Showing posts with label IT. Show all posts
Showing posts with label IT. Show all posts

Monday, May 15, 2023

Application Security Risk - Broken Access Control

0 comments
Broken Access Control refers to vulnerabilities that allow unauthorized actors to gain access to sensitive information or perform actions they are not supposed to. This can be categorized into several common weaknesses:CWE-200: Exposure of Sensitive Information to an Unauthorized Actor




CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-352: Cross-Site Request Forgery

  • Common causes of Broken Access Control include:Violation of the principle of least privilege or deny by default. This means that access should only be granted to specific capabilities, roles, or users, but it is instead available to anyone.
  • Bypassing access control checks by modifying the URL (parameter tampering or force browsing), internal application state, HTML pages, or by using attack tools to modify API requests.
  • Allowing the viewing or editing of someone else's account by providing its unique identifier (insecure direct object references).
  • Accessing APIs without proper access controls for POST, PUT, and DELETE operations.
  • Elevation of privilege, such as acting as a user without being logged in or acting as an admin when logged in as a regular user.
  • Manipulation of metadata, like replaying or tampering with access control tokens such as JSON Web Tokens (JWTs), cookies, or hidden fields to elevate privileges or abuse JWT invalidation.
  • Misconfiguration of Cross-Origin Resource Sharing (CORS), which allows unauthorized or untrusted origins to access APIs.
  • Force browsing to authenticated pages as an unauthenticated user or accessing privileged pages as a standard user.

Here are two scenarios that illustrate Broken Access Control vulnerabilities:

Scenario #1: The application uses unverified data in a SQL call that accesses account information:
java
pstmt.setString(1, request.getParameter("acct")); ResultSet results = pstmt.executeQuery();


An attacker can simply modify the browser's 'acct' parameter to send any account number they want. If this input is not properly verified, the attacker can access any user's account by manipulating the URL:
arduino
https://example.com/app/accountInfo?acct=notmyacct
Scenario #2: An attacker can force browse to target URLs that should be restricted to certain user roles. For example, access to the admin page requires admin rights:
ruby
https://example.com/app/getappInfo https://example.com/app/admin_getappInfo


If an unauthenticated user can access either of these pages, it indicates a flaw. Similarly, if a non-admin user can access the admin page, it is also a security vulnerability.

Prevention Measures:

  • To prevent Broken Access Control vulnerabilities, follow these best practices:Implement access control mechanisms in trusted server-side code or serverless APIs, where attackers cannot modify the access control check or metadata.
  • Except for public resources, adopt a deny-by-default approach, meaning that access is only granted to specific resources and actions.
  • Implement access control mechanisms once and reuse them consistently throughout the application. Minimize the usage of Cross-Origin Resource Sharing (CORS).
  • Ensure that access controls enforce record ownership, rather than assuming that users can create, read, update, or delete any record.
  • Enforce unique application business limit requirements using domain models.
  • Disable web server directory listing and remove sensitive file metadata (e.g., .git) and backup files from web roots.
  • Log access control failures and alert administrators when appropriate, such as in cases of repeated failures.
  • Implement rate limiting on API and controller access to mitigate harm from automated attack tools.
  • Invalidate stateful session identifiers on the server after logout. If using stateless JWT tokens, ensure they have a short lifespan to minimize the attacker's window of opportunity. For longer-lived JWTs, it is highly recommended to follow the OAuth standards for token revocation and management.

  • By following these preventive measures, you can enhance the security of your application and mitigate the risk of Broken Access Control vulnerabilities. Regular security assessments and testing should also be conducted to identify and address any potential weaknesses in access control mechanisms.

  • It is crucial to prioritize security during the development process and ensure that access controls are implemented correctly and consistently. This includes ongoing monitoring and updates as new vulnerabilities and attack techniques emerge.

  • Remember, access control is a critical aspect of protecting sensitive information and preventing unauthorized access. By implementing robust access control measures, you can significantly reduce the risk of data breaches and unauthorized activities within your application.

Read more...

Friday, February 24, 2023

The importance of adding salt to hashing password

0 comments
Passwords are a vital part of online security, but storing them safely is a complex task. A common technique for storing passwords is called hashing, which involves transforming the password into an irreversible, fixed-length string of characters. This means that even if an attacker gains access to the password database, they can't easily retrieve the original passwords. However, hackers can still use sophisticated methods to try to guess passwords, such as by using precomputed tables of commonly used passwords.



To make password storage more secure, it's important to use a technique called salting. Salting involves adding a random string of characters to the password before it's hashed. This makes it much more difficult for attackers to use precomputed tables to guess passwords. Let's take a closer look at how salting works.

