Harsh Bothra Profile picture
Mar 30 8 tweets 2 min read
#SecurityExplained S-89: CWE Top 25: CWE-522: Insufficiently Protected Credentials

The product transfers or saves authentication credentials, but it does so improperly that it can be intercepted or retrieved by unauthorized individuals.

1/n
2/n

This flaw relates to an architectural security approach that has been misdesigned. Another form of credential attack uses flaws in how passwords are encoded, saved, and handled by a web application, network, or software system.
3/n

Risky development practices, such as storing passwords in insecure locations, storing credentials in plaintext, storing user passwords using poor or reproducible cryptographic techniques, or using hard-coded credentials, generate vulnerabilities....
4/n
...that can be exploited to recover clients' credentials which can then be used to attack applications and other apps the user logs into.

# Example

The code below reads a password from a properties file and connects to a database using that password.

Example Language: Java
5/n

This code will run, but anyone with access to config(.)properties will be able to read the password value. If a malicious employee has access to this data, they can use it to hack the system.
6/n

# Potential Impact:
An attacker could access user accounts and sensitive data stored within them.

# Mitigation:

To secure the credentials, use an appropriate security mechanism.
7/n
Creating a firm password policy in your organization, such as prohibiting the use of passwords found in recent data breaches or well-known weak passwords, or encouraging the use of long, randomly generated passwords in conjunction with password managers, to improve security.
n/n
• To protect the credentials, make proper use of cryptography.
• To secure credentials, follow industry best practices (e.g. LDAP, Keystore, etc.)

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Harsh Bothra

Harsh Bothra Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @harshbothra_

Mar 30
11 MindMaps I have created that you may find useful!

🧵
1/

1. XML Attacks

xmind.net/m/xNEY9b/
2/

2. Account Takeover Techniques

xmind.net/m/M3WEqG/
Read 13 tweets
Mar 29
#SecurityExplained S-88: CWE Top 25: CWE-732: Incorrect Permission Assignment for Critical Resource

The product defines permissions for a security-critical resource so that unwanted actors can read or modify it.

1/n
2/n
When a resource's permissions are set to allow access to a broader range of actors than is required, sensitive information may be exposed, or undesired parties may modify the resource.
3/n

This is very risky when the resource is tied to program configuration, execution, or sensitive user data.
Read 15 tweets
Mar 28
9 Free Practice Labs to Master Cross-Site Scripting
1/

1. PortSwigger XSS Labs
portswigger.net/web-security/c…
2/

2. Google XSS Game

xss-game.appspot.com
Read 12 tweets
Mar 28
#SecurityExplained S-87: CWE Top 25: CWE-200: Exposure of Sensitive Information to an Unauthorized Actor

The product makes sensitive information available to someone who isn't explicitly permitted to access it.

1/n
2/n

CWE-200 arises when confidential information (e.g., application systems and network information, user-supplied data such as names email addresses) is made available to individuals who are not authorized to see it.
3/n

This flaw could be the outcome of various issues involving the disclosure of sensitive information.

When the following conditions exist, the information is considered sensitive:
Read 9 tweets
Mar 27
#SecurityExplained S-86: Vulnerable Code - 65

This code is vulnerable to NoSQL Injection attack.

User-provided data such as URL parameters and POST body content should always be considered untrusted and tainted.

1/n
2/n
Applications that perform NoSQL operations based on tainted data can be exploited similarly to regular SQL injection bugs. Depending on the code, the same risks exist as with SQL injections: The attacker aims to access sensitive information or compromise data integrity.
3/n
Attacks may involve the injection of query operators, JavaScript code, or string operations. This problem can be mitigated by using an Object Document Mapper (ODM) library or by validating user-supplied data based on its size or allowed characters.
Read 4 tweets
Mar 26
#SecurityExplained S-85: Vulnerable Code - 64

This code is vulnerable to Insecure Deserialization Attack.

User-provided data such as URL parameters, POST data payloads or cookies should always be considered untrusted and tainted.

1/n
2/n
Deserialization based on data supplied by the user could result in two types of attacks:

Remote code execution attacks, where the structure of the serialized data is changed to modify the behavior of the object being unserialized.
3/n
Parameter tampering attacks, where data is modified to escalate privileges or change for example quantity or price of products.
The best way to protect against deserialization attacks is probably to challenge the use of the deserialization mechanism in the application.
Read 7 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us on Twitter!

:(