- Most Common Vulnerability: Injections
- API Vulnerabilities: Menacing and Growing
- Vulnerabilities in Content Management Systems (CMS): Attackers Focused on WordPress
- Server Technologies: PHP Vulnerabilities Fall
- Conclusion: Best Ways To Protect Your Apps and Data
- How Briskinfosec Can Help You?
- Curious To Read Our Case Studies?
- Last But Not The Least
- You May Be Interested In
There’s a saying, ”Change is the only thing that never changes!” Similarly, each and every year has a change when compared with the previous one. Well, if the changes are positive, then it’s glad to be welcomed. But if toxic, then it’s supposed to be barricaded.
But, unfortunately in cybersecurity, the ones (vulnerabilities) that should be descending are only ascending. Security advancements are indeed stunning but fail to be on the winning side against security vulnerabilities, with the below facts testifying it.
- The vulnerabilities in 2018 are 23% higher when compared to 2017.
- The 2017 vulnerabilities are 162% higher when compared to 2016.
- More than 55% of the web application vulnerabilities still have open exploits.
- More than 30% of the web application vulnerabilities don’t have a solution nor patch yet!
Most Common Vulnerability: Injections
Usually, injection is a word towards which infants show huge resent. But, of late, it’s even petrifying the teens and the elderly. The reason is, the word injection which was once used as a remedy is now being used to create tragedy in security.
About, 19% of the total vulnerabilities in 2018 have occurred due to Injection attacks. There are various kinds of Injection based attacks. Few of the significant ones are
- SQL Injection
- XSS (Cross-Site Scripting)
- XML Injection
- Host Header Injection
- CRLF (Carriage Return Line Feed) Injection
Despite all these injection attack occurrences, SQL injection is the widely popular one. Now, let’s have a quick outlook on what it is.
Plain explanation of SQL Injection Vulnerability:
Just have a quick dream like: You’re owing a completely automated car that does all it’s processes based on the commands of it’s owner through a standard web form. It may be like:
Travel over "this route" and "the restaurant to be stopped for eating" if so "at what time to be stopped?".
For this query, the response nor the populated form may be like:
Travel over the GT bridge and stop at hotel Savera for eating at 2.00 P.M in the afternoon.
Well, the values in bold are the one’s stated by the owner. Just envision a situation when an intruder tampers the inputs like:
Travel over the GT bridge and crash the hotel gate of Savera at 2.00 P.M in the afternoon.
Since, your car is automated, it parses the commands and crashes the Savera hotel gate instead of stopping there. It can’t distinguish between malign and benign ones.
This is the exact concept of SQL Injection. Hackers can inflict malicious codes in to the server and can make everything to go haywire. To know how it’s practically done, kindly check it out over here.
XSS (Cross-Site Scripting):
XSS is another scripting injection attack that makes its name consistently in the OWASP top 10 vulnerabilities list. Now, let me explain you the concept of SOP in order to help you understand XSS better.
SOP denotes Same Origin Policy. This function blocks a web application to take content from other different websites. To explain in a more simplified manner, www.yyy.com can access contents from www.yyy.com/fashionsecrets whereas www.yyy.com cannot access contents from www.bbb.com/fashionsecrets. This is one of the significant security principles of web browser.
XSS is a method of deceiving the SOP concept in flawed applications. Just imagine that someone sends random HTML codes; they aren’t sanitized and get reflected on the page. Then, an intruder can also send his own HTML codes which will also be reflected on the user interface page as it’s also the same type of HTML codes. Through this, the intruder can catch sight of the important data in the website and can even manipulate it to his/her own advantage.
To know more about it, kindly check it out over here.
XML Injection Attacks:
It’s an another type of injection attack. Here, the attacker uses an XML query against a vulnerable target and tries to gain access to its sensitive files. If successful in this attempt, then the server/database can be compromised and sensitive files could be at risk.
To know further, kindly check it out over here.
Host Header Attack:
This is also an another type of injection attack.
The host header problem arises when a webserver hosts several websites on the same IP address. This leads to a doubt like which website should accept the incoming request first? Think what would happen if an intruder specifies a malicious host header?