Imagine that Alice wants to create an account on a website. She chooses a password, "password123", and the website hashes it using the SHA-256 algorithm, resulting in the hash "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8". The website stores this hash in its database, and Alice can log in with her password whenever she wants.

However, if an attacker gains access to the website's database, they can easily see Alice's hashed password. They might also have a precomputed table of common passwords and their corresponding hashes. In this case, the attacker could quickly look up Alice's hashed password in the table and find out that her password is "password123".

Now let's consider what happens when the website uses salting. When Alice creates her account, the website generates a random string of characters, called a salt. Let's say the salt is "7dh84jdd". The website then concatenates the salt and the password, resulting in "7dh84jddpassword123". This combined string is then hashed using the SHA-256 algorithm, resulting in the hash "a63cfaeb018f07c033f1d7d29956dd2dcffcd9bc9f5d96f93827e8c7fca5f5b5". The website stores this salted hash in its database, along with the salt itself.

Now, if an attacker gains access to the website's database, they can see Alice's salted hash and the salt. However, they can't use a precomputed table to guess her password, because the hash includes the random salt. They would have to use a brute-force attack to try all possible combinations of salt and password, which is much more time-consuming.

In conclusion, adding salt to password hashing is a powerful technique for improving password security. By generating a random salt and concatenating it with the password before hashing, you can make it much more difficult for attackers to guess passwords using precomputed tables. This simple but effective technique can greatly enhance the security of your website or application.
Read more...

Protecting Passwords: The Importance of Hashing and Salting

0 comments


When it comes to computer security, one of the most important things you can do is to make sure that passwords are stored securely. One of the key ways to do this is by using a technique called hashing.

Hashing is a way to take a piece of data - in this case, a password - and run it through a mathematical algorithm to produce a fixed-size output that is unique to that input. This output is often referred to as a hash. Importantly, it's very difficult (if not impossible) to reverse engineer a hash to determine the original input. This means that if an attacker gains access to a database of password hashes, they won't be able to immediately determine the passwords themselves.

However, not all hashing algorithms are created equal. Some algorithms are more secure than others, and it's important to choose a strong one to protect your users' passwords. Some popular algorithms for password hashing include bcrypt, scrypt, and Argon2.

While hashing is a good first step for securing passwords, it's not enough on its own. If an attacker gains access to a database of password hashes, they can still use what's known as a "dictionary attack" or a "brute force attack" to try to guess the original passwords. To make this more difficult, it's important to add a technique called salting.

Salting involves adding a random string of characters to each password before it's hashed. This means that even if two users have the same password, their hashed passwords will look different in the database because they'll have different salts. This makes it much more difficult for attackers to use precomputed tables (known as "rainbow tables") to guess passwords.

In summary, hashing and salting are important techniques for securing passwords. Hashing allows you to store passwords in a way that is difficult to reverse engineer, while salting makes it more difficult for attackers to use precomputed tables to guess passwords. By combining these techniques, you can help keep your users' passwords secure.


Read more...

Tuesday, February 21, 2023

Artificial Intelligence: What It Is, What It Can Do, and Its Benefits

0 comments
Artificial Intelligence (AI) is a rapidly advancing field that promises to revolutionize the way humans interact with technology. AI is a broad subfield of computer science, concerned with building intelligent computer systems that can learn and adapt to changing conditions. It includes methods such as machine learning, natural language processing, and robotics.

An image generated by AI

 

At its core, AI is about making machines do things in ways that would normally require human intelligence. AI systems can be used to solve complex problems, recognize patterns, and understand natural language. AI systems are already being used in a wide range of applications, from healthcare to finance, and in many other industries.

One of the primary benefits of AI is its ability to automate tasks and reduce the amount of time and resources expended on them. This can free up resources and personnel to focus on more complex tasks and activities. AI can also provide insights into data-driven decisions, helping to identify trends and draw meaningful conclusions.

AI can also improve customer service. By using AI-powered customer support bots, businesses can respond quickly and accurately to customer inquiries. AI-driven chatbots can also be used to automate sales, making it easier for customers to find the right products and services.

AI can also be used to detect and diagnose diseases, analyze medical images, and recommend treatments. AI-based services are also being used to develop more accurate forecasts on weather, traffic, and other factors.

Overall, AI offers a wide range of potential applications and benefits. From automation and insights to customer support and better health outcomes, AI is set to revolutionize the way we interact with technology. With its increasing use in many sectors, AI is quickly becoming a key part of our lives.

Read more...

Latest Posts

Label tag

Page copy protected against web site content infringement by Copyscape
 
About Me
Info Tech provies IT tips, Applications, Blogger, Blog, Adsense ... Use Firefox to open this site!