This article is a continuation of SANS Top Application vulnerabilities that’s been discussed in the previous post
SQL injection is a form of security vulnerability whereby the attacker injects a SQL code to the Webform input box to gain access to resources or change data that is not authorized to access. This vulnerability can be induced to the application during the design, implementation, and operation stages.
In a normal input operation, a Web form is used for user authentication. When a user enters their name and password into the text boxes, these values are inserted into a SELECT query. If the input values are correct, the user is granted access to the application or request, but if the values are incorrect, access will be denied. Most of the Web Forms not able to identify this malicious input resulting in granting access to the whole database
Previously Freed Memory
This issue is caused by the referencing of memory after it has been released, which can seriously lead to a program crash. When you use a previously freed memory, this can have adverse consequences, like corrupting of valid data, arbitrary code execution which is dependent on the flaw timing.
Two common causes are:
- Error conditions within the software and in some other exceptional cases.
- No explanation as to which part of the program caused the free memory.
For an instance, the memory is allocated to another pointer immediately after it has been freed. The previous pointer to the freed memory is used again and now points to somewhere around the new allocation. By the time the data is changed, this can corrupt the used memory and could make the application behave in an undefined way.
Integer Overflow Error
When a calculation is processed by an application and there is a logical assumption that the resulting value will be greater than the exact value, integer overflow happens. Here, an integer value increases to a value that cannot be stored in a location.
When this happens, the value will usually wrap to become a very small or negative value. If the wrapping is expected, then it’s fine, but there can be security consequences if the wrap is unexpected. When this scenario occurs, it could be termed critical as the result is used to manage looping, security decision, used to allocate memory will lead to a erratic behaviour making data to corrupt and leading to a crash
Cross-Site Request Forgery
Web application does not sufficiently verify the HTTP request, whether the request was coming from the right user or not. The webservers are designed to accept all requests and to give a response to them.
For an instance lets take a client sends several HTTP requests within one or several sessions. It is very difficult for a webserver to know whether all the requests were authentic or not, and it’s usually processed. An attacker may have its way of forcing a client to visit a specially crafted webpage and now be able to perform some requests like fund transfer, changing their email address. Immediately an attacker has access and they will be able to steal data and can even destroy data. They can always maintain their access and when they are done, can compromise the audit log to prevent any future forensic that could expose their exploit.
Directory traversal or file path traversal is a web security vulnerability that allows an attacker to read arbitrary files on the server that is currently running an application. These files could be an application code, credentials for back-end systems, and the operating system files. One Scenario, an attacker might be able to write to these arbitrary files on the server which could allow them to modify application data or behavior, and this will give them total control of the server.
OS Command Injection
It is about the improper sanitization of special elements that may lead to the modification of the intended OS command that is sent to a downstream component. An attacker can execute these malicious commands on a target operating system and can access an environment to which they were not supposed to read or modify.
This invariably would allow an attacker to execute dangerous commands directly into the operating system. Whenever this vulnerability occurs in a privileged program, it allows the attacker to use commands that are allowed in the environment or to call other commands with privileges that the attacker does not have, which could increase the amount of damage that could occupied
Out-of-bounds Write Error
This happens when the application writes data past the end, or before the beginning of the designated buffer. When this happens, the result is usually data corruption, system, or application crash. What the application does is some sort of pointer arithmetic that is used in referencing a memory location outside the buffer boundaries.
Improper Authentication Error
This is when an attacker claims to have a valid identity, but the software failed to verify or proves that the claim is correct. A software validates a user’s login information wrongly and as a result, an attacker could gain certain privileges within the application or disclose sensitive information that allows them to access sensitive data and execute arbitrary code.
In the next article series , remaining vulnerabilities will get discussed.