The security testing services check websites, applications and other software products for vulnerabilities that compromise the security of the product. This article lists the 5 most simple ones.
Design vulnerabilities
This type of error usually appears long before the first command of the source code of the future application is written. When designers are still thinking about how their system will work, they may not take into account or deliberately neglect one circumstance or another, which will subsequently lead to a serious vulnerability in an already developed solution.
Design vulnerabilities are obviously extremely difficult to fix. Usually the problem is eliminated by the extension – HTTPS, FTPS. However, adding encryption to Ethernet is nearly impossible. This will require the release of a new version of Ethernet.
But design vulnerabilities are widely known, and when you implement your solutions, you can take timely measures to prevent exploitation.
Development vulnerabilities
The most common vulnerabilities are mistakes made by programmers while writing source code. Inaccurate processing of data entered by the user or received by the application over the network may lead to incorrect operation of the program.
Despite the fact that it is quite easy to solve the overflow problem, there are still many applications that are susceptible to this type of vulnerability. They can be detected by specialized utilities – fuzzers, which automatically send various data to applications and record the program’s response.
Implementation vulnerabilities
The third type is implementation and exploitation vulnerabilities. If the previous type of vulnerabilities is hidden from engineers and administrators and it is rather problematic to detect them without special tools, then these specialists are responsible for incorrect settings.
There are many typical examples here. For example, network equipment with default passwords or with countless qwerty, p @ ssw0rd and similar simple passphrases.
In the case of MS SQL databases, this is the use of the sa account for interaction between applications and the database. As you know, for this you need to create a separate account with a limited set of rights, and not use an administrative account.
Implementation vulnerabilities are relatively easy to spot during security audits, but they are just as dangerous as the software development errors described above. After all, no matter how well the application is written, all its security elements become useless if the administrator uses a simple password from the “dictionary”.
Google Dorks
Google Dorks are keywords you can use to improve your search performance:
site: – search on a specific site;
filetype: – search for files of a certain type;
inurl: – search in the page URL;
intitle: – search in the page title.
These same search operators can be used by hackers to discover insecure information.
Broken Access Control
It was found in every third application. Bypassing access restrictions usually leads to unauthorized disclosure, alteration or destruction of data. So, for example, in one of the projects, unsafe authorization allowed changing the contents of any user’s profile. Positive Technologies specialists learned the login of the application administrator, in his profile they changed the email address to their own, and then, through the standard password recovery procedure, they got access to the site with administrator rights.
The number of vulnerabilities associated with authentication and authorization can usually be minimized by adhering to the SSDLC secure programming practices when developing a web application.