Major Security Errors in Web Application

Web application developers these days have to be skilled in a number of fields. It becomes important to  create an application which is user friendly, accessible, gives high performance and is secure. And, all this has to be done in an untrustworthy environment that you, the developer, cannot control. I am talking about the User Agent, normally seen as a web browser, but no one really understands what's there on the other side of the HTTP connection.

There are various things to worry about when it comes to security testing of web application. Is your website protected from service attacks? Are your users being tricked into doing things which can harm the security? Is your user data safe? Can fake data from an attacker pollute the database? Is it possible to gain unauthorized access to those parts of your website which are restricted. Unfortunately, the answer to these questions will be yes, unless we are careful about writing the codes.

In this article, we will not mention denial of service attacks, but will take a closer look at other problems. To be more relevant to the context, we will talk about Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), Click-Jacking and SQL injection. We will also assume PHP as the development language, but the problem will occur regardless of the language and the solutions are identical in all languages.

1. Cross-Site Scripting (XSS)

An attack, in which the user is mislead into executing code from another site, in the framework of our website is called Cross-site scripting. The problem will occur no matter what our website does, but the complexity of the problem will change according to what the user does on the site.

2. Cross-Site Request Forgery (CSRF)

This is an attack where a bad site can trick the visitors into going ahead and taking an action on our website. This generally happens if a user logs into a website that they regularly use (eg. Their e-mails, Facebook, etc.) and then log into a bad site without first logging out of the previous site. If the former site is capable of getting a CSRF attack, then the malicious site can do whatever it wants on the user's behalf.

3. Click-Jacking

It might not be on the OWASP top ten list for 2010, but still it has gained a lot of popularity due to the attacks on Facebook and Twitter, as both of them make it spread very quickly because of their social nature.

We are protected against CSRF attacks as we use a nonce. However, if the user is made to click the submit link themselves, then the nonce will not be able to guard us. In this type of attack, the website is included in an iframe on their own website. Even though the attacker will not have control over our page, they will have control over the iframe element. CSS is used to set the iframe's capacity to 0 and the JavaScript is used to move it around, so that the submit button comes under the user's mouse.

4. SQL Injection

In this type of attack, insufficient input validation is exploited by the attacker, in order to gain shell access to your database server. The message sent by the attacker can get passed to the database and it could get dropped in the 'Messages' section, causing a lot of trouble to you and your user.  

http://www.avyaan.com/blog/five-open-source-security-audit-tools/