IT Security & Network Security News & Reviews: Whodunit? Finding Security Vulnerabilities in Application Code

 
 
By Brian Prince  |  Posted 2009-05-28
 
 
 

Whodunit? Finding Security Vulnerabilities in Application Code

by Brian Princecode provided by Veracode and Qualys

Whodunit? Finding Security Vulnerabilities in Application Code

File/Path Manipulation

This occurs when the software allows user input to control or influence paths that are used in filesystem operations. This vulnerability could permit an attacker to access or change system files and other files critical to the application.

File/Path Manipulation

The Answer

The code is vulnerable to file/path manipulation because of insufficient input validation (cwe 20) on the fn parameter, which leads to arbitrary file retrieval.

The Answer

Hands Off the Database

SQL injection is one of the most popular vectors of attack. When executed, the SQL statement fetches a different set of results from the database than the application would have originally requested. The attacker gains unauthorized access to or manipulates the data residing in the database on the server.

Hands Off the Database

The Answer

The code is vulnerable to SQL injection because it creates an ad-hoc query using the employeeID parameter, which is untrusted.

The Answer

Solving Cross-site Scripting

Cross-site scripting (XSS) remains one of the most common vulnerabilities affecting Web applications. If successful, an exploit could allow hackers to bypass access controls such as same origin policy.

Solving Cross-site Scripting

The Answer

In this case, moving the <title> to after the <meta> tag prevents XSS attacks that trick the browser into using UTF-7 to decode the payload when the page should be actually rendered as UTF-8.

The Answer

Rocket Fuel