Skip to main content

Web Application Security

Application security :

 Some of the following Application security is exist in web development, These are in the order of most attacked at the level 1,

 1 - Cross site scripting
2 - SQL Injection
3 - File Upload
4 - Cross site request forgery
5 - Local file inclusion
6 - Remote code execution
7 - Full path disclosure
8 - Remote file inclusion
9 - Authentication Bypass
10 - General bypass
11 - Open direct
12 - XML external entity
13 - Denial of services

1 - Cross site scripting (also known as XSS):  

XSS vulnerabilities target scripts embedded in a page that are executed on the client-side (in the user’s web browser) rather than on the server-side.

Let suppose end user fill the form and put the script tag in the textfield, this script is stored in the database field.  When this field shows in the web then this script would be executed and harm the web , Some common attacks are like , change the image source , fire any event, or steal the cookies.
Cookies are a file which is stored in the computer, if any attacker steal my cookies then he can login my account without the credentials.

XSS are two types : 

1 - Stored XSS : like add script tag in textfield and save in db, if anyone visit the site the script would be executed, it's called the Stored XSS attack.

2 - Reflected XSS : like anyone send me a url with script tag , when we hit this url it will executed, it means it is only executed when we click that link. it is called the reflected XSS.


2 - SQL Injection : 

SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.

let's suppose we create the textfield called user id, user fill the userid and based on it we fire the query and display the result , 

like 
txtSQL = "SELECT * FROM Users WHERE UserId = " + txtUserId;
But the end use did not enter the user id while it fill the sql statement,
like
105 OR 1=1
so now the query would be 

SELECT * FROM Users WHERE UserId = 105 OR 1=1;
The SQL above is valid and will return ALL rows from the "Users" table, since OR 1=1 is always TRUE.

Type of SQL injection :
1 - In-Band SQL Injection : The example is above, when user executes the the command ans can see the result,
2 - Blind SQL Injection : In this attack the attacker change the structure of the db, but can not see the result , that why it is called the blind SQLI.
3 - Out of Bound SQL Injection : 

Steps to prevent SQL injection attacks : 
1 - use the mysql_real_escape_string function in mysql , it escape(remove) the special character , so if anyone add and sql statement in the textfield it will return to FALSE,
2 - Using Prepared Statements : use the prepare statement with placeholders , like drupal 8 query
$stmt = $dbh->prepare("SELECT * FROM users WHERE USERNAME = ? AND PASSWORD = ?");

$stmt->execute(array($username, $password));
PHP 5.5, procedural MySQL has been deprecated and will soon be removed entirely. This means that future software projects will need to be switched to either MySQLi or PDO MySQL in order to continue to work

Cross site request forgery : 

Let say i use internet banking, and login my account, so a new session is created , when the use login it create a cookie file in user system, it has the session id and expiration time to expire. when we hit the http request every time the stored cookie is also hit to the server to verify the use is login or not.

now i am attacker and i create a link with this link transfer transfer the money to my account. so if the login user hit the link then the script executed and transfered the account to my account. just because the user is already login so it will executed no doubt.

 To Prevent it we create CSRF token, like in drupal every form has a CSRF token in hidden field.


Labels:

Comments

Post a Comment

Popular posts from this blog

How to span column of custom table in Drupal

If you want to span the column of custom drupal table like below image, Follow the below code to make the header of the table , <?php $header = array('S.N','District', array('data' => '<div class ="house">Household </div><br><span>Rural</span> <p>Urban</p>','colspan' => 2), array('data' => '<div class ="house">Members</div> <br><span>Rural</span> <p>Urban</p>','colspan' => 2), 'Duplicate/Failed Registration', array('data' => '<div class ="house">Pending De duplication </div><br><span>Rural</span> <p>Urban</p>','colspan' => 2), 'Non Un-organised Workers', 'SSID Generated', 'No. of Card Personlised', ); $rows[] = arra...
1 comment
Read more

Drupal 8 : Link actions,Link menus,Link Tasks,Routings

Drupal 8 : Link actions,Link menus,Link Tasks,Routings Link actions Local actions have also been moved out of the hook_menu() system in Drupal 8 .Use actions to define local operations such as adding new items to an administrative list (menus, contact categories, etc). Local actions are defined in a YAML format, named after the module they are defined by. Such as menu_ui.links.action.yml for this example from menu_ui module: menu_ui.link_add:   route_name: menu_ui.link_add   title: 'Add link'   appears_on:     - menu_ui.menu_edit Here, menu_ui.link_add: It is the Unique name of the link action Most likely start with module name, route_name : Name of the route it means when click the link it redirect to this route, appears_on :  An array of route names for this action to be display on. Now how to know the Route name of any internal/external admin pages like below, By through the drupal console we achieve it, drupal debug:router...
Post a Comment
Read more

Get The field values of node in Drupal 8

use Drupal \ node \ NodeInterface ; /** * Implements hook_ENTITY_TYPE_insert() for node entities. * * This tests saving a node on node insert. * * @see \Drupal\node\Tests\NodeSaveTest::testNodeSaveOnInsert() */ function node_test_node_insert ( NodeInterface $node ) { // Set the node title to the node ID and save. if ( $node - > getTitle ( ) == 'new' ) { $node - > setTitle ( 'Node ' . $node - > id ( ) ) ; $node - > setNewRevision ( FALSE ) ; $node - > save ( ) ; } } Now There is so many functions are there to get the values, For All the functions available visit the API code, https://api.drupal.org/api/drupal/core%21modules%21node%21src%21NodeInterface.php/interface/NodeInterface/8.2.x Some of as below, Node edit form, Drupal 8 Automatically Load the whole object no need to load the entity like below, if ($event->getFormId() == 'node_alexa_audio_clips_edit_form') { $node = \Drupal::ro...
Post a Comment
Read more