Web Application Vulnerabilities

The common threat against the security of web application is the widespread occurrence of different types of web application vulnerability. A vulnerability is a weak point or gap in the application which allows the malicious attacker to endanger the application stakeholders. The user, the owner and other objects that are depending on the application are considered to be stakeholders (OWASP 2011). There are several types of web application vulnerability; each one has special properties, such as the vulnerability style, the detection and prevention techniques. Figure 2.2 shows the statistics of OWASP (open web application security project) top ten vulnerabilities which have classified the percentage of the vulnerability that is used in the hacking of web application in 2010.

The statistics have been conducted according to the number of exploiting the same

Chapter 2 - Background and Related Works

17

vulnerability. Accordingly, the OWASP top ten 2010 vulnerabilities are as follows:

 Injection:

This type occurs when the attacker injects the application command or queries by untrusted data. The application interpreter will execute the injected command together with the normal command of the application. In this way, the application data will be affected by unauthorised accesses, as well as the execution of unintended commands. The common example of this type is SQL (structure query language), OS (operating system), and LDAP (Lightweight Directory Access Protocol) injection.

 Cross Site Scripting (XSS):

This type happens as a result of poor validation of the untrusted data which is sent via the web application to the web browser. This vulnerability allows a harmful script to run at the victim’s computer. Moreover, these vulnerabilities can be classified in two categories which are the first order and the second order attacks. The first order one will be done by inserting script in application page or attract the victim to click on an infected URL that contains a malicious script. The second one is persistent as the attacker can store the malicious script in the application database and can run it permanently. As a result, the attacker can redirect the victim to other malicious sites (Kieyzun, Guo et al. 2009).

 Broken Authentication and Session Management:

This vulnerability allows the attacker to hijack the user session or password by compromising it, and using the hijacked information for harmful purposes like exploiting the session as another user. This vulnerability resides in the application as

Chapter 2 - Background and Related Works

18

a result of poor implementation of the authentication function.

 Insecure Direct Object References:

This vulnerability allows the attacker to direct the web application references to be used with other resources. In other words, it allows the attacker to gain unauthorised access of specific resources. This vulnerability is a developer’s mistake, because the exposed references of internal object like directory or file are exposed by the developer.

 Cross Site Request Forgery:

This type of attack allows the attacker to control the web browser of the victim’s computer forcedly, and they can generate requests and send them to the application as if the requests were sent from the victim.

 Security Misconfiguration:

This vulnerability is a result of misconfiguration between the system components or neglect of the last update of these components. Therefore, to avoid this type of vulnerability, the system requires a secure configuration for all components. The configuration must be done for system implementation and maintenance (do not use default security option). Moreover, all system software must be up to date starting from the OS to DBMS. For example, if there is a XSS flows in the components. The new update has fixed this problem at the application level but not in application library. These differences can be found easily by the attacker.

 Insecure Cryptographic Storage:

Chapter 2 - Background and Related Works

19

or encryption techniques to avoid attacks, such as stealing or modifying important data like credit card information or authentication credentials. Thus, if the attacker can gain unauthorized access to a web application databases, he cannot use the stored data as it is encrypted.

 Failure to Restrict URL Access:

Some developer lets URL application links point directly to some of the application pages. Normally, the attackers are looking to find the hidden pages by changing the ULR address to access it.

For example, if the link of page is http://example.co.uk/webapp/mainpage and the attacker will manipulate the URL to http://example.co.uk/webapp/admin_page, then the attacker can gain unauthorised access to other pages. To avoid this vulnerability, the checking of URL access is required for each page of the web application.

 Insufficient Transport Layer Protection:

The web application transport protection is important to keep the data transport secure and protected. Many applications have used SSL (Secure Sockets Layer) or TLS (Transport Layer Security) protocols to protect the application data. This vulnerability is a result of weak protection of the transport layer like using expired certificates which are supplied by the SSL provider. For, example, if the network is not secured by SSL the attacker can monitor the network and see the victim’s session or cookies then the attacker can used the victim’s information through the user session.

 Unvalidated Redirects and Forwards:

Chapter 2 - Background and Related Works

20

redirect or forward. With this moving, validation is required to be sure there is no wrong access for those pages and the redirected and forwarded pages are not changed. The attacker can change the victim’s destination pages to other malware sites (OWASP 2010).

The mentioned vulnerabilities are the top ten of 2010, there are other vulnerabilities in a web application such as malicious file execution. Moreover, there are several studies and tools for the detection of the various types of web application vulnerabilities. The next section will highlight some of the scanning tools that are used to expose and determine those vulnerabilities.