Harsh Bothra Profile picture
Mar 28 9 tweets 2 min read
#SecurityExplained S-87: CWE Top 25: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

The product makes sensitive information available to someone who isn't explicitly permitted to access it.

1/n
2/n

CWE-200 arises when confidential information (e.g., application systems and network information, user-supplied data such as names email addresses) is made available to individuals who are not authorized to see it.
3/n

This flaw could be the outcome of various issues involving the disclosure of sensitive information.

When the following conditions exist, the information is considered sensitive:
4/n

It is sensitive within the product's operations (e.g., information with restricted access, private messages, etc.)

It includes information about the product, its environment, or connected systems that the application is not supposed to reveal.
5/n

The application relies on sensitive information-containing resources (e.g., databases) and inadvertently reveals how an unauthorized person could access such resources.

# Example:

This code tries to connect to a database and prints any errors it encounters.
6/n
If an error occurs, the reported message reveals the location of the script's configuration file. An attacker can use this information to target the configuration file. If the attacker can read the file, they will access the database's credentials.
7/n

# Mitigations:
The fundamental strategy for protecting sensitive data is to use secure storage and access techniques. However, information assets must first be identified to identify what should be secured and how it should be protected.
8/n
Divide the system into "safe" zones where clear trust lines can be drawn. Allowing sensitive data to leave the trust boundary is not a good idea, and always be cautious when interacting with a division outside of the secure zone.
n/n

Never keep/store log files with world-readable permissions;

Architects and designers should utilize the principle of least privilege to determine whether privileges should be used and when they should be discarded.

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Harsh Bothra

Harsh Bothra Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @harshbothra_

Mar 28
9 Free Practice Labs to Master Cross-Site Scripting
1/

1. PortSwigger XSS Labs
portswigger.net/web-security/c…
2/

2. Google XSS Game

xss-game.appspot.com
Read 11 tweets
Mar 27
#SecurityExplained S-86: Vulnerable Code - 65

This code is vulnerable to NoSQL Injection attack.

User-provided data such as URL parameters and POST body content should always be considered untrusted and tainted.

1/n
2/n
Applications that perform NoSQL operations based on tainted data can be exploited similarly to regular SQL injection bugs. Depending on the code, the same risks exist as with SQL injections: The attacker aims to access sensitive information or compromise data integrity.
3/n
Attacks may involve the injection of query operators, JavaScript code, or string operations. This problem can be mitigated by using an Object Document Mapper (ODM) library or by validating user-supplied data based on its size or allowed characters.
Read 4 tweets
Mar 26
#SecurityExplained S-85: Vulnerable Code - 64

This code is vulnerable to Insecure Deserialization Attack.

User-provided data such as URL parameters, POST data payloads or cookies should always be considered untrusted and tainted.

1/n
2/n
Deserialization based on data supplied by the user could result in two types of attacks:

Remote code execution attacks, where the structure of the serialized data is changed to modify the behavior of the object being unserialized.
3/n
Parameter tampering attacks, where data is modified to escalate privileges or change for example quantity or price of products.
The best way to protect against deserialization attacks is probably to challenge the use of the deserialization mechanism in the application.
Read 7 tweets
Mar 21
7 Cyber Security Conferences Channel You Must Follow

🧵
2/

2. DEFCON Conference

youtube.com/user/DEFCONCon…
Read 9 tweets
Mar 14
17 Search Engines every Security Professional Must Know

🧵
1/

1. Shodan - Search Engine for the Internet of Everything

shodan.io
2/

2. Censys Search

search.censys.io
Read 18 tweets
Mar 13
#SecurityExplained S-72: Vulnerable Code - 51

This code is vulnerable to SQL Injection attacks.
User-provided data, such as URL parameters, should always be considered untrusted and tainted.

1/n
2/n
Constructing SQL queries directly from tainted data enables attackers to inject specially crafted values that change the initial meaning of the query itself. Successful database query injection attacks can read, modify, or delete sensitive information from the database ...
3/n
...and sometimes even shut it down or execute arbitrary operating system commands. The solution is to use prepared statements and to bind variables to SQL query parameters with dedicated methods like bindParam, which ensures that user-provided data will be properly escaped.
Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(