Five Classic Web Attacks
While reading through my blog inbox and writing up my 2010 Wishlist for work, I thought I’d drop a quick post to highlight five web security ‘problem areas’ that still exist after at least a decade of patches, pleas, and regulatory requirements.
- SQL Injection
- Hack the Web Server
- Cross Site Scripting
- Cookie Tampering
- Session Hijacking
I often find myself explaining what these are and providing examples, in order to garner support for remediation.
The most common attack against web sites! Our data is stored in databases, massive databases in most cases. In order for nearly all online web applications to function, they must be tied to a database somewhere. This is true when you access your bank statement, access iTunes, read the news at MSN, or even google something.
Databases use a standard language for developers and users alike to enter and retrieve data, this is the structured query language (SQL). If a web application doesn’t validate the information being put into those queries, then someone can enter or retrieve as much information as they like about anything in those databases!
Hack the Web Server!:
The granddaddy of them all! Most servers are vulnerable to some list of attacks, either directly or indirectly. When a 3rd party is able to takeover a server and compromise it, they are able to upload malicious software and act as if they are directly connected to the server. It becomes possible for massive fraud or identity theft to occur as the server is accessed or updated.
Cross Site Scripting:
We trust the sites we visit and yet Cross Site Scripting takes advantage of that trust in order to trick a victim into revealing their sensitive information. If you’ve ever seen phishing or pharming attacks you’ve seen Cross Site Scripting (XSS).
When a web site doesn’t validate the information it accepts, it becomes possible for someone to enter programming code into fields instead of usernames, passwords, or email addresses. The user sees a normal looking link or URL for a site, but that link is laced with programatic code that can steal their sensitive information without even being noticed.
Cookies are special files stored for use by a web browser that typically contain an identity, an access level, or even account information. Although the cookies are stored on end-user (customer) web browser, attackers have become very adept at harvesting cookie contents.
Web applications track each connection with an end-user as a session, using Session ID’s that are usually just a long string of characters. Sometimes these ID’s aren’t long enough to avoid duplication or aren’t random enough to avoid being guessed.
When a SessionID is discovered, it allows a 3rd party to assume the identity of the end-user. In most cases, this happens without notice by the end-user or the web application. The 3rd party is able to conduct transactions as though they were the actual end-user.
What other threats or attacks are you dealing with?