tag:blogger.com,1999:blog-66338303572499948742024-02-19T08:29:48.292-08:00Prakerta Research Labsrrrrrhttp://www.blogger.com/profile/00898443002739385147noreply@blogger.comBlogger4125tag:blogger.com,1999:blog-6633830357249994874.post-42905422589238597292017-02-02T13:47:00.000-08:002017-02-02T13:47:42.494-08:0010 Most Common Web Security Vulnerabilities<span style="background-color: white; color: #929292; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 13px; letter-spacing: 0.13px; text-transform: uppercase;">BY </span><span style="background-color: white; border: 0px; box-sizing: border-box; color: #3976cb; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 13px; font-weight: 600; letter-spacing: 0.13px; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; text-transform: uppercase; vertical-align: baseline;"><a class="link is-blue" href="https://www.toptal.com/resume/gergely-kalman" style="border: 0px; box-sizing: border-box; color: #3863a0; display: inline; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; text-decoration: none; transition: color 150ms, transform, text-shadow, -webkit-transform; vertical-align: baseline;" target="_blank">GERGELY KALMAN</a></span><span style="background-color: white; color: #929292; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 13px; letter-spacing: 0.13px; text-transform: uppercase;"> - SECURITY SPECIALIST @ </span><a class="link is-blue" href="https://www.toptal.com/" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; display: inline; font-family: "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 13px; letter-spacing: 0.13px; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; text-decoration: none; text-transform: uppercase; transition: color 150ms, transform, text-shadow, -webkit-transform; vertical-align: baseline;" target="_blank">TOPTAL</a><br />
<br />
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
For all too many companies, it’s not until <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">after</em> <a href="https://www.toptal.com/web/with-a-filter-bypass-credit-card-numbers-are-still-still-google-able" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">a breach has occurred</a> that web security becomes a priority. During my years working as an IT Security professional, I have seen time and time again how obscure the world of IT Security is to so many of my <a href="https://www.toptal.com/web" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">fellow programmers</a>.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
An effective approach to IT security must, by definition, be proactive and defensive. Toward that end, this post is aimed at sparking a security mindset, hopefully injecting the reader with a healthy dose of paranoia.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
In particular, this guide focuses on 10 common and significant web security pitfalls to be aware of, including recommendations on how they can be avoided. The focus is on the <a href="https://www.owasp.org/index.php/Top_10_2013-Top_10" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">Top 10 Web Vulnerabilities</a> identified by the <a href="https://www.owasp.org/index.php/Main_Page" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">Open Web Application Security Project (OWASP)</a>, an international, non-profit organization whose goal is to improve software security across the globe.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<img alt="An example of some common web vulnerabilities no one wants to face." src="https://uploads.toptal.io/blog/image/403/toptal-blog-image-1401310620338.png" style="border: 0px; box-sizing: border-box; display: block; font-size: 18px; margin: 0px auto 7px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" /></div>
<h2 id="a-little-web-security-primer-before-we-start--authentication-and-authorization" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
A little web security primer before we start – authentication and authorization</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
When speaking with other programmers and IT professionals, I often encounter confusion regarding the distinction between authorization and authentication. And of course, the fact the abbreviation <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">auth</em> is often used for both helps aggravate this common confusion. This confusion is so common that maybe this issue should be included in this post as “Common Web Vulnerability Zero”.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
So before we proceed, let’s clearly the distinction between these two terms:</div>
<ul style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Authentication:</span> Verifying that a person is (or at least appears to be) a specific user, since he/she has correctly provided their security credentials (password, answers to security questions, fingerprint scan, etc.).</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Authorization:</span> Confirming that a particular user has access to a specific resource or is granted permission to perform a particular action.</li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Stated another way, <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">authentication</em> is knowing who an entity is, while <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">authorization</em> is knowing what a given entity can do.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<a href="https://www.blogger.com/null" id="CommonMistake_Injection" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank"></a></div>
<h2 id="common-mistake-1-injection-flaws" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #1: Injection flaws</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Injection flaws result from a classic failure to filter untrusted input. It can happen when you pass unfiltered data to the SQL server (SQL injection), to the browser (XSS – we’ll talk about this <a href="https://www.toptal.com/security/10-most-common-web-security-vulnerabilities#CommonMistake_XSS" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">later</a>), to the LDAP server (LDAP injection), or anywhere else. The problem here is that the attacker can inject commands to these entities, resulting in loss of data and hijacking clients’ browsers.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Anything that your application receives from untrusted sources must be filtered,</em> preferably according to a whitelist. You should almost never use a blacklist, as getting that right is very hard and usually easy to bypass. Antivirus software products typically provide stellar examples of failing blacklists. Pattern matching does not work.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> The good news is that protecting against injection is “simply” a matter of filtering your input properly and thinking about whether an input can be trusted. But the bad news is that <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">all</em> input needs to be properly filtered, unless it can unquestionably be trusted (but the saying “never say never” does come to mind here).</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
