Saturday, July 13, 2024

Web Application Attacks – Types, Impact & Mitigation – Part-3

With this article, we list some of the common web application attacks, impacts, and possible mitigation. In part -3 we are covering the following attacks.

Web Application Attacks

  1. Cross-site scripting
  2. Cacheable Pages Discovered
  3. Referrer Header Not Properly Validated
  4. Cross-Site Request Forgery
  5. HTTP Headers – Information Disclosure
  6. Binary planting
  7. Binary hardening

Cross site scripting

Cross-site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of JavaScript) to another user.

Assessor observed that application is not validating contents of the input file being uploaded in the application as banner and responding to the browser for execution which leads to XSS (cross-site scripting).

Types- Reflected , stored, DOM

Impact – A browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.


The application must perform validation of all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against a rigorous specification of what should be allowed. Also filter the content of image files being uploaded to the server.

Any meta-characters should be filtered for, in all input accepting fields, both at the client-side as well as sever-side.

Server-side validation is mandatory. The validation should not attempt to identify active content and remove, filter, or sanitize it. Encoding user supplied output can also defeat XSS vulnerabilities by preventing inserted scripts from being transmitted to users in an executable form.

The application must be configured to filter meta-characters and unexpected characters such as:

<&lt; or <
>&gt; or >
&&amp; or &
&quot; or “
&apos; or ‘

Cacheable Pages Discovered

When an application allows some web Pages to be cached in the browser memory and thus they can be accessed even after the user has logged out.


Browsers may store a locally cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTP. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.


The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root.

Alternatively, most web development platforms allow you to control the server’s caching directives from within individual scripts. Ideally, the webserver should return the following HTTP headers in all responses containing sensitive content:

• Cache-control: no-store

• Pragma: no-cache

Also Check Course: Mastery Web Hacking and Penetration Testing Complete Bundle

Referrer Header Not Properly Validated

The values passed in the HTTP Referrer header are not being validated properly. Referrer logging is used to allow websites and web browsers to identify where people are visiting them from, for promotional or security purposes. A referrer is a popular tool to combat CSRF (Cross-Site Request Forgery).


An attacker can leverage this flaw to avoid the logging feature of application. Also, this could lead to successful CSRF and referrer spoofing attacks.


The application should validate the values of HTTP Referrer header properly

If a tampered referrer header request is coming from a valid user session then the session should be invalidated and user should be logged out immediately to avoid CSRF attacks.

Cross-Site Request Forgery

It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.

Impact- This attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim.


  • Add a per-request nonce to URL and all forms in addition to the standard session. This is also referred to as “form keys.
  • Add a per-session nonce to URL and all forms
  • .NET – add session identifier to View State with MAC
  • Checking the referrer in the client’s HTTP request will prevent CSRF attacks. By ensuring the HTTP request have come from the original site means that the attacks from other sites will not function. It is very common to see referrer checks used on embedded network hardware due to memory limitations.
  • Page tokens solve a number of security issues. Since a page token is much short-lived, it is now more difficult for attackers to browse a user’s session. The page tokens present on a particular page are valid only till the user clicks one of the links. A soon as the server receives a new request, the old tokens are overwritten with a new set.

HTTP Headers – Information Disclosure

when the HTTP headers received as the response of HTTP service discloses information about the version of the web server.


An attacker can gain sensitive information about the target via HTTP headers. This information can help the attacker to build a platform for further attacks.


It is recommended that information such as internal IP, underlying technology, versions of OS, web server, or application server should not be disclosed via HTTP response headers.

Set the value of “RemoveServerHeader” to “1

Binary planting

Binary planting is a general term for an attack where the attacker places a binary file containing malicious code to a local or remote file system in order for a vulnerable application to load and execute it.


  1. Insecure access permissions on a local directory allow a local attacker to plant the malicious binary in a trusted location.
  2. One application may be used for planting a malicious binary in another application’s trusted location.
  3. The application searches for a binary in untrusted locations, possibly on remote file systems.

Binary hardening

Buffer Overflow Protection- compiler-enforced protection, which implements canary values to change the organization of stack-allocated data.

Binary Stirring

Binary stirring protects against this by randomizing the instruction addresses every time the executable is launched

Pointer Masking

Code pointer masking enforces “the correct semantics of code pointers” to protect an application.

you can read part 4 HERE.

Also Read

Web Application Attacks – Types, Impact & Mitigation – Part-1

Web Application Attacks – Types, Impact & Mitigation – Part-2


Latest articles

mSpy Data Breach: Millions of Customers’ Data Exposed

mSpy, a widely used phone spyware application, has suffered a significant data breach, exposing...

Advance Auto Parts Cyber Attack: Over 2 Million Users Data Exposed

RALEIGH, NC—Advance Stores Company, Incorporated, a prominent commercial entity in the automotive industry, has...

Hackers Using ClickFix Social Engineering Tactics to Deploy Malware

Cybersecurity researchers at McAfee Labs have uncovered a sophisticated new method of malware delivery,...

Coyote Banking Trojan Attacking Windows Users To Steal Login Details

Hackers use Banking Trojans to steal sensitive financial information. These Trojans can also intercept...

Hackers Created 700+ Fake Domains to Sell Olympic Games Tickets

As the world eagerly anticipates the Olympic Games Paris 2024, a cybersecurity threat has...

Japanese Space Agency Spotted zero-day via Microsoft 365 Services

The Japan Aerospace Exploration Agency (JAXA) has revealed details of a cybersecurity incident that...

Top 10 Active Directory Management Tools – 2024

Active Directory Management Tools are essential for IT administrators to manage and secure Active...

Free Webinar

Low Rate DDoS Attack

9 of 10 sites on the AppTrana network have faced a DDoS attack in the last 30 days.
Some DDoS attacks could readily be blocked by rate-limiting, IP reputation checks and other basic mitigation methods.
More than 50% of the DDoS attacks are employing botnets to send slow DDoS attacks where millions of IPs are being employed to send one or two requests per minute..
Key takeaways include:

  • The mechanics of a low-DDoS attack
  • Fundamentals of behavioural AI and rate-limiting
  • Surgical mitigation actions to minimize false positives
  • Role of managed services in DDoS monitoring

Related Articles