Showing posts with label IT TIPS. Show all posts
Showing posts with label IT TIPS. Show all posts

Monday, May 15, 2023

Application Security Risk - Broken Access Control

0 comments
Broken Access Control refers to vulnerabilities that allow unauthorized actors to gain access to sensitive information or perform actions they are not supposed to. This can be categorized into several common weaknesses:CWE-200: Exposure of Sensitive Information to an Unauthorized Actor




CWE-201: Insertion of Sensitive Information Into Sent Data
CWE-352: Cross-Site Request Forgery

  • Common causes of Broken Access Control include:Violation of the principle of least privilege or deny by default. This means that access should only be granted to specific capabilities, roles, or users, but it is instead available to anyone.
  • Bypassing access control checks by modifying the URL (parameter tampering or force browsing), internal application state, HTML pages, or by using attack tools to modify API requests.
  • Allowing the viewing or editing of someone else's account by providing its unique identifier (insecure direct object references).
  • Accessing APIs without proper access controls for POST, PUT, and DELETE operations.
  • Elevation of privilege, such as acting as a user without being logged in or acting as an admin when logged in as a regular user.
  • Manipulation of metadata, like replaying or tampering with access control tokens such as JSON Web Tokens (JWTs), cookies, or hidden fields to elevate privileges or abuse JWT invalidation.
  • Misconfiguration of Cross-Origin Resource Sharing (CORS), which allows unauthorized or untrusted origins to access APIs.
  • Force browsing to authenticated pages as an unauthenticated user or accessing privileged pages as a standard user.

Here are two scenarios that illustrate Broken Access Control vulnerabilities:

Scenario #1: The application uses unverified data in a SQL call that accesses account information:
java
pstmt.setString(1, request.getParameter("acct")); ResultSet results = pstmt.executeQuery();


An attacker can simply modify the browser's 'acct' parameter to send any account number they want. If this input is not properly verified, the attacker can access any user's account by manipulating the URL:
arduino
https://example.com/app/accountInfo?acct=notmyacct
Scenario #2: An attacker can force browse to target URLs that should be restricted to certain user roles. For example, access to the admin page requires admin rights:
ruby
https://example.com/app/getappInfo https://example.com/app/admin_getappInfo


If an unauthenticated user can access either of these pages, it indicates a flaw. Similarly, if a non-admin user can access the admin page, it is also a security vulnerability.

Prevention Measures:

  • To prevent Broken Access Control vulnerabilities, follow these best practices:Implement access control mechanisms in trusted server-side code or serverless APIs, where attackers cannot modify the access control check or metadata.
  • Except for public resources, adopt a deny-by-default approach, meaning that access is only granted to specific resources and actions.
  • Implement access control mechanisms once and reuse them consistently throughout the application. Minimize the usage of Cross-Origin Resource Sharing (CORS).
  • Ensure that access controls enforce record ownership, rather than assuming that users can create, read, update, or delete any record.
  • Enforce unique application business limit requirements using domain models.
  • Disable web server directory listing and remove sensitive file metadata (e.g., .git) and backup files from web roots.
  • Log access control failures and alert administrators when appropriate, such as in cases of repeated failures.
  • Implement rate limiting on API and controller access to mitigate harm from automated attack tools.
  • Invalidate stateful session identifiers on the server after logout. If using stateless JWT tokens, ensure they have a short lifespan to minimize the attacker's window of opportunity. For longer-lived JWTs, it is highly recommended to follow the OAuth standards for token revocation and management.

  • By following these preventive measures, you can enhance the security of your application and mitigate the risk of Broken Access Control vulnerabilities. Regular security assessments and testing should also be conducted to identify and address any potential weaknesses in access control mechanisms.

  • It is crucial to prioritize security during the development process and ensure that access controls are implemented correctly and consistently. This includes ongoing monitoring and updates as new vulnerabilities and attack techniques emerge.

  • Remember, access control is a critical aspect of protecting sensitive information and preventing unauthorized access. By implementing robust access control measures, you can significantly reduce the risk of data breaches and unauthorized activities within your application.

Read more...

Monday, March 20, 2023

How to drive more traffic to your website

0 comments
Improving traffic for a website can be a complex and ongoing process that involves many different elements. Here are some tips that can help you get started:

  1. Optimize your website for search engines: Make sure your website is optimized for search engines by using relevant keywords in your content, optimizing your title tags and meta descriptions, and ensuring that your website is easy to navigate and user-friendly.
  2. Create high-quality content: Create high-quality content that is valuable and relevant to your target audience. This will not only help improve your search engine rankings but also increase the likelihood that people will share your content and visit your website.
  3. Use social media: Use social media to promote your website and share your content. This can help you reach a wider audience and drive more traffic to your website.
  4. Build backlinks: Build backlinks to your website by creating high-quality content that other websites will want to link to. You can also reach out to other websites in your industry and ask for backlinks.
  5. Use paid advertising: Use paid advertising such as Google Ads or social media ads to drive targeted traffic to your website.
  6. Optimize for mobile: Optimize your website for mobile devices to ensure that it is accessible and easy to use for people who are browsing on their smartphones or tablets.
  7. Analyze your traffic: Use tools like Google Analytics to track your website traffic and identify areas where you can improve. This will help you make data-driven decisions and optimize your website for maximum traffic.