In a system with 1,000 inputs, for example, successfully filtering 999 of them is not sufficient, as this still leaves one field that can serve as the Achilles heal to bring down your system. And you might think that putting an SQL query result into another query is a good idea, as the database is trusted, but if the perimeter is not, the input comes indirectly from guys with malintent. This is called <a href="https://en.wikipedia.org/wiki/SQL_injection#Second_Order_SQL_Injection" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">Second Order SQL Injection</a> in case you’re interested.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Since filtering is pretty hard to do right (like crypto), what I usually advise is to rely on your framework’s filtering functions: they are proven to work and are thoroughly scrutinized. If you do not use frameworks, you really need to think hard about whether not using them really makes sense in your environment. 99% of the time it does not.</div>
<h2 id="common-mistake-2--broken-authentication" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #2: Broken Authentication</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is a collection of multiple problems that might occur during broken authentication, but they don’t all stem from the same root cause.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Assuming that anyone still wants to roll their own authentication code in 2014 (what are you thinking??), I advise against it. It is extremely hard to get right, and there are a myriad of possible pitfalls, just to mention a few:</div>
<ol style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">The URL might contain the session id and leak it in the referer header to someone else.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">The passwords might not be encrypted either in storage or transit.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">The session ids might be predictable, thus gaining access is trivial.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Session fixation might be possible.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Session hijacking might be possible, timeouts not implemented right or using HTTP (no SSL), etc…</li>
</ol>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> The most straightforward way to avoid this web security vulnerability is to use a framework. You might be able to implement this correctly, but the former is much easier. In case you do want to roll your own code, be extremely paranoid and educate yourself on what the pitfalls are. There are quite a few.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<a href="https://www.blogger.com/null" id="CommonMistake_XSS" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank"></a></div>
<h2 id="common-mistake-3--cross-site-scripting-xss" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #3: Cross Site Scripting (XSS)</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is a fairly widespread input sanitization failure (essentially a special case of <a href="https://www.toptal.com/security/10-most-common-web-security-vulnerabilities#CommonMistake_Injection" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">common mistake #1</a>). An attacker gives your web application JavaScript tags on input. When this input is returned to the user unsanitized, the user’s browser will execute it. It can be as simple as crafting a link and persuading a user to click it, or it can be something much more sinister. On page load the script runs and, for example, can be used to post your cookies to the attacker.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> There’s a simple web security solution: don’t return HTML tags to the client. This has the added benefit of defending against HTML injection, a similar attack whereby the attacker injects plain HTML content (such as images or loud invisible flash players) – not high-impact but surely annoying (“please make it stop!”). Usually, the workaround is simply converting all HTML entities, so that <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;"><script></code> is returned as <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">&lt;script&gt;</code>. The other often employed method of sanitization is using regular expressions to strip away HTML tags using regular expressions on <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;"><</code> and <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">></code>, but this is dangerous as a lot of browsers will interpret severely broken HTML just fine. Better to convert all characters to their escaped counterparts.</div>
<h2 id="common-mistake-4--insecure-direct-object-references" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #4: Insecure Direct Object References</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is a classic case of trusting user input and paying the price in a resulting security vulnerability. A direct object reference means that an internal object such as a file or database key is exposed to the user. The problem with this is that the attacker can provide this reference and, if authorization is either not enforced (or is broken), the attacker can access or do things that they should be precluded from.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
For example, the code has a <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">download.php</code> module that reads and lets the user download files, using a CGI parameter to specify the file name (e.g., <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">download.php?file=something.txt</code>). Either by mistake or due to laziness, the developer omitted authorization from the code. The attacker can now use this to download any system files that the user running PHP has access to, like the application code itself or other data left lying around on the server, like backups. Uh-oh.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Another common vulnerability example is a password reset function that relies on user input to determine whose password we’re resetting. After clicking the valid URL, an attacker can just modify the <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">username</code> field in the URL to say something like “admin”.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Incidentally, both of these examples are things I myself have seen appearing often “in the wild”.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> Perform user authorization properly and consistently, and whitelist the choices. More often than not though, the whole problem can be avoided by storing data internally and not relying on it being passed from the client via CGI parameters. Session variables in most frameworks are well suited for this purpose.</div>
<h2 id="common-mistake-5--security-misconfiguration" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #5: Security misconfiguration</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
In my experience, web servers and applications that have been misconfigured are way more common than those that have been configured properly. Perhaps this because there is no shortage of ways to screw up. Some examples:</div>
<ol style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Running the application with debug enabled in production.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Having directory listing enabled on the server, which leaks valuable information.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Running outdated software (think WordPress plugins, old PhpMyAdmin).</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Having unnecessary services running on the machine.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Not changing default keys and passwords. (Happens way more frequently than you’d believe!)</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: decimal; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Revealing error handling information to the attackers, such as stack traces.</li>
</ol>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> Have a good (preferably automated) “build and deploy” process, which can run tests on deploy. The poor man’s security misconfiguration solution is post-commit hooks, to prevent the code from going out with default passwords and/or development stuff built in.</div>
<h2 id="common-mistake-6--sensitive-data-exposure" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #6: Sensitive data exposure</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This web security vulnerability is about crypto and resource protection. <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Sensitive data should be encrypted at all times, including in transit and at rest. No exceptions.</em> Credit card information and user passwords should <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">never</em> travel or be stored unencrypted, and passwords should always be hashed. Obviously the crypto/hashing algorithm must not be a weak one – when in doubt, use <a href="https://en.wikipedia.org/wiki/Advanced_Encryption_Standard" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">AES (256 bits and up)</a> and <a href="https://en.wikipedia.org/wiki/RSA_numbers#RSA-2048" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">RSA (2048 bits and up)</a>.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
And while it goes without saying that session IDs and sensitive data should not be traveling in the URLs and sensitive cookies should have the secure flag on, this is very important and cannot be over-emphasized.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span></div>
<ul style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; box-sizing: border-box; font-size: 1em; line-height: 1.5em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">In transit:</em> Use <a href="https://en.wikipedia.org/wiki/HTTP_Secure" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">HTTPS</a> with a proper certificate and <a href="https://en.wikipedia.org/wiki/Forward_secrecy#Perfect_forward_secrecy" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">PFS (Perfect Forward Secrecy)</a>. Do not accept anything over non-HTTPS connections. Have the secure flag on cookies.</div>
</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; box-sizing: border-box; font-size: 1em; line-height: 1.5em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">In storage:</em> This is harder. First and foremost, you need to lower your exposure. If you don’t need sensitive data, shred it. Data you don’t have can’t be stolen. Do not store credit card information <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">ever</em>, as you probably don’t want to have to deal with being <a href="https://www.pcisecuritystandards.org/security_standards/index.php" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">PCI compliant</a>. Sign up with a payment processor such as <a href="https://stripe.com/" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">Stripe</a> or <a href="https://www.braintreepayments.com/" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">Braintree</a>. Second, if you have sensitive data that you actually do need, store it encrypted and make sure all passwords are hashed. For hashing, use of <a href="http://bcrypt.sourceforge.net/" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">bcrypt</a> is recommended. If you don’t use bcrypt, educate yourself on <a href="https://en.wikipedia.org/wiki/Salt_(cryptography)" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">salting</a> and <a href="https://en.wikipedia.org/wiki/Rainbow_table" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">rainbow tables</a>.</div>
</li>
</ul>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
And at the risk of stating the obvious, <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">do not store the encryption keys next to the protected data</em>. That’s like storing your bike with a lock that has the key in it. Protect your backups with encryption and keep your keys very private. And of course, don’t lose the keys!</div>
<h2 id="common-mistake-7--missing-function-level-access-control" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #7: Missing function level access control</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is simply an authorization failure. It means that when a function is called on the server, proper authorization was not performed. A lot of times, developers rely on the fact that the server side generated the UI and they think that the functionality that is not supplied by the server cannot be accessed by the client. It is not as simple as that, as an attacker can always forge requests to the “hidden” functionality and will not be deterred by the fact that the UI doesn’t make this functionality easily accessible. Imagine there’s an <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">/admin</code> panel, and the button is only present in the UI if the user is actually an admin. Nothing keeps an attacker from discovering this functionality and misusing it if authorization is missing.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> On the server side, authorization must <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">always</em> be done. Yes, always. No exceptions or vulnerabilities will result in serious problems.</div>
