From 89dc09f97c31d479ac6d5c6aabdcaa3c6c27b85a Mon Sep 17 00:00:00 2001 From: GuillaumeFalourd Date: Fri, 2 Oct 2020 23:03:58 -0300 Subject: [PATCH 1/6] Failure to restrict URL Access --- vulnerabilities list | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/vulnerabilities list b/vulnerabilities list index 4897c76..281a55a 100644 --- a/vulnerabilities list +++ b/vulnerabilities list @@ -61,6 +61,12 @@ /*========================================*/ +** Failure to restrict URL Access +- Making use of this vulnerability, attacker can gain access to the unauthorized URLs, without logging into the application and exploit the vulnerability. +An attacker can access sensitive pages, invoke functions and view confidential information. + +/*========================================*/ + Top Mobile Application Security Vulnerabilities: ** Weak Server Side Controls From 6fead0d047c9835a5a03c73428bd3fcb2841f2d3 Mon Sep 17 00:00:00 2001 From: GuillaumeFalourd Date: Fri, 2 Oct 2020 23:08:04 -0300 Subject: [PATCH 2/6] Unvalidated Redirects and Forwards & Insufficient Transport Layer Protection --- vulnerabilities list | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/vulnerabilities list b/vulnerabilities list index 281a55a..c0f99ae 100644 --- a/vulnerabilities list +++ b/vulnerabilities list @@ -56,14 +56,26 @@ /*========================================*/ ** LDAP Injection -- LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, - it's possible to modify LDAP statements using a local proxy. + - LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly sanitize user input, + it's possible to modify LDAP statements using a local proxy. /*========================================*/ ** Failure to restrict URL Access -- Making use of this vulnerability, attacker can gain access to the unauthorized URLs, without logging into the application and exploit the vulnerability. -An attacker can access sensitive pages, invoke functions and view confidential information. + - Making use of this vulnerability, attacker can gain access to the unauthorized URLs, without logging into the application and exploit the vulnerability. + An attacker can access sensitive pages, invoke functions and view confidential information. + +/*========================================*/ + +** Insufficient Transport Layer Protection + - Making use of this web security vulnerability, an attacker can sniff legitimate user's credentials and gaining access to the application. + Can steal credit card information. + +/*========================================*/ + +** Unvalidated Redirects and Forwards + - An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. + A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. /*========================================*/ From 5531bec4bdbbc06b250af951916da0b5f47101b8 Mon Sep 17 00:00:00 2001 From: GuillaumeFalourd Date: Fri, 2 Oct 2020 23:09:17 -0300 Subject: [PATCH 3/6] Insecure Cryptographic Storage --- vulnerabilities list | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/vulnerabilities list b/vulnerabilities list index c0f99ae..f54799c 100644 --- a/vulnerabilities list +++ b/vulnerabilities list @@ -74,8 +74,13 @@ /*========================================*/ ** Unvalidated Redirects and Forwards - - An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. - A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. + - An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. + A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. + +/*========================================*/ + +** Insecure Cryptographic Storage + - By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. /*========================================*/ From 9ee73b841b045ed28cea482e95701670ff49ad7a Mon Sep 17 00:00:00 2001 From: GuillaumeFalourd Date: Fri, 2 Oct 2020 23:14:57 -0300 Subject: [PATCH 4/6] Insecure Direct Object References --- vulnerabilities list | 31 +++++++++++++++++++++++++++++-- 1 file changed, 29 insertions(+), 2 deletions(-) diff --git a/vulnerabilities list b/vulnerabilities list index f54799c..1c74419 100644 --- a/vulnerabilities list +++ b/vulnerabilities list @@ -62,28 +62,55 @@ /*========================================*/ ** Failure to restrict URL Access + - Web applications check URL access rights before rendering protected links and buttons. Applications need to perform similar access control checks each time these pages are accessed. + In most of the applications, the privileged pages, locations and resources are not presented to the privileged users. + By an intelligent guess, an attacker can access privilege pages. An attacker can access sensitive pages, invoke functions and view confidential information. - Making use of this vulnerability, attacker can gain access to the unauthorized URLs, without logging into the application and exploit the vulnerability. An attacker can access sensitive pages, invoke functions and view confidential information. /*========================================*/ ** Insufficient Transport Layer Protection + - Deals with information exchange between the user (client) and the server (application). + Applications frequently transmit sensitive information