Browsed by
Month: July 2020

7. Web Cache Deception

7. Web Cache Deception

1. VULNERABILITY INTRODUCED Web Cache Deception is another technique for attacking caches. It’s different from the HTTP Cache Poisoning attack because no tainted data is saved in the cache and then served to users (which is what Cache Poisoning implies). During the Web Cache Deception attack, a malicious user gains unauthorized access to sensitive data of another user by exploiting ordinary cache behavior.The following conditions should be met for the attack to succeed:1. The web server returns the contents of…

Read More Read More

HTTP Response Splitting

HTTP Response Splitting

1. EXERCISE BACKGROUND The vulnerable application pane loads the online shopping application LotsOfGoods.me. It aggregates data from multiple off-line shops and presents it on a single platform. To offer each customer a personalized offer from the shops that are located near them, LotsOfGoods.me prompts its users to specify their location.Alice is a legitimate user of this application. She wants to find a place nearby where she can buy a new laptop. She specifies the city where she rents her apartment….

Read More Read More

HTTP Headers that are misused for security purposes

HTTP Headers that are misused for security purposes

There are headers (like Referer and Host) that developers tend to use in the security mechanisms they develop, but it is considered bad practice: data that is passed in those headers is derived from user inputs and shouldn’t, therefore, be trusted.Also, there are headers that are not actually security headers by definition (like Content-Type and X-Content-Type-Options headers), but nevertheless, they play an important role in application security. You should NEVER use the following headers in implementations of security mechanisms: Host…

Read More Read More

HTTP Content Security Policy

HTTP Content Security Policy

1. CSP INTRODUCTION Content-Security-Policy (CSP) is a special HTTP response header that tells the browser what are the safe sources of the content for the page it is going to load.When those safe sources are specified, it prevents the hacker from tricking the browser into loading and running malicious scripts in the user’s browser, injecting iframes with some malicious or unauthorized content, displaying fake images or basically injecting anything from a remote untrusted domain.CSP can also be used to ensure…

Read More Read More