Web App Vulnerabilities

coder7475

coder7475

Posted on August 19, 2024

Web App Vulnerabilities

Introduction

  • Average cost of data breach in 2020 is $2.86 million, global cyber crime $6 trillion

  • 90% of webapp is vulnerable to hacking & 68% are vulnerable to breach of sensitive data in 2020

  • As of 2023, the average cost of a data breach in the United States amounted to 9.48 million U.S. dollars, up from 9.44 million U.S. dollars in the previous year.

  • The global average cost per data breach was 4.45 million U.S. dollars in 2023.

Terminologies

Vulnerability: Security vulnerability is the code flow or a system misconfiguration that hacker can use to gain unauthorized access to a system or network.

Exploit: The method used to exploit a vulnerability. Usually a custom software or a sequence of commands. Exploit kits can be embedded in web pages to scan for vulnerabilities and inject malware or viruses when weakness is found.

Threat: Actual or hypothetical event in which one or more exploits use a vulnerability to mount an attack

Types of vulnerabilities

Three Category of security weakness

  • Porous defenses: A porous defenses weakness is one that could allow users to bypass or spoof authentication and authorization process. Authentication verifies the identity of something trying to access a system while authentication is the set of access and usage permission. The attacks that happens are: credential stuffing attacks, hijacking of session ids, stealing login credentials or man in the middle attack. Examples of vulnerabilities:

    • weak password encoding
    • insufficiently protected credentials
    • missing or single factor authentication
    • insecurity inherited permissions
    • sessions that don't expire.
  • Risky Resource management: Such as memory, function and open-source frameworks. The vulnerabilities types:

    • out of bound read or write / buffer overflow
    • path traversal etc
  • Insecure Interaction between components: This kind of vulnerabilities happens because modern application nowadays send and receive data across a wide range of services, threads and processes.The vulnerabilities are:

    • cross site scripting: User inputs are not handled securely enabling injection of client side script into web pages viewed by other users.
    • Cross site request forgery: improper verification of whether a seemingly legitimate and authentic request was intentionally sent. These attacks are often mountain via social engineering vectors such as bogus emails that trick a user to click a link which sends a forged request to site where user is already authenticated.
    • Attacks of the category happen via backdoor attacks, scripting attacks, worms, trojan horse etc.

Top vulnerability

Broken Access Control

  • 94% of application has some sort of broken access control.
  • Access control make sure that users cannot act outside of their intended permissions.
  • This vulnerability can lead to unauthorized information disclosure, or modification or even destruction of database.

References

💖 💪 🙅 🚩
coder7475
coder7475

Posted on August 19, 2024

Join Our Newsletter. No Spam, Only the good stuff.

Sign up to receive the latest update from our blog.

Related