<h2 id="common-mistake-8--cross-site-request-forgery-csrf" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #8: Cross Site Request Forgery (CSRF)</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is a nice example of a <a href="https://en.wikipedia.org/wiki/Confused_deputy_problem" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">confused deputy</a> attack whereby the browser is fooled by some other party into misusing its authority. A 3rd party site, for example, can make the user’s browser misuse it’s authority to do something for the attacker.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
In the case of CSRF, a 3rd party site issues requests to the target site (e.g., your bank) using your browser with your cookies / session. If you are logged in on one tab on your bank’s homepage, for example, and they are vulnerable to this attack, another tab can make your browser misuse its credentials on the attacker’s behalf, resulting in the confused deputy problem. The deputy is the browser that misuses its authority (session cookies) to do something the attacker instructs it to do.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Consider this example:</div>
<blockquote style="background-color: white; border-bottom-color: initial; border-bottom-style: initial; border-image: initial; border-left-color: rgb(240, 240, 240); border-left-style: solid; border-right-color: initial; border-right-style: initial; border-top-color: initial; border-top-style: initial; border-width: 0px 0px 0px 10px; box-sizing: border-box; color: #505050; font-family: "Proxima Nova", Arial, sans-serif; font-size: 15px; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px 0px 0px 15px; quotes: none; vertical-align: baseline;">
<div style="border: 0px; box-sizing: border-box; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Attacker Alice wants to lighten target Todd’s wallet by transfering some of his money to her. Todd’s bank is vulnerable to CSRF. To send money, Todd has to access the following URL:</em></div>
<div style="border: 0px; box-sizing: border-box; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243</em></div>
<div style="border: 0px; box-sizing: border-box; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">After this URL is opened, a success page is presented to Todd, and the transfer is done. Alice also knows, that Todd frequently visits a site under her control at blog.aliceisawesome.com, where she places the following snippet:</em></div>
<div style="border: 0px; box-sizing: border-box; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;"><img src="http://example.com/app/transferFunds?amount=1500&destinationAccount=4673243243" width="0" height="0" /></code></div>
<div style="border: 0px; box-sizing: border-box; font-size: 1.2em; line-height: 1.5em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Upon visiting Alice’s website, Todd’s browser thinks that Alice links to an image, and automatically issues an HTTP GET request to fetch the “picture”, but this actually instructs Todd’s bank to transfer $1500 to Alice.</em></div>
</blockquote>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Incidentally, in addition to demonstrating the CSRF vulnerability, this example also demonstrates altering the server state with an idempotent HTTP GET request which is itself a serious vulnerability. HTTP GET requests <em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">must</em> be <a href="https://en.wikipedia.org/wiki/Idempotence" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">idempotent</a> (safe), meaning that they cannot alter the resource which is accessed. Never, ever, ever use idempotent methods to change the server state.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Fun fact: CSRF is also the method people used for cookie-stuffing in the past until affiliates got wiser.</em></div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> Store a secret token in a hidden form field which is inaccessible from the 3rd party site. You of course always have to verify this hidden field. Some sites ask for your password as well when modifying sensitive settings (like your password reminder email, for example), although I’d suspect this is there to prevent the misuse of your abandoned sessions (in an internet cafe for example).</div>
<h2 id="common-mistake-9--using-components-with-known-vulnerabilities" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #9: Using components with known vulnerabilities</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
The title says it all. I’d again classify this as more of a maintenance/deployment issue. Before incorporating new code, do some research, possibly some auditing. Using code that you got from a random person on <a href="https://github.com/" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">GitHub</a> or some forum might be very convenient, but is not without risk of serious web security vulnerability.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
I have seen many instances, for example, where sites got <a href="https://en.wikipedia.org/wiki/Owned" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">owned</a> (i.e., where an outsider gains administrative access to a system), not because the programmers were stupid, but because a 3rd party software remained unpatched for years in production. This is happening all the time with WordPress plugins for example. If you think they will not find your hidden <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">phpmyadmin</code> installation, let me introduce you to dirbuster.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
The lesson here is that software development does not end when the application is deployed. There has to be documentation, tests, and plans on how to maintain and keep it updated, especially if it contains 3rd party or open source components.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span></div>
