Skip to main content

Security Vulnerabilities in a software.


There are many type of security vulnerability may exist in your software application. You just need to start to know, how many type of security related risk may exist in your applications. Common practice is in development is that we try to find very simplest way to get our problem resolved. But we forget about security related aspects.


So this is the time to learn how should we write our code and what we need to avoid to use in our code. We are going yo start with top 10 vulnerabilities which every programmer should know. 
Top 10 Vulnerabilities by OWASP (Open Web Application Security Project)


Let’s talk about these vulnerabilities one by one:


What is SQL Injection and how it works

SQL Injection means attacker sends simple text based attacks that exploit the syntax of the targeted interpreter. SQL injections are introduced when software developers write dynamic query that includes user supplied inputs.


1. Application presents a form to the attacker

2. Attacker sends an attack in the form data

3. Application forwards attack to the database in a SQL query

4. Database runs query containing attack and sends encrypted results back to application

5. Application decrypts data as normal and sends results to the user

Some Malicious line of code where SQL Injection is possible


#Scenario 1: The application uses untrusted data in the construction of the following vulnerable SQL call:

String query = "SELECT * FROM accounts WHERE custID='" + request.getParameter("id") + "'";



#Scenario 2: Similarly, blind trust in frameworks may result in queries that are still vulnerable, (e.g., Hibernate Query Language (HQL)):

Query HQLQuery = session.createQuery(“FROM accounts
WHERE custID='“ + request.getParameter("id") + "'");


Why those lines can be effected by SQL Injection

#Scenario 1: The application uses untrusted data in the construction of the following vulnerable SQL call:
String query = "SELECT * FROM accounts WHERE custID='" + request.getParameter("id") + "'";
request.getParameter("id“) containing code  “1’ OR 1 = 1”

#Scenario 2: Similarly, blind trust in frameworks may result in queries that are still vulnerable, (e.g., Hibernate Query Language (HQL)):
Query HQLQuery = session.createQuery(“FROM accounts
WHERE custID='“ + request.getParameter("id") + "'");
request.getParameter("id“) containing code “1’ OR 1 = 1” 

Some general guidelines:

"Connections" between systems are highly vulnerable

Always assume that data coming from user could be "evil"
be sure to include "evil" use cases and user stories in your design

Ideally, only allow the user to select among "safe" options
no generic text allowed

If user-input text is needed, use parameterized queries
clean up quotes, parenthesis, and SQL comments

Use a battle-tested library for protecting your database
Java PreparedStatement, OWASP's ESAPI codecs


Comments

Post a Comment

Popular posts from this blog

First Step towards security (SQL Injection)

SQL Injection  SQL injection is the way by which attacker try to hack your data using interface provided by your application. See following example where attacker going to access your application. suppose following interface our application having to login. If we are having following authentication checks then your application definitely  going to be hack easily. conn = connectionPool.getConnection(); String sql = "select USER_ID from USER_INFO where USER_NAME =  ' " + request.getParameter("userName") + " ' AND PASSWORD = ' " +  request.getParameter("pass") +" ' "; Statement stmt = conn.createStatement(); ResultSet rs = stmt.executeQuery(sql); return rs.next(); Now see how hacker will be going to get access your application  he will use common name in user name like 'admin' , 'super' etc.  and password anything with some code  User name = admin ' or 'a' =...
1 comment
Read more

Hijack session Part 1(why session and how many ways to maintain)

As we discussed that if we want to track user related information or action performed by user we need to maintain session. There are several ways to maintain session as follows. Saving data in Cookies Saving data in hidden field  Session management URL rewriting  let's have a look one by one each of these ways. 1. Cookies  Cookie is  a small piece of data sent from website to the client. Containing information like session id, user id etc.  Cookie is a small piece of data sent from a website and stored in the user's browser  how you can check cookies related data in your computer system  if you are a windows user then w Cookie is a small piece of data sent from a website and stored in the user's  web browser  while the user is browsing it. Every time the user loads the website, the browser sends the cookie back to the server to notify the user's previous activity. [1]  Cookies were designed to be a re...
Post a Comment
Read more