2/n It serves as a common language, a measuring stick for security tools, and as a line for weakness identification, mitigation, and prevention efforts. The list includes more than 924 Common Weaknesses in Software & Hardware.
3/n There are multiple options available to look for a CWE such as:
- By Software Development
- By Hardware Design
- By Research Concepts
- External Mappings such as (CWE TOP 25, OWASP TOP 10, Software Fault Pattern Cluster and more)
4/n The CWE TOP 25 is a list of the top 25 most dangerous software weaknesses observed. These Weaknesses includes:
- Out-of-bounds Write
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
- Out-of-bounds Read
- Improper Input Validation
5/n - Improper Neutralization of Special Elements used in an OS Command (OS Command Injection)
- Improper Neutralization of Special Elements used in an SQL Command (SQL Injection)
- Use After Free
- Improper Limitation of a Pathname to a Restricted Directory (Path Traversal)
6/n - Cross-Site Request Forgery (CSRF)
- Unrestricted Upload of File with Dangerous Type
- Missing Authentication for Critical Function
- Integer Overflow or Wraparound
- Deserialization of Untrusted Data
- Improper Authentication
- NULL Pointer Dereference
7/n - Use of Hard-coded Credentials
- Improper Restriction of Operations within the Bounds of a Memory Buffer
- Missing Authorization
- Incorrect Default Permissions
- Exposure of Sensitive Information to an Unauthorized Actor
- Insufficiently Protected Credentials
n/n
- Incorrect Permission Assignment for Critical Resource
- Improper Restriction of XML External Entity Reference
- Server-Side Request Forgery (SSRF)
- Improper Neutralization of Special Elements used in a Command ('Command Injection')
The Out-of-bounds Write is a software security vulnerability that occurs when the data is written beyond the boundaries (i.e. past the end, before the beginning) of the intended buffer.
1/n
2/n This weakness is also listed in the CWE TOP 25 (2021). This has been given the CWE ID as CWE-787
- This vulnerability could result in buffer overflows, memory corruption, the crash of the software or even a code execution.
3/n As per the cwe.mitre.org, The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
Server-Side Template Injection (SSTI) vulnerabilities occur when user-supplied data is inserted into a template and insecurely evaluated as an expression by the template engine.
This may allow an attacker to trick the template engine into evaluating an expression that could allow an attacker to execute system commands or get a shell
To look for template injection vulnerability, it is essential to enumerate and know if the template engine is in use.
2/n
3/n If the application uses a template engine, the next thing is to know what language-based template injection is used and what all classes and methods are accessible that could be chained together to perform the desired action.
[2/n]
An account takeover usually refers to gaining persistent access to the victim user's account and performing all the authentication actions as a victim would be able to do. The severity of account takeover issues is usually considered between High to Critical.
[3/n]
However, it also depends upon the complexity and likelihood of the attack.
In general, the account takeover is not a "vulnerability class" itself but an impact result of a vulnerability.
Premium Features are not widely tested by the crowd due to the involvement of a purchase factor. However, the person who often invests in the premium account is less likely to go disappointed.
(1/n)🧵
Below is my methodology to test for the Premium features:
[Without Purchase] 1. Fuzzing the API endpoints to find out the endpoints that are accessible to premium users.
(2/n)
2. Comparing the difference in the freemium vs premium accounts and creating a threat map of functionalities available in the premium account to make sure if it's really worth an investment.
Many applications in iOS platform provides a functionality to enable touch/face ID to act as an added layer of protection to the application. However, it is possible to bypass this layer.
(1/n)
(2/n)
If the attack has "physical access" to the device, there are multiple options to bypass the checks, however, one of the simplest methods is to use "Objection".
Before, performing the attack ensure that the Frida is running. Also, the Objection must be installed.
(3/n)
# How to perform the attack:
1. Run the following command: objection --gadget <package_name_here> 2. In the objection run following command: ios ui biometrics_bypass