<ul style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; box-sizing: border-box; font-size: 1em; line-height: 1.5em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Exercise caution.</em> Beyond obviously using caution when using such components, do not be a copy-paste coder. Carefully inspect the piece of code you are about to put into your software, as it might be broken beyond repair (or in some cases, intentionally malicious).</div>
</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;"><div style="border: 0px; box-sizing: border-box; font-size: 1em; line-height: 1.5em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<em style="border: 0px; box-sizing: border-box; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Stay up-to-date.</em> Make sure you are using the latest versions of everything that you trust, and have a plan to update them regularly. At least subscribe to a newsletter of new security vulnerabilities regarding the product.</div>
</li>
</ul>
<h2 id="common-mistake-10--unvalidated-redirects-and-forwards" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Common Mistake #10: Unvalidated redirects and forwards</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
This is once again an input filtering issue. Suppose that the target site has a <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">redirect.php</code> module that takes a URL as a <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">GET</code> parameter. Manipulating the parameter can create a URL on <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">targetsite.com</code> that redirects the browser to <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">malwareinstall.com</code>. When the user sees the link, they will see <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">targetsite.com/blahblahblah</code> which the user thinks is trusted and is safe to click. Little do they know that this will actually transfer them onto a malware drop (or any other malicious) page. Alternatively, the attacker might redirect the browser to <code style="background: rgb(255, 255, 252); border-radius: 3px; border: 1px solid rgb(238, 238, 238); box-sizing: border-box; display: inline-block; font-size: 0.8em; line-height: 1em; margin: 0px; max-width: 100%; min-height: 0px; min-width: 0px; padding: 2px 5px; vertical-align: text-bottom;">targetsite.com/deleteprofile?confirm=1</code>.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
It is worth mentioning, that stuffing unsanitized user-defined input into an HTTP header might lead to <a href="https://en.wikipedia.org/wiki/HTTP_header_injection" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">header injection</a> which is pretty bad.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
<span style="border: 0px; box-sizing: border-box; font-weight: 600; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">Prevention:</span> Options include:</div>
<ul style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; list-style: none; margin: 0px 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Don’t do redirects at all (they are seldom necessary).</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Have a static list of valid locations to redirect to.</li>
<li style="border: 0px; box-sizing: border-box; line-height: 1.5em; list-style-type: disc; margin: 0px 0px 0.75em 30px; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">Whitelist the user-defined parameter, but this can be tricky.</li>
</ul>
<h2 id="epilogue" style="background-color: white; border: 0px; box-sizing: border-box; color: #3863a0; font-family: "Proxima Nova", Arial, sans-serif; line-height: 1.3em; margin: 2em 0px 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Epilogue</h2>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
I hope that I have managed to tickle your brain a little bit with this post and to introduce a healthy dose of paranoia and web security vulnerability awareness.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
The core takeaway here is that age-old software practices exist for a reason and what applied back in the day for buffer overflows, still apply for pickled strings in Python today. Security helps you write correct(er) programs, which all programmers should aspire to.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Please use this knowledge responsibly, and don’t test pages without permission!</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
For more information and more <a href="https://www.toptal.com/freelance/the-heartbleed-openssl-bug-what-you-need-to-know" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;">specific attacks</a>, have a look at: <a href="https://www.owasp.org/index.php/Category:Attack" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">https://www.owasp.org/index.php/Category:Attack</a>.</div>
<div style="background-color: white; border: 0px; box-sizing: border-box; color: #303030; font-family: "Proxima Nova", Arial, sans-serif; font-size: 1.2em; line-height: 1.5em; margin-bottom: 1em; min-height: 0px; min-width: 0px; padding: 0px; text-align: justify; vertical-align: baseline;">
Feedback on this post is welcome and appreciated. Future related posts are planned, particularly on the issue of <a href="http://www.webopedia.com/TERM/D/DDoS_attack.html" rel="noopener noreferrer" style="border: 0px; box-sizing: border-box; color: #3976cb; margin: 0px; min-height: 0px; min-width: 0px; padding: 0px; vertical-align: baseline;" target="_blank">distributed denial-of-service (DDoS)</a> and old-school (not web) IT security vulnerabilities. If you have a specific request on what to write about, please feel free to contact me directly at gergely@toptal.com.</div>
endochhttp://www.blogger.com/profile/03411457852896816173noreply@blogger.com3tag:blogger.com,1999:blog-6633830357249994874.post-52502121937246316812016-11-01T02:57:00.000-07:002016-11-01T03:03:13.325-07:00Cara Mendapatkan Data Jumlah Viewer Video di YoutubeKurang lebih pada akhir September 2016, saya dihubungi oleh salah satu rekan saya yang berprofesi sebagai desainer grafis. Dia menanyakan adakah tools untuk mencatat perkembangan jumlah viewer video di Youtube. Pertanyaan tersebut memang tidak salah ditujukan ke saya, karena dia pernah tau saya iseng bikin program kecil-kecilan untuk sekedar mencatat berapa jumlah follower twitter menggunakan bahasa C#. Pada saat itu saya jawab: saya belum pernah mencoba dan mencari tahu adakah tools yang sesuai dengan kebutuhan tersebut.<br />
<br />
kira-kira dua bulan kemudian, tanggal 1 november 2016 pagi hari, saya iseng membuat program yang sangat sederhana menggunakan bahasa Python. Program ini akan mengeluarkan output berapa jumlah viewer dari video yang sudah di upload ke youtube dan kita ketahui alamat url-nya.<br />