The default configuration of most of the webservers is done like, they send the unidentifiable request to the very first virtual host in the list. If it’s illegitimate and if the virtual host without verifying and sanitizing accepts it, then its server can be compromised. This is one hell of a threat that’s shown steady rise in the recent years. To know more, kindly check it out over here.
CRLF Injection Attack:
CRLF stands for Carriage Return Line Feed.
Whenever we send a request to the server, it responds back to the browser. The HTTPS response that we get is distinguished into two special characters as CR and LF. CR refers to Carriage Return and LF refers to the Line Feed. CR and LF have an ASCII (American Standard Code of Information Interchange) value of 13 and 10 respectively. CR is denoted as \r and LF is denoted as \n. Together, it’s called as CRLF. This attack is possible to happen if an intruder inflicts malicious CRLF characters into a vulnerable web server. Also, this injection attack is like a gateway for many other attacks to penetrate.
This attack is primarily utilized for log poisoning and HTTP response splitting.
Log poisoning – Here, the intruder impersonates the malign log entries as benign ones. This is done in order to deceive the user and make them to click it.
HTTP response splitting - Here, the HTTP response is added with the HTTP headers through CRLF injection in order to execute other injection attacks.
To know more, kindly check out over here.
API Vulnerabilities: Menacing And Growing
Many applications use API to process their request and get their response. Many businesses widely use API. Probably, that’s also the reason why API (Application Programming Interface) vulnerabilities are being more prevalent these days. Few of the highly happening vulnerabilities in API are
MITM: It stands for Man-In-The-Middle attack. Here, as the name suggests, the middle person (intruder) tries to spoof the communication between the sender and receiver. Best possible mitigation for this is to use HTTPS protocol powered by SSL/TLS certificates.
SQL stands for Structured Query Language. This is an injection attack wherein an attacker injects some malicious codes into the legal ones, and the server executing it. Best way to remain protected against this is to use anti-SQL commands or by using ORM’s Hibernate software.
DDoS stands for Distributed Denial of Service attack. It’s an upgradation of DoS (Denial of Service) attack. Here, the attacker sends continuous requests from different locations to the same server in order to deface or crash it. Best way to remain safe against this attack is to blacklist the unwanted IP’s. IP whitelisting also helps.
IP whitelisting is a process that has a list of IP’s which the API is supposed to process. This security deed helps the API to stay away from processing suspicious domains.
Restricting Super User Privileges:
This security feature helps the employees to maintain normal and proper privileges instead of super user privilege. This, in turn, helps the API to process normal requests and prevents it from becoming inundated with the excessive processing works. This implementation helps to escape from Dos and DDoS attacks.
Higher the need, higher is the threat around it. Similarly, API usage has been increasing every year and so are the threats in it. In 2018, these vulnerabilities have increased by 23% when compared to 2017. Above all, a proper API security assessment is mandatory in order to keep it secured. To know further, kindly check out over here.
Vulnerabilities In Content Management Systems (CMS): Attackers Focused On WordPress
The most famous CMS is WordPress. About 55% of all the websites are built and developed with WordPress. But, one astonishing factor is that WordPress has also registered the highest number of vulnerabilities, with 30% increase from 2017. According to the WordPress official site, the current collection of plugins is 55,271. Due to the familiarity of WordPress, Joomla and Drupal in CMS, more hackers are striving to find loopholes in order to launch malicious codes and breach countless websites that’re developed through it.
Now, let’s have a quick outlook at couple of the biggest vulnerabilities in CMS platform:
XSS (Cross-Site Scripting) Vulnerabilities:
Open Source CMS like Drupal and WordPress are highly prone to such kind of vulnerabilities. The key factor is because of their dominant usage in the client-side. Also, due to the growing number of third-party CMS plugins, XSS attack is for sure, one of the biggest threats to CMS.
Remote Code Execution Vulnerabilities:
What would happen if an attacker detects a vulnerable CMS platform and launches some malicious codes in it? Then, think further about the websites that are developed through it? Well, the attacker could plant a backdoor though remote or local access and easily compromise the information in websites; if it happens, the consequences are imaginable.
Drupal CMS Vulnerabilities:
Drupal is the third most popular Content Management System. Two major vulnerabilities named as Drupalgeddon2 (CVE-2018-7600) and Drupalgeddon3 (CVE-2018-7602) that were lurking in Drupal, led to the security breaches in countless number of web servers in 2018. These vulnerabilities facilitated the intruder to remotely shove illegitimate codes and execute it on the common Drupal installations. It was patched, however. To know more related stuff, kindly check out over here.
