Wednesday, October 29, 2008

Web Vulnerability Detection: SQL Injection, XSS, GHDB, Sniffers

Web Vulnerability Detection: SQL Injection, XSS, GHDB, Sniffers

What's Web Vulnerability & how does it impact?

Why the Web Sites are still vulnerable when we have technologies like Firewaals, SSL, etc.? Because most of the web sites are made for a public use and need to be available 24x7 on a publicly accessible route. Since the Web applications have access to the data in the back-end and in most of the cases many vital pieces of secured info are stored in the middleware which may provide the hackers some loopholes to get hold of those secure and highly valuable pieces. It's not the web applications don't have any security measures in place, but the fact is that it's extremely difficult (if at all possible) to eliminate the probability of a hacker cheating to web apps. This para sort of covers why the web vulnerability still exist and the below text will try to cover in what forms the hackers can attack a site and how can we minimize such risks.

There are many security testing tools normally known as WVS (Web Vulnerability Scanner) tools are available in the market, many of them being Open Source as well. These tools are used for auditing the ins and outs of your web application and help you minimizing the direct of indirect security threats which attackers can pose to your web application. This can be very critical for web sites belonging to the finance, military, and government domains in particular. Many of such tools are able to detect even the complex scenarios which can lead an attacker to access the restricted information. Some popular WVS tools available are: Acunetix WVS, Wikto, Nikto, etc. A list of such tools are available here.

Most popular Web Vulnerabilities
  • SQL Injection: it's a technique to modify the SQL statements hitting your web application to get hold of secure data. Read more in this article - SQL Injection & its prevention >>
  • Cross Site Scripting (XSS): this is a technique which allows an attacker to execute a malicious script in the browser of expected visitors of your sites. This way it can collect the credentials and other important piece of info simply by reading the typed-in keystrokes. It's believed to be among the most common application layer hacking techniques. XSS allows the hacker to embed malicious scripts written either in JavaScript, VBScript, ActiveX, or Flash (the scripting languages which execute on a client machine) and the scripts seem to execute as part of the other dynamic contents on the site inviting the users to enter critical info or to simply ask them to execute it on their machine which may scan their local system for other vital pieces of information. How can the hackers embed the scripts? One way of doing it is by intercepting the client query and appending the malicious script code in the URL reaching the Web Server. If the server is not having all the preventions of detecting and handling the presence of dangerous characters in both ASCII and Hex formats then the script may return and execute at the client machine without much of an issue. The data collected this way can be gathered by the hackers in a number of ways. For example: the script may add the data to the URL which can then be intercepted by the hackers or the script can lead the user to an insecure page and ask them to enter their secure information there.
  • CRLF Injection: such an attack allows the hacker to fire commands which can lead your web application into an inconsistent state depending on how open the application is for such attacks. If the inputs coming to the application are not properly validated then the application maybe prone to damage. As you would be knowing that CR (Carriage Return, ASCII 13, \r) and LF (Line Feed, ASCII 10, \n) is the sequence used by Windows systems to indicate the end of line and also to indicate the "Enter" keystroke. On Linux/UNIX systems the end of line is indicated by LF only. How severe can such attacks damage the web application depends on how many loopholes the developer have left in the design and code.
  • Directory Traversal: as the name suggests such an attack can lead the hacker to get access to the directory structure of your hosted web application which may in turn allow him/her to run view/update/delete/insert critical resources and this can obviously cause a complete mess.
  • Authentication Vulnerabilities: such an attack may allow the hackers to login to the system as legitimate users and you can easily visualize how much harm can they really do to the system. If they somehow manage to get the credentials of an admin user then the entire system can collapse (or be compromised) in a jiffy. Some of ways of dealing with such attacks to have a complex password policy and to have a layered authentication scheme for users having critical privileges. For example: Fund Transfers on Internet requiring you to enter ATM Card digits/codes, Expiry Date, CVV, etc. are nice examples of layered authentication. Chances of breaking all the layers at one time are significantly less than breaking one (even the complex ones).
  • AJAX and Web 2.0 Vulnerabilities: the more powerful the technology is the more lethal the attack can be if the technology has been used without sufficient precaution. AJAX and Web 2.0 technologies are excellent in serving their purpose but many a times developers miss a thing or two while using them (which usually don't impact the functionality directly) which ultimately leave loopholes to be exploited by the attackers.
GHDB - Google Hacking Database

This is a huge database of all those queries which have been used by attackers (or which are supposed to be used by them) to get access to the sensitive information. Almost all the WVS tools launch all these queries to all the crawled contents of your site to report you how vulnerable the site is. Since this is a huge database hence the complete fixing of all the reported issues will make your site quite healthy and immune to the attacks.

Liked the article? You may like to Subscribe to this blog for regular updates. You may also like to follow the blog to manage the bookmark easily and to tell the world that you enjoy GeekExplains. You can find the 'Followers' widget in the rightmost sidebar.


No comments: