Explain the vulnerabilities and process to resolve it in asp.net core and proper example for each.
The common vulnerabilities in Asp.NetCore is.
a)Cross-Site Scripting (XSS) attacks.
b) SQL injection attacks
c)Cross-Site Request Forgery (XSRF/ CSRF) Attacks :
d) Open redirect attacks
a)Cross-Site Scripting (XSS) attacks.
- Cross-Site Scripting (XSS) is a security vulnerability that enables an attacker to place client-side scripts (usually JavaScript) into web pages. When other users load affected pages the attacker's scripts will run, enabling the attacker to steal cookies and session tokens, change the contents of the web page through DOM manipulation or redirect the browser to another page.
- XSS vulnerabilities generally occur when an application takes user input and outputs it to a page without validating, encoding, or escaping it.
Protecting your application against Cross-site Scripting Attacks(XSS)
At a basic level XSS works by tricking your application into inserting a <script> tag into your rendered page, or by inserting an On* event into an element. Developers should use the following prevention steps to avoid introducing XSS into their applications.
1. Never put untrusted data into your HTML input, unless you follow the rest of the steps below. Untrusted data is any data that may be controlled by an attacker, HTML form inputs, query strings, HTTP headers, even data sourced from a database as an attacker may be able to breach your database even if they cannot breach your application.
2. Before putting untrusted data inside an HTML element ensure it is HTML encoded. HTML encoding takes characters such as < and changes them into a safe form like <
3. Before putting untrusted data into an HTML attribute ensure it is HTML encoded. HTML attribute encoding is a superset of HTML encoding and encodes additional characters such as * and ".
4. Before putting untrusted data into JavaScript place the data in an HTML element whose contents you retrieve at runtime. If this isn't possible, then ensure the data is JavaScript encoded. JavaScript encoding takes dangerous characters for JavaScript and replaces them with their hex, for example, < would be encoded as \u003C.
5. Before putting untrusted data into a URL query string ensure it is URL encoded.
b) SQL Injection Attacks
- SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.
SQL injection examples
- There are a wide variety of SQL injection vulnerabilities, attacks, and techniques, which arise in different situations. Some common SQL injection examples include:
- Retrieving hidden data, where you can modify an SQL query to return additional results.
- Subverting application logic, where you can change a query to interfere with the application's logic.
- Most instances of SQL injection can be prevented by using parameterized queries (also known as prepared statements)
- The following code is vulnerable to SQL injection because the user input is concatenated prepared statements) instead of string concatenation within the query.
String query = "SELECT * FROM products WHERE category =' "+" ' " ;
Statement statement = connection.createStatement();
ResultSetresultSet = statement . executeQuery(query);
- The code can easily be rewritten in a way that prevents the user inputs for interfering with the query structure:
PreparedStatementstatement = connection.prepareStatement("SELECT * FROM products WHERE category =?" );
statement.setString(1, input);
Result.SetresutlSet = statement.executeQuery();
OR,
Retrivng hidden data
https:// insecure-website.com/products ? category = Gifts. SELECT * FROM products WHERE Category = " Gifts " AND released = 1.
Resolving /Protection
- Most instances of SQL injection can be prevented by using parameterized queries instead of string concatenation within the query.
c)Cross-Site Request Forgery (XSRF/ CSRF) Attacks :
- It is an attack against web-hosted apps whereby a malicious web app con influence. the interaction between a client browser and a web app that trust the browser.
Eg: A user signs in to www.good-banking-site.com forms, authentication. The server authenticates the user and issues a response that includes an authentication cookie. The site is vulnerable to attack because it accepts. and trust any request that it receives with a valid authentication cookie.
Prevention
- We can prevent our web app by configuring antiforgory feature with IAntiforgery which provides API for configuration.
d) Open Redirect Attack
- Web applications frequently redirect users to a login page when they access resources that require authentication. The redirection typically includes a returnUrl query string parameter so that the user can be returned to the originally requested URL after they have successfully logged in. After the user authenticates, they're redirected to the URL they had originally requested.
- Because the destination URL is specified in the query string of the request, a malicious user could tamper with the query string. A tampered query string could allow the site to redirect the user to an external, malicious site. This technique is called an open redirect (or redirection) attack.
- Example: A malicious user can convince the normal user to click a link to your site's login page with returnURLquerystring value added to the URL.
- Then the user click on that link and successfully and the user is redirected into that malicious site and provided the confidential credentials to that malicious user
Comments
Post a Comment