Server Technologies: PHP Vulnerabilities Fall
One of the most popular programming languages for developing/building a website or web application is PHP. PHP platform has been under threat due to flaws like:
Source Code Revelation: What happens when an intruder gains access to the source code of an application? Well, the impacts can be visualized. Hence to prevent them, DevSecOps (Security in the development phase itself) should be implemented rather than DevOps (Development without implementing security).
RFI stands for Remote File Inclusion. This is about some remote files getting infiltrated into your codes. You may ask, what’s the big deal in it? But, what if the penetrated codes are rogue ones? Well, then it’s really a huge deal right? Yes, absolutely it is!
Fortunately, fixing this isn’t tedious. You need to open your php.ini and checkout the settings on the below:
- allow_url_fopen – Tells if the outer files can be stored. Generally, it’s ‘on’ but you must switch it to ‘off’.
- allow_url_include – Tells if the include(), require(), include_once(), and require_once() functions can allow remote files. Usually sets this off, and setting allow_url_fopen off keeps this off too.
Whenever a session is set up between a client and server, PHP stores the session ID as cookies that’s like PHPSESSID. What is the case when someone steals the cookie key? Is it worrisome?
Well, if some important session is ongoing like your entering your bank credentials (account number, CVV number and OTP to verify) and at that moment if the session ID is captured, then there’s nothing more disastrous than that for you. It’s because the entire money in your account could be hijacked and within a snap, you’d become a pauper.
To prevent this, maintain your session ID in a place where your own scripts alone can access.
Other significant flaws/vulnerabilities in PHP are SQL injection, XSS, CSRF that’re briefed above.
Conclusion: Best Ways To Protect Your Apps and Data
Well, all these security vulnerabilities must be undoubtedly annihilated. But, is there a panacea for it. Honestly and sadly, No!
Security is always an ever-broadening horizon and hence, you must be learning every day. Here are some of the useful tips which developers, security folks and organizations should follow in order to remain on the shore that saves you against the tide of cyberthreats.
- Must practice DevSecOps instead of DevOps.
- Must practice SSDLC (Secure Software Development Life Cycle) instead of SDLC (Software Development Life Cycle).
- Must properly research on the daily updates.
For Security Folks:
- Shouldn’t entirely rely on automated tools. Must also verify the results with manual scanning techniques in order to eliminate the false positives and get better accuracy.
- Should learn consistently on how to do better security assessments.
- Should do R&D (Research and Development) on a daily basis.
- Should regularly conduct security awareness programs (especially on phishing attacks).
- Practical demonstration of the various threat vector entries should be given.
- Provide all sectors, the respective frameworks and explain the policies to be maintained rightly.
How Briskinfosec Can Help You?
All the above mitigation suggestions for the respective threats are good. But, how to identify if the vulnerabilities are truly eliminated from your security environment? Well, a proper and complete security assessment on all your attack surfaces needs to be done. We, Briskinfosec, have an expert team of security professionals for providing the finest security quality that’s there in the security market. We’ve earned our name in the “India Book of Records” and also are listed as “One among the Top 20 most promising cybersecurity providers.” Apart from automated and manual assessments, we also use our indigenous tools which provides the additional layer of security for your applications. To know more, kindly reach us out.
Curious To Read Our Case Studies?
To know the distinctive strategies behind a proper security assessment, it’s not compulsory for you to spend time and money, begging top security professionals and companies to tell you. It’s enough if you get a rough idea on what it is and how to do. To do so, check out our case studies. They contain the successful security assessment strategies executed by our security folks to eliminate the distinguished vulnerabilities in different sectors. Just read them to know it!
Last But Not The Least:
It takes years to build a dignified reputation but just a few seconds to destroy it. The destroyers here are the cyberattacks. You know how important it is to keep all your data safe in these times of cybercrimes. If not, the sufferings of various victims would emphasize it. In order to stay cautious, just read our monthly Threatsploit Adversary Report. It’s a single report that contains the various attack vectors, the impacts they’ve caused, the assets companies lost and much more on a monthly basis. Even the best cure’s to stay safe against them are given. Just check it out.