Tuesday, November 12, 2024
HomeWeb ApplicationsWeb Application Attacks – Types, Impact & Mitigation – Part-3

Web Application Attacks – Types, Impact & Mitigation – Part-3

Published on

Malware protection

With this article, we list some of the common web application attacks, impacts, and possible mitigation. In part -3 we are covering the following attacks.

Web Application Attacks

  1. Cross-site scripting
  2. Cacheable Pages Discovered
  3. Referrer Header Not Properly Validated
  4. Cross-Site Request Forgery
  5. HTTP Headers – Information Disclosure
  6. Binary planting
  7. Binary hardening

Cross site scripting

Cross-site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of JavaScript) to another user.

Assessor observed that application is not validating contents of the input file being uploaded in the application as banner and responding to the browser for execution which leads to XSS (cross-site scripting).

- Advertisement - SIEM as a Service

Types- Reflected , stored, DOM

Impact – A browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.

Mitigation

The application must perform validation of all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against a rigorous specification of what should be allowed. Also filter the content of image files being uploaded to the server.

Any meta-characters should be filtered for, in all input accepting fields, both at the client-side as well as sever-side.

Server-side validation is mandatory. The validation should not attempt to identify active content and remove, filter, or sanitize it. Encoding user supplied output can also defeat XSS vulnerabilities by preventing inserted scripts from being transmitted to users in an executable form.

The application must be configured to filter meta-characters and unexpected characters such as:

CharacterEncoding
CharacterEncoding
<&lt; or <
))
>&gt; or >
##
&&amp; or &
%%
&quot; or “
;;
&apos; or ‘
++
((

Cacheable Pages Discovered

When an application allows some web Pages to be cached in the browser memory and thus they can be accessed even after the user has logged out.

Impact

Browsers may store a locally cached copy of content received from web servers. Some browsers, including Internet Explorer, cache content accessed via HTTP. If sensitive information in application responses is stored in the local cache, then this may be retrieved by other users who have access to the same computer at a future time.

Mitigation

The application should return caching directives instructing browsers not to store local copies of any sensitive data. Often, this can be achieved by configuring the web server to prevent caching for relevant paths within the web root.

Alternatively, most web development platforms allow you to control the server’s caching directives from within individual scripts. Ideally, the webserver should return the following HTTP headers in all responses containing sensitive content:

• Cache-control: no-store

• Pragma: no-cache

Also Check Course: Mastery Web Hacking and Penetration Testing Complete Bundle

Referrer Header Not Properly Validated

The values passed in the HTTP Referrer header are not being validated properly. Referrer logging is used to allow websites and web browsers to identify where people are visiting them from, for promotional or security purposes. A referrer is a popular tool to combat CSRF (Cross-Site Request Forgery).

Impact

An attacker can leverage this flaw to avoid the logging feature of application. Also, this could lead to successful CSRF and referrer spoofing attacks.

Mitigation

The application should validate the values of HTTP Referrer header properly

If a tampered referrer header request is coming from a valid user session then the session should be invalidated and user should be logged out immediately to avoid CSRF attacks.

Cross-Site Request Forgery

It is possible to steal or manipulate customer session and cookies, which may be used to impersonate a legitimate user, allowing the hacker to view or alter user records, and to perform transactions as that user.

Impact- This attack forces a logged-on victim’s browser to send a request to a vulnerable web application, which then performs the chosen action on behalf of the victim.

Mitigation

  • Add a per-request nonce to URL and all forms in addition to the standard session. This is also referred to as “form keys.
  • Add a per-session nonce to URL and all forms
  • .NET – add session identifier to View State with MAC
  • Checking the referrer in the client’s HTTP request will prevent CSRF attacks. By ensuring the HTTP request have come from the original site means that the attacks from other sites will not function. It is very common to see referrer checks used on embedded network hardware due to memory limitations.
  • Page tokens solve a number of security issues. Since a page token is much short-lived, it is now more difficult for attackers to browse a user’s session. The page tokens present on a particular page are valid only till the user clicks one of the links. A soon as the server receives a new request, the old tokens are overwritten with a new set.

HTTP Headers – Information Disclosure

when the HTTP headers received as the response of HTTP service discloses information about the version of the web server.

Impact

An attacker can gain sensitive information about the target via HTTP headers. This information can help the attacker to build a platform for further attacks.

Mitigation

It is recommended that information such as internal IP, underlying technology, versions of OS, web server, or application server should not be disclosed via HTTP response headers.

Set the value of “RemoveServerHeader” to “1

Binary planting

Binary planting is a general term for an attack where the attacker places a binary file containing malicious code to a local or remote file system in order for a vulnerable application to load and execute it.

Impact

  1. Insecure access permissions on a local directory allow a local attacker to plant the malicious binary in a trusted location.
  2. One application may be used for planting a malicious binary in another application’s trusted location.
  3. The application searches for a binary in untrusted locations, possibly on remote file systems.

Binary hardening

Buffer Overflow Protection- compiler-enforced protection, which implements canary values to change the organization of stack-allocated data.

Binary Stirring

Binary stirring protects against this by randomizing the instruction addresses every time the executable is launched

Pointer Masking

Code pointer masking enforces “the correct semantics of code pointers” to protect an application.

you can read part 4 HERE.

Also Read

Web Application Attacks – Types, Impact & Mitigation – Part-1

Web Application Attacks – Types, Impact & Mitigation – Part-2

Latest articles

10 Best DNS Management Tools – 2025

Best DNS Management Tools play a crucial role in efficiently managing domain names and...

Sweet Security Announces Availability of its Cloud Native Detection & Response Platform on the AWS Marketplace

Customers can now easily integrate Sweet’s runtime detection and response platform into their AWS...

Researchers Detailed Credential Abuse Cycle

Cybercriminals exploit leaked credentials, obtained through various means, to compromise systems and data, enabling...

New Android Malware SpyAgent Taking Screenshots Of User’s Devices

SpyAgent, a newly discovered Android malware, leverages OCR technology to extract cryptocurrency recovery phrases...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

Gesture Jacking – New Attack That Deceives Website Visitors

The Web Platform is incredibly powerful, but regrettably, malicious websites will do all in...

Web Server Penetration Testing Checklist – 2024

Web server pentesting is performed under three significant categories: identity, analysis, and reporting vulnerabilities such as...

Most Popular Websites Still Allow Users To Have Weak Passwords

The latest analysis shows that tens of millions of people are creating weak passwords...