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://drive.google.com/uc?export=view&id=0B7rTxPbrrQMtekNoYVNXRVNuSnM" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="156" src="https://drive.google.com/uc?export=view&id=0B7rTxPbrrQMtekNoYVNXRVNuSnM" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Program Python Untuk Mengambil Data Jumlah Viewer Video Youtube*</td></tr>
</tbody></table>
<br />
<table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto; text-align: center;"><tbody>
<tr><td style="text-align: center;"><a href="https://drive.google.com/uc?export=view&id=0B7rTxPbrrQMtLVFwejFxUFhrQmM" imageanchor="1" style="margin-left: auto; margin-right: auto;"><img border="0" height="25" src="https://drive.google.com/uc?export=view&id=0B7rTxPbrrQMtLVFwejFxUFhrQmM" width="320" /></a></td></tr>
<tr><td class="tr-caption" style="text-align: center;">Data Jumlah viewer video di youtube**</td></tr>
</tbody></table>
<br />
tertarik untuk berdiskusi tentang hal ini? silahkan isi pada form komentar, atau hubungi kami di support@prakerta.com<br />
<br />
*) url video yang saya gunakan adalah (https://www.youtube.com/watch?v=pgS_xob1x4A), lagu dari Leon Bridges berjudul Better Man<br />
**) Pada saat program python tersebut saya jalankan pada tanggal 1 November 2016 pada pukul 09:20 wib, video tersebut telah diputar sebanyak 3.224.649 kali.<br />
<br />
<br />
<br />endochhttp://www.blogger.com/profile/03411457852896816173noreply@blogger.com0tag:blogger.com,1999:blog-6633830357249994874.post-51781777372407830192016-08-21T07:16:00.000-07:002016-08-21T07:16:00.869-07:00Utak-atik Instagram API - Auto Like and Get Follower List<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Jadi ceritanya, beberapa minggu yang lalu, Niantic yang dikomandoi John Hanke tiba-tiba marah besar, dan memutuskan untuk tidak tinggal diam atas aksi bot besar-besaran yang terjadi di Pokemon GO. Akibatnya, jutaan user account diban permanen. Ya, ID saya juga termasuk yang menjadi korban ban permanen (tidak bisa login ke dalam game).</span></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Padahal, ID saya pokemonnya sudah komplit dan sedikit lagi level 40.</span></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Tapi <i>yo wes lah</i>, begitulah Pokemon GO, kita hanya bisa berusaha <i>ngebot</i> tetapi John Hanke-lah yang menentukan... *<i>sambil misuh-misuh</i></span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Setelah tragedi ban besar-besaran tersebut, saya masih mencoba berusaha membuat ID dan tentu saja </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">ngebot </i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">lagi. Kali ini dengan settingan yang sedikit berbeda, dengan kecepatan yang lebih rendah. Tapi apa mau dikata, ternyata sistem anti-cheat yang dipasang oleh Niantic tetap berhasil mengendus botter dengan sempurna. Alhasil, </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">kena ban permanen lagi deh</i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">...</span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Karena saya sudah menyerah bertarung melawan anti-cheat sistem dari Niantic, akhirnya saya mencari keisengan lain...</span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif; font-size: large;">Kali ini </span><b style="font-family: "helvetica neue", arial, helvetica, sans-serif; font-size: x-large;">Instagram</b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif; font-size: large;"> yang jadi korbannya. </span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Ada dua alasan kenapa saya memilih Instagram untuk jadi korban keisengan saya kali ini.</span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Yang pertama, kebetulan saya dan dua teman saya sedang memulai bisnis menjual alat-alat pembuat kopi. Dan salah satu kegiatan yang harus kami lakukan adalah memaintain akun Instagram. Kedua teman saya itu mengaku sibuk dan tidak punya waktu untuk memaintain akun Instagram kami, akhirnya saya mengajukan diri untuk memaintain akun tersebut. </span><br />
<br /></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Tentu saja, lagi-lagi, <b>karena saya adalah orang yang sangat malas</b>, saya mencari bot Instagram. Kali ini saya mencari <i>tools </i>agar akun Instagram kami bisa otomatis nge-<i>like </i>postingan orang lain. Bot Instagram tersebut akan menggunakan tag-tag yang sudah kita pilih lalu akan otomatis nge-<i>like </i>salah satu postingan acak.</span><br />
<br /></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Hasilnya cukup lumayan, setelah jalan 3 hari, bot saya sudah berhasil menetaskan hampir 3000 likes. </span><br />
<br /></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Begini penampakan botnya:</span></div>
<br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3cokwiqFRW9Jb6FCQf8f-p-SIra0ArdwFUsn2vT-U4vA7rkWLLfzP8Gst_tFY23VIiLv5EQ3poI9e7HorrfrXoM0SlQue3SyCZb-hca56ScKp1Nb6fSu4N4b8v8461BG7AlxFt403fDQ/s1600/bot_like.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><img border="0" height="246" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi3cokwiqFRW9Jb6FCQf8f-p-SIra0ArdwFUsn2vT-U4vA7rkWLLfzP8Gst_tFY23VIiLv5EQ3poI9e7HorrfrXoM0SlQue3SyCZb-hca56ScKp1Nb6fSu4N4b8v8461BG7AlxFt403fDQ/s320/bot_like.PNG" width="320" /></span></a></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Dari 3000 likes tersebut, akun Instagram kami sudah mendapatkan 60 followers dalam waktu 3 hari. Jadi, <i>by</i> <i>numbers</i>, untuk setiap 50 likes yang anda berikan ke orang lain, kemungkinan anda akan mendapatkan 1 follower baru. </span></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidXFGkwP0WzOvfUxfc6FITZ9Krrw-kBIirwl7Hq-h7WEqY8Qh3TrYU_90vKueMb08xvwH_7ycFcVWOioZOf-nGekISVKg-Rjg21vDjg3yCwrQlR1H2tabU8iiOiYbxdeOQYPVfVLQMgY4/s1600/coffeestop.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><img border="0" height="320" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEidXFGkwP0WzOvfUxfc6FITZ9Krrw-kBIirwl7Hq-h7WEqY8Qh3TrYU_90vKueMb08xvwH_7ycFcVWOioZOf-nGekISVKg-Rjg21vDjg3yCwrQlR1H2tabU8iiOiYbxdeOQYPVfVLQMgY4/s320/coffeestop.PNG" width="259" /></span></a></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Hasil yang cukup lumayan dengan effort yang bisa dibilang sangat minim. Lagi-lagi, saya cukup puas dengan kinerja auto-like dari bot Instagram tersebut.</span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Yang kedua, kebetulan salah satu sahabat saya adalah penggiat Instagram. Karena satu dan lain hal, dia sedang mencari </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">tools</i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> untuk mendapatkan daftar semua </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">follower</i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> dari sebuah akun Instagram. Perlu diketahui bahwa untuk mendapatkan daftar semua follower, prosesnya tidak mudah. Karena sekarang Instagram membatasi jumlah follower yang di</span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">display.</i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Setelah menghabiskan ribuan detik untuk mencari tools tersebut, saya mendapati semua tools di pasaran sifatnya </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">berbayar</i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">.</span><br />
<br /></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Karena saya </span><b style="font-family: "helvetica neue", arial, helvetica, sans-serif;">malas</b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"> plus </span><b style="font-family: "helvetica neue", arial, helvetica, sans-serif;">pelit</b><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">, saya tidak rela untuk merogoh kantong demi mendapatkan </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">tools </i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">berbayar tersebut. Akhirnya saya memulai petualangan untuk mencari dan memodifikasi </span><i style="font-family: "helvetica neue", arial, helvetica, sans-serif;">tools </i><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">yang ada. </span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Belum ada sepersepuluh purnama, <i>tools</i> untuk mendapatkan daftar follower sudah berhasil nangkring di komputer saya. Alat ini menggunakan <i><a href="https://github.com/hancux/Instagram-API">Private Instagram API</a> </i>yang kemudian saya modifikasi sedikit untuk mendapatkan hasil yang saya mau.</span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Outputnya berbentuk .csv yang dapat dibaca dengan mudah menggunakan Excel. Berikut penampakannya:</span><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipcHsfUWQsU5Z8TVYS-s4OOsmsvEck1DST7_5d8OI_aNcEafu7SDr5pf33uCuQe7ndlyBRFIcPeb5l2MYmO53ocsmJ_cZ-a2ArJAM0G6m8UCa83fHy0XeX-k-nRYShIkwzMYECjGgLGpM/s1600/output.PNG" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><img border="0" height="131" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEipcHsfUWQsU5Z8TVYS-s4OOsmsvEck1DST7_5d8OI_aNcEafu7SDr5pf33uCuQe7ndlyBRFIcPeb5l2MYmO53ocsmJ_cZ-a2ArJAM0G6m8UCa83fHy0XeX-k-nRYShIkwzMYECjGgLGpM/s320/output.PNG" width="320" /></span></a></div>
<div style="text-align: left;">
<br /></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Sekian sharing hasil ke<i>selo</i>an saya di hari Minggu sore yang panas ini.</span></div>
<br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Jika ada yang tertarik untuk lebih lanjut mengutak-atik Instagram API ini, silakan masukkan comment anda di bawah ini.</span><br />
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"><br /></span></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Cheers!</span></div>
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;"></span><br />
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">HS</span></div>
<div style="text-align: left;">
<span style="font-family: "helvetica neue" , "arial" , "helvetica" , sans-serif;">Seorang Pemalas.</span></div>
hancuxhttp://www.blogger.com/profile/17263690193523669867noreply@blogger.com5tag:blogger.com,1999:blog-6633830357249994874.post-1326366579483492302015-11-11T09:03:00.004-08:002015-11-11T09:03:54.284-08:00What is SQL Injection and How to Fix It
<div class="carousel slide hidden-xs hidden-sm" data-ride="carousel" id="carousel-default">
<div class="carousel-inner">
<div class="item active" style="background-color: #eaeaea;">
<div class="container">
</div>
</div>
</div>
</div>
<header class="entry-header">
<h1 class="entry-title">
SQL Injection (SQLi)</h1>
<h1 class="entry-title">
</h1>
<div class="separator" style="clear: both; text-align: center;">
<a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLEkQEO_wjfDU-oLeRgCQvPUdn6NRmJiX8vS56L5u30pCnYTnqusmGSkCoshh_Ohf1-BFAncYgRk3CQ2DoT0mORDp_iyFSJnB_7Pyv4mWFWzzrQujOuOtZoFhBS69yrYjlQPsZl5Nf7mc/s1600/sql-injection-logo.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" height="325" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjLEkQEO_wjfDU-oLeRgCQvPUdn6NRmJiX8vS56L5u30pCnYTnqusmGSkCoshh_Ohf1-BFAncYgRk3CQ2DoT0mORDp_iyFSJnB_7Pyv4mWFWzzrQujOuOtZoFhBS69yrYjlQPsZl5Nf7mc/s400/sql-injection-logo.jpg" width="400" /></a></div>
<h1 class="entry-title">
</h1>
</header>
SQL injection (SQLi) refers to an injection attack wherein an
attacker can execute malicious SQL statements (also commonly referred to
as a malicious <em>payload</em>) that control a web application’s database server (also commonly referred to as a <em>Relational Database Management System – RDBMS</em>).
Since an SQL injection vulnerability could possibly affect any website
or web application that makes use of an SQL-based database, the
vulnerability is one of the oldest, most prevalent and most dangerous of
web application vulnerabilities.<br />
By leveraging an SQL injection vulnerability, given the right
circumstances, an attacker can use it to bypass a web application’s
authentication and authorization mechanisms and retrieve the contents of
an entire database. SQL injection can also be used to add, modify and
delete records in a database, affecting data integrity.<br />
To such an extent, SQL injection can provide an attacker with
unauthorized access to sensitive data including, customer data,
personally identifiable information (PII), trade secrets, intellectual
property and other sensitive information.<br />
<h2>
How SQL Injection works</h2>
In order to run malicious SQL queries against a database server, an
attacker must first find an input within the web application that is
included inside of an SQL query.<br />
In order for an SQL injection attack to take place, the vulnerable
website needs to directly include user input within an SQL statement. An
attacker can then insert a payload that will be included as part of the
SQL query and run against the database server.<br />
The following server-side pseudo-code is used to authenticate users to the web application.<br />
<br />
=================================================== <br />
<pre><code class=" hljs sql"># Define POST variables
<strong>uname = request.POST['username']</strong>
<strong>passwd = request.POST['password']</strong>
# SQL query vulnerable to SQLi
sql = “<span class="hljs-operator"><span class="hljs-keyword">SELECT</span> id <span class="hljs-keyword">FROM</span> users <span class="hljs-keyword">WHERE</span> username=’” + </span><strong><span class="hljs-operator">uname</span></strong><span class="hljs-operator"> + “’ <span class="hljs-keyword">AND</span> <span class="hljs-keyword">password</span>=’” + </span><strong><span class="hljs-operator">passwd</span></strong><span class="hljs-operator"> + “’”
