- Local File Inclusion
- Malicious File Upload
- Clear Text Traffic
- Http parameter air pollution attack
- Link Injection
- Session ID with out session attribute
- Auto-Complete Attribute Not Set to Off
Local File Inclusion
Local File Inclusion is the process of together with files on a server via the web browser. This vulnerability happens when a page embody will not be correctly sanitized and permits directory traversal characters to be injected.
An attacker can acquire entry to the server and launch additional assaults to compromise the service.
It is beneficial to filter meta characters from user input. Ensure that the newest model of the web server is put in and all patches have been utilized.
Malicious File Upload
when the application has choices to add files. The application permits executable files additionally to be uploaded. This would permit an adversary to add a malicious file to the web server and try and execute it.
An attacker could possibly add malicious files like Trojans or files with a malicious server-side script, doubtlessly resulting in server compromise
It is beneficial implementing server facet validation routine which performs filtering primarily based on:
a) File extensions, b) Content-Types, c) Magic Numbers, d) File Size
The application ought to validate the kind of the file that’s uploaded by the user previous to accepting and parsing the file. extra, all files uploaded needs to be scanned by anti-virus software up to date with the newest signatures and to remove execute permissions in your file add directory
Clear Text Traffic
when whole visitors is served over HTTP. A person within the center can acquire a variety of delicate information by sniffing this clear text visitors.
An attacker who is ready to sniff network visitors could acquire delicate information.
It is beneficial to implement TLS1.1, TLS 1.2 encryption
Http Parameter Pollution Attack
HTTP Parameter Pollution pollutes the HTTP parameters of a web application with a view to carry out or obtain a selected malicious job/attack completely different from the meant conduct of the web application.
This attack may be realized is as a result of the input will not be sanitized. HPP injects encoded question string delimiters in present or different HTTP parameters (i.e. GET/POST/Cookie), which make it possible to supersede parameter values that exist already to inject a brand new parameter or exploit variables from direct entry.
- Supersede present hardcoded HTTP parameters.
- Alter or modify the meant/regular application conduct.
- Access and doubtlessly exploit variables that aren’t been managed correctly.
- Bypass WAF’s guidelines or input validation mechanisms.
correct input validation needs to be carried out
when Application accepts a user-controlled input that specifies a link to an exterior site, and makes use of that link in a Redirect.
The user could also be redirected to an unsecured page that comprises malware which can then compromise the user’s machine or for phishing assaults. URL redirection additionally facilitates CSRF(Cross-Site Request Forgery)
It’s beneficial to disable redirection to exterior websites primarily based on parameter values and implement input validation for important parameters.
Session ID with out session attribute
session attributes similar to “HTTPOnly”, “Secure” & “Domain” identify aren’t set with Session IDs.
The “HTTPOnly” attribute guarantee that the cookies may be accessed through HTTP methods solely. Without this attribute, different entities (primarily java code) can be utilized to entry the cookies.
This will increase the threat posed by XSS assaults because the cookies may be stolen utilizing them. However, if this attribute is utilized, java scripts can not entry the session cookies.
Without “Secure” attribute the application can switch the session cookie over unencrypted channel
Without “Domain” attribute the cookie can be utilized by different domains and facilitate cross-site request forgery.
It’s beneficial to set the session attributes similar to HTTPOnly, Secure and Domain Name with Session ID.
Auto-Complete Attribute Not Set to Off
The worth of the “AutoComplete” attribute will not be set to “off”. This permits browsers to store information entered by the user within the cache reminiscence.
An attacker could use this flaw to get better the entered “username” and “password” from the browser cache.
- The attribute “autocomplete” needs to be added to the source code for all of the input fields accepting delicate information
- And the worth of this attribute needs to be set to “off”