Skip to main content

Posts

CIA TRIAD

  CIA TRIAD Confidentiality Confidentiality ensures that sensitive information is only available to people who are authorized to access it . Security Controls for confidentiality data protection : Encryption   -> Encrypting data with latest encryption mechanism Access Control -> LDAP, Managed permission   Steganography -> Hiding data within data , obscuring the data Causes of Un-Intentional data disclosure : Human Error Oversight Ineptitude Violation of Confidentiality Attacks: Capturing network traffic Stealing password files Social Engineering Port Scanning Shoulder Surfing   Eavesdropping - Also known as sniffing or snooping attack , secretly listening   Escalation of privileges Countermeasures to ensure confidentiality: Encryption Network traffic paddling   Rigorous access controls   Strict Authentication process   Data classification Personnel Training   Integrity Integrity refers to prevention of un-authorized alterations to the data Integrity Involves the following: Pre
Post a Comment
Read more
Recent posts

WordPress Common Issue Notes

  WordPress: /wp-content/plugins/sfwd-lms/wpml-config.xml /wp-content/plugins/omni-secure-files/plupload/examples/upload.php /wp-content/plugins/contus-hd-flv-player/uploadVideo.php wp-json/th/v1/user_generation /wp-admin/admin-ajax.php?do_reset_wordpress=1 Wordpress xmlrpc.php -common vulnerabilites & how to exploit them https://medium.com/@the.bilal.rizwan/wordpress-xmlrpc-php-common-vulnerabilites-how-to-exploit-them-d8d3c8600b32
Post a Comment
Read more

CORS & Same Origin Policy

CORS & Same Origin Policy   The same-origin policy is a critical security mechanism that restricts how a document or script loaded from one origin can interact with a resource from another origin. It helps isolate potentially malicious documents, reducing possible attack vectors. https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy XMLHttpRequest   [ Asynchronous requests ] —————————— Use XMLHttpRequest (XHR) objects to interact with servers. You can retrieve data from a URL without having to do a full page refresh. This enables a Web page to update just part of a page without disrupting what the user is doing. XMLHttpRequest is used heavily in AJAX programming. https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest Cors ——— Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain. It extends and adds flexibility to the same-origin policy ( SOP ). However, it also provi
Post a Comment
Read more
Cross Site Request Forgery   Cross site Request forgery leverages trust a website has in the user(or at least the user’s browser) CSRF takes advantage of active session a browser has with the target site: The attack is possible due to predictable parameters on the sensitive transactions An example money transaction user case might have two predictable parameters : Dest account & and Amount CSRF is similar to XSS , but it doesn’t require that the attacker inject code into a web application. CSRF simply leverages the fact that web servers trust the authenticated users, and is possible to pass un-authorized commands from client to there sever without users knowledge.These commands are then executed on server with clients authenticated privileges. Walkthrough   —————— Attacker determines a link to initiate a transaction that uses predictable parameters Attacker posts the link on a site he controls : The site could even be a Facebook page or similar   Or attacker to force the users to t
Post a Comment
Read more

External Entity Entity Injection [XXE]

External Entity Entity Injection  [XXE] Extensible markup language was designed for for desktop publishing & now it is widely being used for data exchange It is a mark up language similar to HTML XML is is typically used   instead of HTML when data must be sent from one application to another (Data Interchange) I.e it acts as middleware [JSON,XML are few examples] Attackers can exploit how an application parses extensible mark up language by taking advantage of an XXE vulnerability. More specifically it involves exploiting how the application processes the inclusion of external entities in it’s input. Attacker can use XXE to extract information from a server or to call on a malicious server. Attacker can exploit vulnerable XML process if they can upload XML or include hostile content in an XML document, exploiting vulnerable code, dependencies & integrations, these flaws can be used to extract information , execute a remote request to a malicious server , scan internal systems,
Post a Comment
Read more

Electron JS Security Checklist

Electron Js Security Checklist Disable nodeIntegration for untrusted origins/Do-not Enable Node-Integration Risk  If enabled, nodeIntegration allows JavaScript to leverage Node.js primitives and modules. This could lead to full remote system compromise if you are rendering untrusted content. Auditing nodeIntegration and nodeIntegrationInWorker are boolean options that can be used to determine whether node integration is enabled.  Auditing For BrowserWindow, default is true. If the option is not present, or is set to true/1, nodeIntegration is enabled as in the following examples:  mainWindow = new BrowserWindow({ "webPreferences": { "nodeIntegration": true, “nodeIntegrationInWorker": 1 } });  Or simply:  mainWindow = new BrowserWindow() For webview tag, default is false.  When this attribute is present, the guest page in webview will have node integration: When sanbox is enabled (see below), nodeintegration is disabled. Please note that it is also possible to u
Post a Comment
Read more