XenonStack

A Stack Innovator

Post Top Ad

Friday 6 December 2019

Home Unlabelled

Application Security Vulnerabilities Checklist and Types


What is Application Vulnerability?

An application vulnerability is a defect in an application that could be misused to jeopardize the security of the application. These violations target the integrity, confidentiality, of resources occupied by an application, its users.This article will Top Application Security Vulnerabilities Checklist.

Application Security Vulnerabilities Checklist

SQL Injection

  • An SQL injection is a technique, uses malicious SQL code for backed database manipulation, or may also destroy the database.
  • It is a vulnerability that may affect the web application or the website which uses an SQL database such as SQL Server, Oracle, MySQL, etc.
  • Attackers use the SQL injection for finding the credentials of the other users in the database.
  • Using SQL injection, one can alter the data in the database, i.e. you can delete, update, or insert the data.
Example –
  • You have created a table ‘users’ using create table command.
  • The table users have the following fields: id, email, password
  • Now, we usually use select * from users to retrieve the data, and this command will give all rows and columns in the table users.
  • Now, run the following command: select*from users where email = ‘xxx@xxx.xxx’ OR 1 = 1 LIMIT 1 — ‘ ] AND password = md5(‘1234’);
  • OR 1 = 1 LIMIT 1 is a condition that will always be true.
  • — ‘ AND is a SQL comment that eliminates the password part.
  • The highlighted text means, it is a comment.

Prevent SQL injection

  • use prepared statements, parameterized queries
  • do not reveal the sensitive information in the error messages
  • use web applications firewall

Secure Your Password

  • Choose password manager without master recovery – Choose a password manager, that should not allow for the improvement of a master password. If an attacker can get a grip on the master password through the account recovery tools, then this makes the most secure password management programs useless.
  • Use two-factor authentication – Use two-factor authentication to protect password manager.
  • 2FA is a login process that requires users to prove that they are who they claim to be.
  • Turn-off auto fill
  • Use strong passwords
  • Use unique passwords

Cross Site Scripting (XSS) in Application Security Vulnerability

  • Type of a computer security vulnerability, found in web application.
  • It is a common attack vector that injects the malicious code into vulnerable web applications.
  • Allows an attacker to execute the malicious javascript(JS) in the user’s browser.
  • The actual attack occurs when the victim visits the web application or web page, that executes the malicious code.
  • Types of XSS – Persistent XSS, Reflected XSS, DOM-based XSS.

Persistent XSS

  • One of the website’s forms is used by the attacker to insert a malicious string into the website’s database.
  • The victim requests page from the site
  • The website includes the malicious string from the database in the response and sends it to the victim.
  • The targeted user’s browser executes the malicious scripts inside the response and sends the targeted user’s cookies to the attacker’s server.
Continue Reading: XenonStack/Insights
Author Image

About XenonStack

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Author Details