Browsed by
Author: Amal Mammadov

FRONT END SECURITY BASICS: 2 HTTP Strict-Transport-Security (HSTS)

FRONT END SECURITY BASICS: 2 HTTP Strict-Transport-Security (HSTS)

1. VULNERABILITY INTRODUCED Properly implemented data protection for a web application allows the users to know who they are communicating with, whether or not their communication channel is encrypted, and that the data is not manipulated in transit. This is usually achieved by using HTTPS protocol for communication between the user and the web application.But sometimes applications accept connections through HTTP first, upgrade to HTTPS and redirect the user to HTTPS version of the application. Thus the application first allows…

Read More Read More

Front End Security Basics: 1 Reverse Tabnabbing

Front End Security Basics: 1 Reverse Tabnabbing

1. VULNERABILITY INTRODUCED A web-page may use multiple methods to open additional tabs or windows. However, these methods may often add a reference to the opener (or window.opener) object in the newly opened window, which refers to the “parent” tab or window. While most attributes in the opener window are blocked and inaccessible to the opened window, such that the opened window may not refer to most opener attributes (part of the cross-domain policy), some are not blocked. In particular,…

Read More Read More

8. HTTP Cache Basics and Cache Poisoning

8. HTTP Cache Basics and Cache Poisoning

1. HTTP CACHING Caching is a mechanism designed to decrease the server load and speed up the loading of web pages. A cache saves copies of server responses and serves them to users upon their repeating requests.The cache can operate locally in the user’s browser, or there are also intermediate caches: caching proxies, load balancers, CDNs, web servers. Our lesson is devoted specifically to intermediate caches.In case of a browser cache, when a user requests some data, the browser first…

Read More Read More

7. Web Cache Deception

7. Web Cache Deception

1. VULNERABILITY INTRODUCED Web Cache Deception is another technique for attacking caches. It’s different from the HTTP Cache Poisoning attack because no tainted data is saved in the cache and then served to users (which is what Cache Poisoning implies). During the Web Cache Deception attack, a malicious user gains unauthorized access to sensitive data of another user by exploiting ordinary cache behavior.The following conditions should be met for the attack to succeed:1. The web server returns the contents of…

Read More Read More

HTTP Response Splitting

HTTP Response Splitting

1. EXERCISE BACKGROUND The vulnerable application pane loads the online shopping application LotsOfGoods.me. It aggregates data from multiple off-line shops and presents it on a single platform. To offer each customer a personalized offer from the shops that are located near them, LotsOfGoods.me prompts its users to specify their location.Alice is a legitimate user of this application. She wants to find a place nearby where she can buy a new laptop. She specifies the city where she rents her apartment….

Read More Read More

HTTP Headers that are misused for security purposes

HTTP Headers that are misused for security purposes

There are headers (like Referer and Host) that developers tend to use in the security mechanisms they develop, but it is considered bad practice: data that is passed in those headers is derived from user inputs and shouldn’t, therefore, be trusted.Also, there are headers that are not actually security headers by definition (like Content-Type and X-Content-Type-Options headers), but nevertheless, they play an important role in application security. You should NEVER use the following headers in implementations of security mechanisms: Host…

Read More Read More

HTTP Content Security Policy

HTTP Content Security Policy

1. CSP INTRODUCTION Content-Security-Policy (CSP) is a special HTTP response header that tells the browser what are the safe sources of the content for the page it is going to load.When those safe sources are specified, it prevents the hacker from tricking the browser into loading and running malicious scripts in the user’s browser, injecting iframes with some malicious or unauthorized content, displaying fake images or basically injecting anything from a remote untrusted domain.CSP can also be used to ensure…

Read More Read More

HTTP COOKIES

HTTP COOKIES

An HTTP cookie is a small piece of data that a server sends to a client. The server sends the cookie using the Set-Cookie header in the response. It looks like that:Set-Cookie: trackingCookie=user1357272User-agent saves a cookie from the response and sends it back in the Cookie request header like that:Cookie: trackingCookie=user1357272Cookies are used for the following purposes:1. Session managementHTTP is a stateless protocol meaning that two requests cannot be correlated to the same source or to each other even if…

Read More Read More

HTTP Security Headers

HTTP Security Headers

There is a number of HTTP response headers that you should use to increase the security of your web application. They are referred to as HTTP security headers.Once implemented, HTTP security headers restrict modern browsers from running into easily preventable vulnerabilities. They also provide yet another, additional layer of security by helping to mitigate security vulnerabilities and prevent attacks (like XSS, Clickjacking, information leakage, etc.). But it is important to mention that HTTP security headers are not intended to replace…

Read More Read More

Azure RBAC Notes

Azure RBAC Notes

Azure Roles and Azure AD Roles Azure roles are separate from the administrative roles found in Azure AD. For example, a user who is granted Global Administrator rights in Azure AD does not have permissions to create resources in Azure. They must be granted rights at a scope using a role with the ability to create resources such as the Contributor role. Creating Custom Roles Custom roles cannot be created through the Azure Portal, but they can be assigned after…

Read More Read More