like authentication details, credit card information, and session tokens over a network. + By using weak algorithms or using expired or invalid certificates or not using SSL can allow the communication to be exposed to untrusted users, + which may compromise a web application and or steal sensitive information. - Making use of this web security vulnerability, an attacker can sniff legitimate user's credentials and gaining access to the application. Can steal credit card information. /*========================================*/ ** Unvalidated Redirects and Forwards - - An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. - A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. + - The web application uses few methods to redirect and forward users to other pages for an intended purpose. + If there is no proper validation while redirecting to other pages, attackers can make use of this and can redirect victims to phishing or malware sites, + or use forwards to access unauthorized pages. + - An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. + A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. /*========================================*/ ** Insecure Cryptographic Storage + - Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. + The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. + This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. - By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. /*========================================*/ +** Security Misconfiguration + - Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. + If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality. + - Making use of this vulnerability, the attacker can enumerate the underlying technology and application server version information, + database information and gain information about the application to mount few more attacks. + +/*========================================*/ + +** Insecure Direct Object References + - It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. + The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. + - Using this vulnerability, an attacker can gain access to unauthorized internal objects, + can modify data or compromise the application. + Top Mobile Application Security Vulnerabilities: ** Weak Server Side Controls From bb5926c3bec34d9df11e569f181a486f517d8c38 Mon Sep 17 00:00:00 2001 From: GuillaumeFalourd Date: Sat, 3 Oct 2020 10:57:31 -0300 Subject: [PATCH 5/6] update README file with new vulnerabilities --- README.md | 89 ++++++++++++++++++++++++++++++++++++-------- vulnerabilities list | 2 + 2 files changed, 75 insertions(+), 16 deletions(-) diff --git a/README.md b/README.md index 8f234a0..00ff412 100644 --- a/README.md +++ b/README.md @@ -4,22 +4,31 @@ ### Table Of Content -- [Web Application Security Vulnerabilities](#web-application-security-vulnerabilities) - - [Cross-site Scripting (XSS): Reflected, Persistent and DOM-based XSS:](#cross-site-scripting-xss-reflected-persistent-and-dom-based-xss) - - [SQL Injection (SQLi)](#sql-injection-sqli) - - [Cross-site Request Forgery (CSRF)](#cross-site-request-forgery-csrf) - - [Server Side Request Forgery (SSRF)](#server-side-request-forgery-ssrf) - - [Remote File Inclusion (RFI)](#remote-file-inclusion-rfi) - - [Local File Inclusion (LFI)](#local-file-inclusion-lfi) - - [Remote Code Execution (RCE)](#remote-code-execution-rce) - - [CRLF Injection](#crlf-injection) - - [LDAP Injection](#ldap-injection) -- [Mobile Application Security Vulnerabilities:](#mobile-application-security-vulnerabilities) - - [Weak Server Side Controls](#weak-server-side-controls) - - [Lack of Binary Protections](#lack-of-binary-protections) - - [Insecure Data Storage](#insecure-data-storage) - - [Unintended Data Leakage](#unintended-data-leakage) - - [Poor Authorization and Authentication](#poor-authorization-and-authentication) +- [Vulnerabilities](#vulnerabilities) + - [Table Of Content](#table-of-content) + - [Web Application Security Vulnerabilities](#web-application-security-vulnerabilities) + - [Cross-site Scripting (XSS): Reflected, Persistent and DOM-based XSS:](#cross-site-scripting-xss-reflected-persistent-and-dom-based-xss) + - [SQL Injection (SQLi)](#sql-injection-sqli) + - [Cross-site Request Forgery (CSRF)](#cross-site-request-forgery-csrf) + - [Server Side Request Forgery (SSRF)](#server-side-request-forgery-ssrf) + - [Remote File Inclusion (RFI)](#remote-file-inclusion-rfi) + - [Local File Inclusion (LFI)](#local-file-inclusion-lfi) + - [Remote Code Execution (RCE)](#remote-code-execution-rce) + - [CRLF Injection](#crlf-injection) + - [LDAP Injection](#ldap-injection) + - [Failure to restrict URL Access](#failure-to-restrict-url-access) + - [Insufficient Transport Layer Protection](#insufficient-transport-layer-protection) + - [Unvalidated Redirects and Forwards](#unvalidated-redirects-and-forwards) + - [Insecure Cryptographic Storage](#insecure-cryptographic-storage) + - [Security Misconfiguration](#security-misconfiguration) + - [Insecure Direct Object References](#insecure-direct-object-references) + - [Mobile Application Security Vulnerabilities:](#mobile-application-security-vulnerabilities) + - [Weak