FindHow Page

How to Secure a Web Application from Vulnerabilities

Common web application vulnerabilities

Web applications are subject to a number of vulnerabilities and companies that work with such applications must be well acquainted with what they are so that they may know how to protect theirs against such threats. Five of the most common, according to Symantec, are:

- remote code execution (highly critical): the result of improper coding. The attacker can obtain any information that he or she wants by using system-level code on the server. Remote code execution may be difficult to detect even when a penetration testing assignment is being run.

- SQL injection (moderately critical): SQL (Structured Query Language) is the name of a computer language that was originally created in 1975 for the purposes of making searches in databases. SQL injection, one of the oldest forms of attack on web applications, consists of using the language to search for valuable information in the database of a server.

-format string vulnerabilities (moderately critical): The attacker prints data from some location in memory, such as a stack, or writes arbitrary data to arbitrary locations by using various format tokens. Format string is often used in denial of service (DoS) attacks in which a computer or a whole network is rendered unusable to those who are supposed to be able to use it.

-cross site scripting (XSS; less critical): This is one of the most complex forms of web application vulnerability. The person responsible sets up a malicious website designed so that it appears at first glance to be perfectly innocent. He or she then lures the intended victims into visiting the site, causing malicious software to be downloaded into the browsers. The victim may also have his cookie stolen and his session hijacked in this way.

-user name enumeration (less critical): The attacker can test to see whether a given user name is correct or not by means of backend validation script. Much of the time developers forget to change or delete accounts that had been created for the purpose of testing. Since many of these accounts have trivial names and passwords that are easy to guess, they are a common target for those who target web applications.

Securing a web application

Now that we have discussed the major types of attacks to which web applications are vulnerable, we can move on to what steps can be taken to protect them against such vulnerabilities. Each of the five problems discussed in the previous section has its own solutions as outlined in the subsections that follow.

Remote code execution

The register in many of the most recent PHP versions can be switched on and off in files of the types php.ini and .htaccess. If the register is on then the variable needs to be properly initialized. The administrator should also ask the application developer about anything of which he or she is not sure. All user input MUST be sanitized before it is processed; this step cannot be omitted. Shell commands (lines that belong to a category other than variable definitions, function and method calls, rule definitions or special commands) should be avoided wherever possible and if they must be used, string construction should be executed with filtered data only. In addition, you must make sure that you escape the output.

SQL injection

Do not connect to the database as a the owner thereof or as a superuser (a special user account created for system administration). You should instead connect via customized users with the minimal number of privileges for performing the task for which the database connection is being made.

Format string vulnerabilities

The countermeasures against this type of threat are comparatively simple: You edit your source code to insure that the input will be properly confirmed.

XSS

Preventive measures against XSS attacks can be done by entering code in a certain way. Instead of entering “http://victim_site/clean.php?name_1=code or http://victim_site/clean.php?name_1=alert(document.cookie);,” for instance, enter “<?php $html= htmlentities($_GET['name_1'],ENT_QUOTES, 'UTF-8'); echo "

Your Name
"; echo ($html); ?>.”

User name enumeration

You do not want valid user names to be disclosed to outsiders. Therefore you need to have consistent error messages displayed when an invalid user name is entered. Testing accounts of the kind described above should be completely removed or else their passwords should be changed between the time the testing has been completed and the time that the application is put onto the Web.

Other vulnerabilities and solutions

There are numerous other weaknesses in web application systems of which hackers can easily take advantage. A complete list of known vulnerabilities can be found at Acunetix; by clicking on them you can find how they manifest themselves and what countermeasures you can take to prevent them from striking.

Conclusion

Long before the computer even existed, Benjamin Franklin wisely stated that “An ounce of prevention is worth a pound of cure.” This saying can be applied to computer systems just as it can be applied to any other area of life. Always keep up to date on the latest threats to web applications in order to remain one step ahead of would-be hackers.

http://www.veracode.com/security/web-application-vulnerabilities
https://www.sitelock.com/web-application-firewall.php
http://searchsecurity.techtarget.com/tip/Five-common-Web-application-vul...
http://www.isaca.org/Journal/Past-Issues/2005/Volume-4/Pages/Common-Web-...
http://www.websecurify.com/overview/vulnerabilities.html
https://www.f5.com/pdf/white-papers/vulnerabilities-wp.pdf
http://www.upenn.edu/computing/security/swat/SWAT_Top_Ten.php
http://google-gruyere.appspot.com/
http://www.beyondtrust.com/Products/RetinaWebSecurityScanner/
http://samate.nist.gov/index.php/Web_Application_Vulnerability_Scanners....

Category: