A crucial step in web application security assessments is to identify application pages and functionality to be emphasized during security testing. Another crucial step is to identify vulnerabilities or threats for each of the functionality or web page identified.
SECURITY VULNERABILITY can be defined as a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
SECURITY VULNERABILITY can be defined as a flaw or weakness in system security procedures, design, implementation, or internal controls that could be exercised (accidentally triggered or intentionally exploited) and result in a security breach or a violation of the system’s security policy.
Below are common web application vulnerabilities:
- Authentication:
- Authentication Bypass
- Poor Password Strength
- No Account Lockout
- No Log-out functionality
- Unencrypted Log in Request
- Weak Change Password functionality
- Weak Forgot Password functionality
- Weak Reset Password functionality
- No Change Password functionality
- Authorization:
- Horizontal Privilege Escalation
- Vertical Privilege Escalation
- Forceful Browsing
- Session Management:
- Session Fixation
- Improper Session Expiration on logout
- Session time out too long
- Unencrypted Session Tokens
- Predictable Session Tokens
- Session ID transmitted as URL parameter
- HTTPOnly flag not enabled for session cookie
- Secure flag not enabled for session cookie
- Input Validation:
- Cross Site Scripting
- Cross Site Request Forgery
- SQL Injection
- LDAP Injection
- Buffer Overflow
- Malicious File Upload
- Code Injection
- URL Redirection
- Click Jacking
- Information Leakage in:
- Error Messages
- HTML Comments
- Source Code Disclosure
- Cross Frame Spoofing
- Server Platform Info Leak
- Sensitive Data Revealed
- Cryptography:
- Weak SSL version
- Weak Encryption Key
- Unencrypted Sensitive Data (Eg: Passwords, Cookies)
- Weak Encryption Algorithm
- Weak Encryption Ciphers
- System Configuration:
- Default Passwords Enabled
- Default Pages Enabled
- Default Error Messages Enabled
- Unpatched Software
- Harmful HTTP Methods Enabled
- Unhandled Exceptions
Note: This is only a typical web application vulnerabilities list. More vulnerabilities may be added to the list basing on the application type or technology (web services, web 2.0, Ajax etc.,).
Penetration Testing of an application involved identification of vulnerabilities in the application, risk assessment of the identified vulnerabilities and security recommendations to fix the vulnerabilities (optional).
A detailed and well-established manual penetration testing methodology can be employed for accuracy and effectiveness. Open source and commercial tools can be used to automate routine security testing tasks (testing for System Configuration issues, Information Leakage issues etc.,).
No comments:
Post a Comment