Skip to main content

Posts

Hijack session Part 1(why session and how many ways to maintain)

As we discussed that if we want to track user related information or action performed by user we need to maintain session. There are several ways to maintain session as follows. Saving data in Cookies Saving data in hidden field  Session management URL rewriting  let's have a look one by one each of these ways. 1. Cookies  Cookie is  a small piece of data sent from website to the client. Containing information like session id, user id etc.  Cookie is a small piece of data sent from a website and stored in the user's browser  how you can check cookies related data in your computer system  if you are a windows user then w Cookie is a small piece of data sent from a website and stored in the user's  web browser  while the user is browsing it. Every time the user loads the website, the browser sends the cookie back to the server to notify the user's previous activity. [1]  Cookies were designed to be a re...
Post a Comment
Read more
Recent posts

Second step towards security First know about session

Before getting into the second step towards security we should know about session and session  management . Session :  session is the time interval in which an user  interact  with your application. Like In simple wording time from login to logout is one session. Session basically use to track user information and state. Why Session why we need session in our application:  Actually we use HTTP or HTTPS  protocol  for communication purpose in web applications. HTTP protocol is a state less protocol that means after generation result for your request it do not know you, second request will be considered   as a new user request. It means after generation result application do not have any information regarding previous communication. This is the basic nature of HTTP protocol. So to track all action performed by user in particular time interval session concept introduced. there are following way to track user information:...
1 comment
Read more

First Step towards security (SQL Injection)

SQL Injection  SQL injection is the way by which attacker try to hack your data using interface provided by your application. See following example where attacker going to access your application. suppose following interface our application having to login. If we are having following authentication checks then your application definitely  going to be hack easily. conn = connectionPool.getConnection(); String sql = "select USER_ID from USER_INFO where USER_NAME =  ' " + request.getParameter("userName") + " ' AND PASSWORD = ' " +  request.getParameter("pass") +" ' "; Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery(sql); return rs.next(); Now see how hacker will be going to get access your application  he will use common name in user name like 'admin' , 'super' etc.  and password anything with some code  User name = admin ' or 'a' =...
1 comment
Read more

Security Vulnerabilities in a software.

There are many type of security vulnerability may exist in your software application. You just need to start to know, how many type of security related risk may exist in your applications. Common practice is in development is that we try to find very simplest way to get our problem resolved. But we forget about security related aspects. So this is the time to learn how should we write our code and what we need to avoid to use in our code. We are going yo start with top 10 vulnerabilities which every programmer should know.  Top 10 Vulnerabilities by OWASP (Open Web Application Security Project) Let’s talk about these vulnerabilities one by one: What is SQL Injection and how it works SQL Injection means attacker sends simple text based attacks that exploit the syntax of the targeted interpreter. SQL injections are introduced when software developers write dynamic query that includes user supplied inputs. 1. Application presents a form to the...
Post a Comment
Read more