Web application security - the fast guide 1.1 | Page 58
Chapter 3 - Vulnerabilities and threat models
P a g e | 58
3.8.3 Insecure Direct Object References:
exposes
a
reference
to
an
internal
implementation object, such as a file, directory, or database key. Without an
access control check or other protection, attackers can manipulate these
references to access unauthorized data.
3.8.4 Cross-Site Scripting (XSS):
This vulnerability is related to poor input validation or escaping which will give
the attacker the ability to send and execute scripts in the victim’s browser which
can hijack user sessions, change the site contents or even redirect the user to
malicious sites.
3.8.5 Security Misconfiguration:
this vulnerability is mostly related to keeping the default configuration (that is
normally unsecured) for server, application used libraries and packages or
sometimes none updated packages.
3.8.6 Sensitive Data Exposure:
sensitive information like passwords and credit card information or other
private user information are considered assets and need to be well protected in
all status (in motion or in storage) techniques such are encryption are normally
used for that purpose.
3.8.7 Missing Function Level Access Control:
application need to embed function level access on the presentation
layer and on other layers such as functional and data layer because
checking access rights to show the functionality on UI is not sufficient
as the request can be forged by attacker so server side check should
be done when each function is accessed.
3.8.8 Cross-Site Request Forgery (CSRF):
in contrast with XSS This vulnerability gives the attacker the ability to use the
trust given to user browser to send malicious information to another site using
the session cookie and any other automatically included authentication
information.in this case the attacker will have for that request the same access
level gained by the legitimate victim user.
3.8.9 Using Components with Known Vulnerabilities:
Components, such as libraries, frameworks, and other software modules, almost
always run with full privileges. If a vulnerable component is exploited, such an
attack can facilitate serious data loss or server takeover. Applications using
components with known vulnerabilities may undermine application defenses
and enable a range of possible attacks and impacts.