Web Application Vulnerability Scanners are tools designed to automatically scan web applications for potential vulnerabilities. These tools differ from general vulnerability assessment tools in that they do not perform a broad range of checks on a myriad of software and hardware. Instead, they perform other check, such as potential field manipulation and cookie poisoning, which allows a more focused assessment of web applications by exposing vulnerabilities of which standard VA (Vulnerability Assessment) tools are unaware.
Web Applications Issues
• Scripting issues
• Sources of input: forms, text boxes, dialog windows, etc.
• Multiple Charset Encodings (UTF-8, ISO-8859-15, UTF-7, etc.)
• Regular expression checks
• Header integrity (e.g. Multiple HTTP Content Length, HTTP Response Splitting)
• Session handling/fixation
• Cookies
• Framework vulnerabities (Java Server Pages, .NET, Ruby On Rails, Django, etc.)
• Success control: front door, back door vulnerability assessment
• Penetration attempts versus failures
Technical vulnerabilities
Invalidated input:
Tainted parameters - Parameters users in URLs, HTTP headers, and forms are often used to control and validate access to sensitive information and Tainted data.
Cross-Site Scripting flaws:
XSS takes advantage of a vulnerable web site to attack clients who visit that web site. The most frequent goal is to steal the credentials of users who visit the site.
Content Injection flaws:
Data injection
SQL injection - SQL injection allows commands to be executed directly against the database, allowing disclosure and modification of data in the database
XPath injection - XPath injection allows attacker to manipulate the data in the XML database
Command injection - OS and platform commands can often be used to give attackers access to data and escalate privileges on backend servers.
Process injection
Cross-site Request Forgeries
Security Vulnerabilities
Denial of Service
Broken access control
Path manipulation
Broken session management (synchronization timing problems)
Weak cryptographic functions, Non salt hash
Architectural/Logical Vulnerabilities
Information leakage
Insufficient authentification
Password change form disclosing detailed errors
Session-idle deconstruction not consistent with policies
Spend deposit before deposit funds are validated
Other vulnerabilities
Debug mode
Thread Safety
Hidden Form Field Manipulation
Weak Session Cookies: Cookies are often used to transit sensitive credentials, and are often easily modified to escalate access or assume another user's identify.
Fail Open Authentication
Dangers of HTML Comments
Wednesday, April 28, 2010
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment