Friday, December 27, 2024
HomeWeb ApplicationsWeb Application Attacks – Types, Impact & Mitigation – Part-3

Web Application Attacks – Types, Impact & Mitigation – Part-3

Published on

SIEM as a Service

With this article, we list some of the common web application attacks, impacts, and possible mitigation. In part -3 we are covering the following attacks.

Web Application Attacks

  1. Cross-site scripting
  2. Cacheable Pages Discovered
  3. Referrer Header Not Properly Validated
  4. Cross-Site Request Forgery
  5. HTTP Headers – Information Disclosure
  6. Binary planting
  7. Binary hardening

Cross site scripting

Cross-site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of JavaScript) to another user.

Assessor observed that application is not validating contents of the input file being uploaded in the application as banner and responding to the browser for execution which leads to XSS (cross-site scripting).

- Advertisement - SIEM as a Service

Types- Reflected , stored, DOM

Impact – A browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

Mitigation

The application must perform validation of all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against a rigorous specification of what should be allowed. Also filter the content of image files being uploaded to the server.

Any meta-characters should be filtered for, in all input accepting fields, both at the client-side as well as sever-side.

Server-side validation is mandatory. The validation should not attempt to identify active content and remove, filter, or sanitize it. Encoding user supplied output can also defeat XSS vulnerabilities by preventing inserted scripts from being transmitted to users in an executable form.

The application must be configured to filter meta-characters and unexpected characters such as:

CharacterEncoding
CharacterEncoding
<&lt; or <
))
>&gt; or >
##
&&amp; or &
%%
&quot; or “
;;
&apos; or ‘
++
((

Cacheable Pages Discovered

When an application allows some web Pages to be cached in the browser memory and thus they can be accessed even after the user has logged out.

Impact

Browsers may store a locally cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTP. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Mitigation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root.

Alternatively, most web development platforms allow you to control the server’s caching directives from within individual scripts. Ideally, the webserver should return the following HTTP headers in all responses containing sensitive content:

• Cache-control: no-store

• Pragma: no-cache

Also Check Course: Mastery Web Hacking and Penetration Testing Complete Bundle

Referrer Header Not Properly Validated

The values passed in the HTTP Referrer header are not being validated properly. Referrer logging is used to allow websites and web browsers to identify where people are visiting them from, for promotional or security purposes. A referrer is a popular tool to combat CSRF (Cross-Site Request Forgery).

Impact

An attacker can leverage this flaw to avoid the logging feature of application. Also, this could lead to successful CSRF and referrer spoofing attacks.

Mitigation

The application should validate the values of HTTP Referrer header properly

If a tampered referrer header request is coming from a valid user session then the session should be invalidated and user should be logged out immediately to avoid CSRF attacks.

Cross-Site Request Forgery

It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.

Impact- This attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim.

Mitigation

  • Add a per-request nonce to URL and all forms in addition to the standard session. This is also referred to as “form keys.
  • Add a per-session nonce to URL and all forms
  • .NET – add session identifier to View State with MAC
  • Checking the referrer in the client’s HTTP request will prevent CSRF attacks. By ensuring the HTTP request have come from the original site means that the attacks from other sites will not function. It is very common to see referrer checks used on embedded network hardware due to memory limitations.
  • Page tokens solve a number of security issues. Since a page token is much short-lived, it is now more difficult for attackers to browse a user’s session. The page tokens present on a particular page are valid only till the user clicks one of the links. A soon as the server receives a new request, the old tokens are overwritten with a new set.

HTTP Headers – Information Disclosure

when the HTTP headers received as the response of HTTP service discloses information about the version of the web server.

Impact

An attacker can gain sensitive information about the target via HTTP headers. This information can help the attacker to build a platform for further attacks.

Mitigation

It is recommended that information such as internal IP, underlying technology, versions of OS, web server, or application server should not be disclosed via HTTP response headers.

Set the value of “RemoveServerHeader” to “1

Binary planting

Binary planting is a general term for an attack where the attacker places a binary file containing malicious code to a local or remote file system in order for a vulnerable application to load and execute it.

Impact

  1. Insecure access permissions on a local directory allow a local attacker to plant the malicious binary in a trusted location.
  2. One application may be used for planting a malicious binary in another application’s trusted location.
  3. The application searches for a binary in untrusted locations, possibly on remote file systems.

Binary hardening

Buffer Overflow Protection- compiler-enforced protection, which implements canary values to change the organization of stack-allocated data.

Binary Stirring

Binary stirring protects against this by randomizing the instruction addresses every time the executable is launched

Pointer Masking

Code pointer masking enforces “the correct semantics of code pointers” to protect an application.

you can read part 4 HERE.

Also Read

Web Application Attacks – Types, Impact & Mitigation – Part-1

Web Application Attacks – Types, Impact & Mitigation – Part-2

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Lumma Stealer Attacking Users To Steal Login Credentials From Browsers

Researchers observed Lumma Stealer activity across multiple online samples, including PowerShell scripts and a...

New ‘OtterCookie’ Malware Attacking Software Developers Via Fake Job Offers

Palo Alto Networks reported the Contagious Interview campaign in November 2023, a financially motivated...

NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern

The recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms...

Palo Alto Networks Vulnerability Puts Firewalls at Risk of DoS Attacks

A critical vulnerability, CVE-2024-3393, has been identified in the DNS Security feature of Palo...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

Gesture Jacking – New Attack That Deceives Website Visitors

The Web Platform is incredibly powerful, but regrettably, malicious websites will do all in...

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as...

Most Popular Websites Still Allow Users To Have Weak Passwords

The latest analysis shows that tens of millions of people are creating weak passwords...