|
Hackers are always hunting to find business-logic flaws, especiallyon the Web, in order to exploit weaknesses in online ordering andother processes. NT Objectives, which validates Web application security , says these are the top 10 business-logic flaws they see all thetime. 1. Authentication flags and privilege escalation Since applications have their own access-control lists and privileges, if theimplementation of the authorization is weak, it opens upvulnerabilities that can be exploited, such as accessing another'scontent or becoming a higher-level user with greater permissions.What's needed is identifying parameter names that have something todo with ACL/permission that could become a target, and the testercan use fuzzing tools to try and change bit patterns or permissionflags, which may show the point at which exploitation, escalatingprivileges or bypassing authentication can be achieved by anattacker. [ Learn how to greatly reduce the threat of malicious attacks withInfoWorld's Insider Threat Deep Dive PDF special report. ] ROUNDUP: The Most Mortifying Moments in IT Security History FBI: Investment scams, Blackhole exploit kit lead cybercrime wave 2. Critical parameter manipulation and access to unauthorizedinformation/content HTTP GET and POST requests are typically accompanied with severalparameters when submitted to the application, typically in the formof name/value pairs, JSON, XML and so forth, but they can betampered with and guessed by predicting. Tests for this look foreasily guessable values and whether a parameter's value can bechanged in order to gain unauthorized access. 3. Developer's cookie tampering and business process/logic bypass Cookies are often used to maintain state over HTTP, but developersare not just using session cookies, but are building datainternally using session-only variables. Application developers setnew cookies on the browser at important junctures which exposeslogic holes. The danger is that these cookies can be reverseengineered or have values that can be guessed or deciphered andattackers try to identify these holes that are easy to exploit.Tests here typically involve analysis of cookies delivered duringprofiling, and looking for easily guessable values, and whether acookie value can be changed. 4. LDAP parameter identification and critical infrastructure access LDAP is becoming an important aspect for large applications and mayget integrated with "single sign-on" as well. Many infrastructurelayer tools like SiteMinder and Load Balancer use LDAP for bothauthentication and authorization. LDAP parameters can carrybusiness-logic decision flags that can be abused or leveraged.Attackers can find business-layer bypasses and logical injectionsif the application is not doing enough validation. Tests for thisfocus on finding parameters linked with LDAP, such as those takingemail or usernames, which are prospective targets. 5. Business constraint exploitation The application's business logic should have defined rules andconstraints, but if poorly designed, attackers can crawl them andbrowse through hidden fields and understand their context. So it'snecessary to test hidden parameters and values, checkingbusiness-specific calls that can become a target and manipulated. I am an expert from chinadrillingequipment.com, while we provides the quality product, such as China Diamond Core Bit , Hydraulic Crawler Drills, core drilling,and more.
Related Articles -
China Diamond Core Bit, Hydraulic Crawler Drills,
|
