Harsh Bothra Profile picture
Mar 13 4 tweets 1 min read
#SecurityExplained S-72: Vulnerable Code - 51

This code is vulnerable to SQL Injection attacks.
User-provided data, such as URL parameters, should always be considered untrusted and tainted.

1/n
2/n
Constructing SQL queries directly from tainted data enables attackers to inject specially crafted values that change the initial meaning of the query itself. Successful database query injection attacks can read, modify, or delete sensitive information from the database ...
3/n
...and sometimes even shut it down or execute arbitrary operating system commands. The solution is to use prepared statements and to bind variables to SQL query parameters with dedicated methods like bindParam, which ensures that user-provided data will be properly escaped.
n/n

Another solution is to validate every parameter used to build the query. This can be achieved by transforming string values to primitive types or by validating them against a white list of accepted values.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Harsh Bothra

Harsh Bothra Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @harshbothra_

Mar 14
17 Search Engines every Security Professional Must Know

🧵
1/

1. Shodan - Search Engine for the Internet of Everything

shodan.io
2/

2. Censys Search

search.censys.io
Read 18 tweets
Mar 5
4 Subdomain Enumeration Tools you must have in your Arsenal 💻

🧵
Read 6 tweets
Mar 4
#SecurityExplained S-63: CWE - 20: Improper Input Validation [CWE Top 25]

The product/program does not validate or validate poorly or input that can disrupt a program's control flow or data flow.

1/N 🧵
2/N

When software fails to properly validate input, an attacker can construct it in a way that the rest of the application does not expect. As a result, components of the system may receive unwanted input, resulting in a change in control flow or even arbitrary code execution.
3/N
The flaw appears during the Architecture and Design, as well as the implementation stages.

It allows to:
- Cause the Program to Stop
- Set Arbitrary Command Execution
- Cause Excessive Expenditure of Resources
- Read and Compromise Personal Information
Read 11 tweets
Mar 3
7 Hacking Books you must read.

🧵
1/

1. Web Application Hackers Handbook

amazon.in/Web-Applicatio…
2/

2. Real-World Bug Hunting

amazon.in/Real-World-Bug…
Read 8 tweets
Mar 2
#SecurityExplained S-61: CWE-787: Out-of-bounds Write

The Out-of-bounds Write is a software security vulnerability that occurs when the data is written beyond the boundaries (i.e. past the end, before the beginning) of the intended buffer.

1/n
2/n
This weakness is also listed in the CWE TOP 25 (2021). This has been given the CWE ID as CWE-787

- This vulnerability could result in buffer overflows, memory corruption, the crash of the software or even a code execution.
3/n
As per the cwe.mitre.org, The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.
Read 9 tweets
Mar 1
#SecurityExplained S-60: Introduction to CWE

According to the official description, the CWE™ (Common Weakness Enumeration) is a community-developed list of software and hardware weakness types.

[1/n🧵]

#AppSec #infosec #websecurity #cybersecurity #bugbountytips #Pentesting
2/n
It serves as a common language, a measuring stick for security tools, and as a line for weakness identification, mitigation, and prevention efforts. The list includes more than 924 Common Weaknesses in Software & Hardware.
3/n
There are multiple options available to look for a CWE such as:
- By Software Development
- By Hardware Design
- By Research Concepts
- External Mappings such as (CWE TOP 25, OWASP TOP 10, Software Fault Pattern Cluster and more)
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(