Saturday, December 4, 2010

Web Security issues

1. Cross Site Request Forgery : (CSRF)

Change the DNS entry for the server in the ADSL of the user for a particular domain,
so that the request goes to a different domain altogether

For e.g. a URL in one of the forums which Bob uses : 
<img src="">
If Bob's cookies haven't expired, this will benefit mallory.

Prevention :
1. Add authentication token in GET/POST
2. Check referrer
3. secret token
4. crossdomain.xml

2. Replay attack :
Evasdrop on a client server communication and re-play it.
Prevention : 
Server should the client a one-time use token.
Other Issues : 

3. Cross site cooking / Cross sub domain cooking (allowing a web site to set cookies for other domains/sub domains)
then, if the affected person logs on, evil person can use that cookie
General solutions : 
generate new SId, before something crucial.
destroy session for malicious referrer
check browser etc information
time out old SIDs.

4. A billion laughs : 

<!DOCTYPE root [
<!ENTITY ha "Ha! ">
<!ENTITY ha2 "&ha;&ha;">
<!ENTITY ha3 "&ha2;&ha2;">
<!ENTITY ha4 "&ha3;&ha3;">
<!ENTITY ha5 "&ha4;&ha4;">
<!ENTITY ha128 "&ha127;&ha127;">

5. Similar to a Billion laughs : 
ReDos (Regular expression Denial of Service)

No comments:

Blog Archive