
Credit card numbers
OAuth tokens
Personal contact information such as names, email addresses, phone numbers, user accounts, physical addresses, etc

Data security involves the security of: Data-at-rest, Data-in-transit and for storing these data, the right storage mechanisms should be chosen.

How to secure this sensitive information?

Authentication : Authentication is the process of recognizing the identity of a user. Traditionally, authentication was accomplished by the systems or resources by using a combination of username and password to authenticate a user. User authentication takes several forms, but all are based on the combination of authentication factors.

Access control : The purpose of authentication is to let the application know who you are, thus by identifying the identity, privileges are given to users. Access control, grants the necessary privileges, described as discretionary or non-discretionary. The access control models grant access privileges to users based on the work that they do within an organization.

Encryption : There are many ways for encrypting data at rest and data in motion. Data can be encrypted in many ways - Full disk encryption of data at the disk level, Directory level (or Filesystem), File level and Application level.

Refer the blog for more information : https://beaglesecurity.com/blog/article/how-to-store-and-secure-sensitive-data-in-web-applications.html

SSL/TLS Vulnerabilities

Gincy Mol A G — Fri, 10 Jul 2020 14:36:14 +0000

Transport Layer Security (TLS) is a security protocol that provides authentication, privacy, and data integrity. It is most widely-deployed and used for web browsers and other applications.

TLS is the successor protocol to SSL. These cryptographic protocols have had their own share of flaws like any other technology.

So, it is important to understand the flaws in order to secure your servers. Some of the SSL/TLS vulnerabilities are:

POODLE ATTACK

In the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, an active MITM attacker can force a browser to downgrade the session to SSLv3, which can then be exploited. The vulnerability affects TLS implementations that don't properly check the structure of the padding used in TLS packets.

FREAK ATTACK

Factoring Attack on RSA-EXPORT Keys (FREAK) is an SSL/TLS vulnerability that can allow an attacker to decrypt secure communications between vulnerable clients and servers.

SWEET32: BIRTHDAY ATTACK

The SWEET32 attack exploits a collision attack in SSL/TLS protocol cipher suites. When CBC mode of encryption is used, these cipher suites uses 64-bit block ciphers to extract plain text of the encrypted data.

BLEICHENBACHER WITH THE ROBOT ATTACK

Return of Bleichenbacher’s Oracle Threat vulnerability, also known as ROBOT, allows an attacker to gain the RSA key necessary to decrypt TLS traffic under some specific conditions. An attacker can exploit this vulnerability by sending crafted TLS messages to the device, which would act as an oracle and allow the attacker to carry out a chosen-ciphertext attack.

BEAST ATTACK

The BEAST attack exploits a weakness in SSL/TLS cipher-block chaining (CBC). It allows a man-in-the-middle attacker to recover certain session information.

CRIME ATTACK

CRIME, “Compression Ratio Info-leak Made Easy “, is a security exploit against secret web cookies over connections using the HTTPS and SPDY protocols that also use data compression.

BREACH ATTACK

BREACH, “Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext”, targets information compressed in HTTP responses through HTTP compression.

More detailed version along with how you can avoid these vulnerabilities is published at : https://beaglesecurity.com/blog/blogs/2020/07/06/Importance-of-TLS-1-3-SSL-and-TLS-Vulnerabilities.html