# <span class="hljs-keyword">Execute</span> the <span class="hljs-keyword">SQL</span> statement
<span class="hljs-keyword">database</span>.<span class="hljs-keyword">execute</span>(<span class="hljs-keyword">sql</span>)</span></code></pre>
<pre><code class=" hljs sql"><span class="hljs-operator">=========================================================== </span></code></pre>
<pre><code class=" hljs sql"><span class="hljs-operator"> </span></code></pre>
The above script is a simple example of authenticating a user with a
username and a password against a database with a table named users, and
a username and password column.<br />
The above script is vulnerable to SQL injection because an attacker
could submit malicious input in such a way that would alter the SQL
statement being executed by the database server.<br />
A simple example of an SQL injection payload could be something as simple as setting the password field to <code>password’ OR 1=1</code>.<br />
This would result in the following SQL query being run against the database server.<br />
<pre><code class=" hljs sql"><span class="hljs-operator"><span class="hljs-keyword">SELECT</span> id <span class="hljs-keyword">FROM</span> users <span class="hljs-keyword">WHERE</span> username=’username’ <span class="hljs-keyword">AND</span> <span class="hljs-keyword">password</span>=’<span class="hljs-keyword">password</span>’ <span class="hljs-keyword">OR</span> <span class="hljs-number">1</span>=<span class="hljs-number">1</span>’</span></code></pre>
An attacker can also comment out the rest of the SQL statement to control the execution of the SQL query further.<br />
<br />
<pre><code class=" hljs sql"><span class="hljs-operator">===========================================================</span></code></pre>
<pre><code class="nohighlight">-- MySQL, MSSQL, Oracle, PostgreSQL, SQLite
' OR '1'='1' <strong style="color: #cc0000;">--</strong>
' OR '1'='1' <strong style="color: #cc0000;">/*</strong>
-- MySQL
' OR '1'='1' <strong style="color: #cc0000;">#</strong>
-- Access (using null characters)
' OR '1'='1' <strong style="color: #cc0000;"></strong>
' OR '1'='1' <strong style="color: #cc0000;">%16</strong></code></pre>
<pre><code class=" hljs sql"><span class="hljs-operator">===========================================================</span></code></pre>
<pre><code class=" hljs sql"><span class="hljs-operator"> </span></code></pre>
Once the query executes, the result is returned to the application to
be processed, resulting in an authentication bypass. In the event of
authentication bypass being possible, the application will most likely
log the attacker in with the first account from the query result — the
first account in a database is usually of an administrative user.<br />
<h2>
What’s the worst an attacker can do with SQL?</h2>
SQL is a programming language designed for managing data stored in an
RDBMS, therefore SQL can be used to access, modify and delete data.
Furthermore, in specific cases, an RDBMS could also run commands on the
operating system from an SQL statement.<br />
Keeping the above in mind, when considering the following, it’s
easier to understand how lucrative a successful SQL injection attack can
be for an attacker.<br />
<ul>
<li>An attacker can use SQL injection to bypass authentication or even impersonate specific users.</li>
<li>One of SQL’s primary functions is to select data based on a query
and output the result of that query. An SQL injection vulnerability
could allow the complete disclosure of data residing on a database
server.</li>
<li>Since web applications use SQL to alter data within a database, an
attacker could use SQL injection to alter data stored in a database.
Altering data affects data integrity and could cause repudiation issues,
for instance, issues such as voiding transactions, altering balances
and other records.</li>
<li>SQL is used to delete records from a database. An attacker could use
an SQL injection vulnerability to delete data from a database. Even if
an appropriate backup strategy is employed, deletion of data could
affect an application’s availability until the database is restored.</li>
<li>Some database servers are configured (intentional or otherwise) to
allow arbitrary execution of operating system commands on the database
server. Given the right conditions, an attacker could use SQL injection
as the initial vector in an attack of an internal network that sits
behind a firewall.</li>
</ul>
<h2>
The anatomy of an SQL Injection attack</h2>
An SQL injection needs just two conditions to exist – <strong>a relational database that uses SQL, and a user controllable input which is directly used in an SQL query.</strong><br />
In the example below, it shall be assumed that the attacker’s goal is
to exfiltrate data from a database by exploiting an SQL injection
vulnerability present in a web application.<br />
Supplying an SQL statement with improper input, for example providing
a string when the SQL query is expecting an integer, or purposely
inserting a syntax error in an SQL statement cause the database server
to throw an error.<br />
Errors are very useful to developers during development, but if
enabled on a live site, they can reveal a lot of information to an
attacker. SQL errors tend to be descriptive to the point where it is
possible for an attacker to obtain information about the structure of
the database, and in some cases, even to enumerate an entire database
just through extracting information from error messages – this technique
is referred to as <em>error-based SQL injection</em>. To such an extent, database errors should be disabled on a live site, or logged to a file with restricted access instead.<br />
Another common technique for exfiltrating data is to leverage the
UNION SQL operator, allowing an attacker to combine the results of two
or more SELECT statements into a single result. This forces the
application to return data within the HTTP response – this technique is
referred to as <em>union-based SQL injection</em>.<br />
<br />
The following is an example of such a technique. This can be seen on <strong>testphp.vulnweb.com</strong>, an intentionally vulnerable website hosted by Acunetix.<br />
The following HTTP request is a normal request that a legitimate user would send.<br />
<br />
Resource : <span style="color: red;">http://acunetix.com</span> rrrrrhttp://www.blogger.com/profile/00898443002739385147noreply@blogger.com3