Server Side Controls](#weak-server-side-controls) + - [Lack of Binary Protections](#lack-of-binary-protections) + - [Insecure Data Storage](#insecure-data-storage) + - [Unintended Data Leakage](#unintended-data-leakage) + - [Poor Authorization and Authentication](#poor-authorization-and-authentication) + @@ -96,6 +105,54 @@ LDAP Injection is an attack used to exploit web based applications that construc ---- +### Failure to restrict URL Access +Web applications check URL access rights before rendering protected links and buttons. Applications need to perform similar access control checks each time these pages are accessed. +In most of the applications, the privileged pages, locations and resources are not presented to the privileged users. +By an intelligent guess, an attacker can access privilege pages. An attacker can access sensitive pages, invoke functions and view confidential information. +Making use of this vulnerability, attacker can gain access to the unauthorized URLs, without logging into the application and exploit the vulnerability. +An attacker can access sensitive pages, invoke functions and view confidential information. + +---- + +### Insufficient Transport Layer Protection +Deals with information exchange between the user (client) and the server (application). +Applications frequently transmit sensitive information like authentication details, credit card information, and session tokens over a network. +By using weak algorithms or using expired or invalid certificates or not using SSL can allow the communication to be exposed to untrusted users, which may compromise a web application and or steal sensitive information. +Making use of this web security vulnerability, an attacker can sniff legitimate user's credentials and gaining access to the application. +Can steal credit card information. + +---- + +### Unvalidated Redirects and Forwards +The web application uses few methods to redirect and forward users to other pages for an intended purpose. +If there is no proper validation while redirecting to other pages, attackers can make use of this and can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages. +An attacker can send a URL to the user that contains a genuine URL appended with encoded malicious URL. +A user by just seeing the genuine part of the attacker sent URL can browse it and may become a victim. + +---- + +### Insecure Cryptographic Storage +Insecure Cryptographic storage is a common vulnerability which exists when the sensitive data is not stored securely. +The user credentials, profile information, health details, credit card information, etc. come under sensitive data information on a website. +This data will be stored on the application database. When this data are stored improperly by not using encryption or hashing*, it will be vulnerable to the attackers. +By using this vulnerability, an attacker can steal, modify such weakly protected data to conduct identity theft, credit card fraud or other crimes. + +---- + +### Security Misconfiguration +Security Configuration must be defined and deployed for the application, frameworks, application server, web server, database server, and platform. +If these are properly configured, an attacker can have unauthorized access to sensitive data or functionality. +Making use of this vulnerability, the attacker can enumerate the underlying technology and application server version information, +database information and gain information about the application to mount few more attacks. + +---- + +### Insecure Direct Object References +It occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key as in URL or as a FORM parameter. +The attacker can use this information to access other objects and can create a future attack to access the unauthorized data. +Using this vulnerability, an attacker can gain access to unauthorized internal objects, +can modify data or compromise the application. + ## Mobile Application Security Vulnerabilities: ### Weak Server Side Controls diff --git a/vulnerabilities list b/vulnerabilities list index 1c74419..988ec0c 100644 --- a/vulnerabilities list +++ b/vulnerabilities list @@ -111,6 +111,8 @@ - Using this vulnerability, an attacker can gain access to unauthorized internal objects, can modify data or compromise the application. +/*========================================*/ + Top Mobile Application Security Vulnerabilities: ** Weak Server Side Controls From 192a2d6a721db76735396b09325eb88b999e52a9 Mon Sep 17 00:00:00 2001 From: Ashish Yadav Date: Sat, 3 Oct 2020 19:58:11 +0545 Subject: [PATCH 6/6] Update README.md --- README.md | 2 -- 1 file changed, 2 deletions(-) diff --git a/README.md b/README.md index 00ff412..1aabe25 100644 --- a/README.md +++ b/README.md @@ -4,8 +4,6 @@ ### Table Of Content -- [Vulnerabilities](#vulnerabilities) - - [Table Of Content](#table-of-content) - [Web Application Security Vulnerabilities](#web-application-security-vulnerabilities) - [Cross-site Scripting (XSS): Reflected, Persistent and DOM-based XSS:](#cross-site-scripting-xss-reflected-persistent-and-dom-based-xss) - [SQL Injection (SQLi)](#sql-injection-sqli)