Learned much more than I ever would've imagined in Web Vulnerabilities."None" allows us to alter the payload without requiring a signature.If vulnerable, we can alter the alg declaration in the header and change it to "None" or another valid alg which is vulnerable.Vulnerabilities lie in improper implementation of JWT.Encryption of header and encoded payload, and the secret(key), with encryption in header.custom claims to share info between parties.issuer, expiration time, subject, audience etc.If done incorrectly though, can become a vulnerability.Json Web Tokens are used for create access tokens for an application and are very popular.link involves some sort of request that looks legitimate in the webservers eyes(victim assumingly holds some sort of cookie for this site).Cross Site Request Forgery is tricking the victim to click a link to a website created by the attacker.which should return(if vulnerable) the passwd file. Server Side Template Injections allow attackers to take advantage of template injections.OWASP ZAP is a free web application security scanner by OWASP while Burp Suite is most used as a proxy tool more than an application security scanner. Sanitizing turns user input into an acceptable(non-malicious form) Burp Suite and OWASP ZAP (Zed Attack Proxy) are the most used tools by security professionals while assessing the security of web applications.Sanitizing user input can be used but should not be the only layer of defense.If an error occurs, you can return a Validation Error. ex: making sure input is a number when a number is expected by parsing and proceeding to work with that input as if its a number.frameworks like Django allow you to validate input by making sure the input is what should be expected.a function from flask that changes characters like "Sites can use things such as filters to help protect from XSS attacks.viewing the user and password a user types in.Can use a key logger made in a language like javascript to report a key input event for a user and ugload it to some sort of log page to view a victims typing.Malicious payload is executed only upon execution.Un-sanitized user input is stored in a sites database(persistent).
0 Comments
Leave a Reply. |