≡ Menu

[Guest Post] Your Company’s Web Apps Are Actually Gaping Security Holes

This is a guest post written by Joel Newman. If you would like to write for WebGuide4U, check out guest posting guidelines here.

According to the recent Web Application Attack Report (WAAR), released by pioneers in data security solutions, web applications remain vulnerable to attack. Most of the recent data breaches have been done using botnets on web apps like data systems and email. As large-scale web applications take more time to patch vulnerabilities, hackers get ample opportunities to hack web applications even more. Moreover, this kind of automated attacks using botnets makes it even more difficult to trace the source of the attack.

The most prevalent attacks have been SQL injection, cross-site scripting, directory traversal, and remote file include. Most of the attacks on web applications using botnets are done in two steps: scans the target system using cross-site scripting and directory traversal, and then attack it using SQL injection. Given the huge amount of data handled by web applications, this makes a sensible approach; otherwise, the botnets have to spend more time to scoop out all the data.

In a web application, a request flows from a web client to a web server through HTTP either as a SOAP request or in other XML form. In all web applications, the design of security module plays an important role and it varies from one organization to another. If an attack can pass through a security module by creating fake privileges and authenticated sessions, then the attack can easily pass through other layers.

Depending on a server’s resources, an attacker can create a buffer overflow to gain access to a web application. In this case, an attacker typically constructs an XML request, and makes it call upon itself recursively until it is overblown and causes a memory overflow error. Every web server has a limit to handle the size of an incoming request. Therefore, when the server receives a very large incoming request, it crashes with an error message, which reveals some information about the web application to the hacker.

Even though SQL injection can easily be prevented, it remains one of the widely used methods by hackers to extract data from web applications. If a web application does not validate the incoming data, then the hackers can manipulate SOAP messages with malicious data and get them executed in the database. A hacker achieves this by attacking XML Schema files. An XML schema is like a grammar file that contains preprocessor instructions to validate an XML file. If an attacker can damage or manipulate XML schema files to permit malicious XML request to get through, then false SOAP messages can easily pass through the application to inject commands or query the database.

Some enterprise applications have different layers of privileges and security modules assigned for every user. This kind of design checks a user’s privileges and security rights at every phase of execution. In such cases, hackers look for ways to hijack a session of an authenticated user. Session hijacking is a method to gain illegal access to a valid user’s session state. As a user’s session details are sent back and forth while accessing a web application, a hacker can sniff the SOAP message and can hijack the session id. Depending on the privileges associated with a hijacked user, a hacker can penetrate to that level in a web application.

A huge enterprise web application connecting various departments handles large volumes of critical data on a daily basis. In that case, a small level of data breach typically goes unnoticed and can lead to large data theft. Moreover, some web applications continue with minor security flaws as fixing security patches or redesigning would take more time, and from hackers point, these minor loopholes turn out to be advantageous for them.

Author

Rebecca is a blogger by profession. She loves to write on technology and lifestyle. Beside this she is fond of gadgets.

{ 0 comments… add one }

Leave a Comment