#SecurityExplained S-100: CWE Top 25:
CWE-306: Missing Authentication for Critical Function
The software does not perform any authentication for functionality that requires a verified user identification or uses a considerable number of resources.
1/n
2/n
This vulnerability is frequently introduced during the architecture and design phase of the application development process.
3/n
A critical vulnerability in the online interface of McAfee Advanced Threat Defense is a real-world example of such a problem (CVE-2017-4052).
4/n
The flaw allows an unauthenticated, remote attacker to change configuration settings or obtain administrative access to the affected application by sending a specially crafted HTTP request.
5/n
This language-independent issue, missing authentication for crucial functions, can occur in any multiuser environment.
6/n # Potential Impact:
• The impact of this vulnerability might range from information leakage to complete application compromise, depending on the disclosed functionality and application capabilities.
7/n
• An attacker has access to the functionality's privilege level by exposing crucial functionality. The consequences will vary depending on the functionality involved.
8/n
Still, they could include reading or altering sensitive data, gaining access to administrative or other privileged functions, or even executing arbitrary code.
9/n
# Mitigation:
• Separate the software into four sections: anonymous, regular, privileged, and administrative. Determine which of these locations requires a verified user identity and implement a centralised authentication solution.
10/n
• Determine the application's user roles and access permissions.
• Avoid writing custom authentication routines whenever possible and instead rely on the authentication features given by the framework, operating system, or environment.
n/n
• Use a well-tested library or framework to prevent this flaw from arising or provide constructs that make it easy to avoid.
• Consider using libraries that support authentication, such as OpenSSL or the ESAPI Authenticator.
• • •
Missing some Tweet in this thread? You can try to
force a refresh
#SecurityExplained S-101: CWE Top 25:
CWE-434: Unrestricted Upload of File with Dangerous Type
The software allows an attacker to upload or transfer harmful data that can be processed automatically within the product's environment.
1/
2/
This flaw could affect any software that allows users to upload files.
The arbitrary file upload weakness concerns improper or missing file type validation when uploading files.
3/
This flaw happens when an application fails to validate or verifies files incorrectly before uploading them to the system. This flaw is language independent. However, it is most common in ASP and PHP-based apps.
#SecurityExplained S-99: CWE Top 25:
CWE-190: Integer Overflow or Wraparound
🧵
1/
When the logic thinks that the final value will always be more significant than the original value, the software runs a calculation that can result in an integer overflow or wraparound.
2/
When the calculation is utilized for resource management or execution control, this can introduce other flaws.
#SecurityExplained S-91: CWE Top 25:
CWE-611: Improper Restriction of XML External Entity Reference
1/n
2/n
When an application executes an XML document that contains entities pointing to external URIs, CWE-611 vulnerabilities can occur.
3/n
These URIs resolve to assets outside the application's control, resulting in potentially dangerous execution of activities prescribed by the external assets.
#SecurityExplained S-90: CWE Top 25: CWE-918: Server-Side Request Forgery (SSRF)
The web server receives a URL or similar request from an upstream component and obtains its contents, but it does not check that the request is routed to the correct destination.
1/n
2/n
Malicious parties can use CWE-918, also known as server-side request forgeries (SSRF), to trick a server into making requests to obtain access to internal infrastructure, sensitive data, and more.
3/n
The use of URLs helps identify the attack surface for SSRF. Although sanitization and allow lists are two more effective techniques available, they can be challenging to manage.