Chapter 1 - information Security overview P a g e | 20
Sanitizer
< Script > something </ script > Something
Figure 12 : Sanitizer
c . Semantic check : Even sanitization might fail to get safe input because attacker sometimes depends on having the input totally valid on the syntactic level but malicious on the semantic level . A good example about this case will be trying to access other users information by altering the information of account number in the hidden field dedicated to that purpose .
In that case the input is valid as the input match the pattern for an account number and the session information shows that the user is successfully authenticated and the user can access and manipulate information related to the entered account number . d . Recursive and fragmented check : in lot of cases attacker might tend to divide attack to multiple stages in way that each part is not classified as malicious input but when it is merged it will create a malicious input . an example will be double encoding the special character in the URL . when the URL is received and decoded for the first time it will not look suspicious but the second decoding by the application will cause the special character to bypass the filter .
% 2527 decoded to % 27 |
decoded |
to |
apostrophe |
( special |
character ) |
|
|
|
|
Another example is bypass the sanitization process by generating an attack that reconstruct itself after applying single pass sanitization : < scri < script > pt >
1.6.3 Attacker :
the other dimension that should be controlled is the attacker in order to be sure that all unexpected errors handled , preserved the audit log , notify the administrator and response to attack . a . Mitigating unexpected errors : Handling errors will allow controlling the unexpected part by showing a customized non informative message or mitigating the error away from any system generated messages the thing that minimize the information discloser caused by unexpected verbose message .