Read more...

Friday, February 24, 2023

Argon2 - a popular algorithm for password hashing

0 comments
The best algorithm for password hashing depends on several factors, including the specific use case, the desired level of security, and the available hardware resources. However, there are some widely accepted best practices in the security community.



One popular algorithm for password hashing is Argon2, which won the Password Hashing Competition in 2015. Argon2 is designed to be memory-hard, which means that it requires a lot of memory to compute, making it more difficult for attackers to use specialized hardware to crack passwords. It also supports both salt and multiple iterations, which further increase security.

Here is an example of how to use Argon2 in Python:

python
import argon2 # Generate a salt salt = argon2.low_level.generate_salt() # Hash a password password = "password123" hash = argon2.hash_password(password, salt) # Verify a password if argon2.verify_password(hash, password): print("Password is correct!") else: print("Password is incorrect.")


This code uses the argon2 library to generate a random salt and hash a password using Argon2. The hash_password() function takes the password and salt as inputs and returns a string representing the hashed password. The verify_password() function takes the hash and a plaintext password as inputs and returns True if the password is correct, or False if it's incorrect.

It's important to note that hashing passwords is just one part of a comprehensive password security strategy. It's also important to use strong, unique passwords, to educate users on password best practices, and to use other security measures such as multi-factor authentication.

Read more...

The importance of adding salt to hashing password

0 comments
Passwords are a vital part of online security, but storing them safely is a complex task. A common technique for storing passwords is called hashing, which involves transforming the password into an irreversible, fixed-length string of characters. This means that even if an attacker gains access to the password database, they can't easily retrieve the original passwords. However, hackers can still use sophisticated methods to try to guess passwords, such as by using precomputed tables of commonly used passwords.



To make password storage more secure, it's important to use a technique called salting. Salting involves adding a random string of characters to the password before it's hashed. This makes it much more difficult for attackers to use precomputed tables to guess passwords. Let's take a closer look at how salting works.

Imagine that Alice wants to create an account on a website. She chooses a password, "password123", and the website hashes it using the SHA-256 algorithm, resulting in the hash "5e884898da28047151d0e56f8dc6292773603d0d6aabbdd62a11ef721d1542d8". The website stores this hash in its database, and Alice can log in with her password whenever she wants.

However, if an attacker gains access to the website's database, they can easily see Alice's hashed password. They might also have a precomputed table of common passwords and their corresponding hashes. In this case, the attacker could quickly look up Alice's hashed password in the table and find out that her password is "password123".

Now let's consider what happens when the website uses salting. When Alice creates her account, the website generates a random string of characters, called a salt. Let's say the salt is "7dh84jdd". The website then concatenates the salt and the password, resulting in "7dh84jddpassword123". This combined string is then hashed using the SHA-256 algorithm, resulting in the hash "a63cfaeb018f07c033f1d7d29956dd2dcffcd9bc9f5d96f93827e8c7fca5f5b5". The website stores this salted hash in its database, along with the salt itself.

Now, if an attacker gains access to the website's database, they can see Alice's salted hash and the salt. However, they can't use a precomputed table to guess her password, because the hash includes the random salt. They would have to use a brute-force attack to try all possible combinations of salt and password, which is much more time-consuming.

In conclusion, adding salt to password hashing is a powerful technique for improving password security. By generating a random salt and concatenating it with the password before hashing, you can make it much more difficult for attackers to guess passwords using precomputed tables. This simple but effective technique can greatly enhance the security of your website or application.
Read more...

Protecting Passwords: The Importance of Hashing and Salting

0 comments


When it comes to computer security, one of the most important things you can do is to make sure that passwords are stored securely. One of the key ways to do this is by using a technique called hashing.

Hashing is a way to take a piece of data - in this case, a password - and run it through a mathematical algorithm to produce a fixed-size output that is unique to that input. This output is often referred to as a hash. Importantly, it's very difficult (if not impossible) to reverse engineer a hash to determine the original input. This means that if an attacker gains access to a database of password hashes, they won't be able to immediately determine the passwords themselves.

However, not all hashing algorithms are created equal. Some algorithms are more secure than others, and it's important to choose a strong one to protect your users' passwords. Some popular algorithms for password hashing include bcrypt, scrypt, and Argon2.

While hashing is a good first step for securing passwords, it's not enough on its own. If an attacker gains access to a database of password hashes, they can still use what's known as a "dictionary attack" or a "brute force attack" to try to guess the original passwords. To make this more difficult, it's important to add a technique called salting.

Salting involves adding a random string of characters to each password before it's hashed. This means that even if two users have the same password, their hashed passwords will look different in the database because they'll have different salts. This makes it much more difficult for attackers to use precomputed tables (known as "rainbow tables") to guess passwords.

In summary, hashing and salting are important techniques for securing passwords. Hashing allows you to store passwords in a way that is difficult to reverse engineer, while salting makes it more difficult for attackers to use precomputed tables to guess passwords. By combining these techniques, you can help keep your users' passwords secure.


Read more...

Latest Posts

Label tag

Page copy protected against web site content infringement by Copyscape
 
About Me
Info Tech provies IT tips, Applications, Blogger, Blog, Adsense ... Use Firefox to open this site!