Most Dangerous Website Vulnerabilities

Most Dangerous Website VulneabilitiesAs more and more real-world functions and activities start to make their way to the web – from shopping, to socialization, and even work – the issue of web security becomes even more important. Websites spring up by the thousands every day, and technologies behind them get developed on an equally rapid velocity. HTML, Javascript, CSS, PHP, CGI, and other web standards continue to get developed. Security is always paramount, but as they get complex, certain vulnerabilities manage to creep up, resulting in vulnerabilities in the websites themselves. Here are the most dangerous of them:

Denial of Service

Denial of Service (DoS) is one of the most mainstream web vulnerabilities right now, thanks in part to the large number of Distributed Denial of Service Attacks launched against major websites (ranging from government websites to file sharing websites and even celebrity sites) these past few years.

DoS work by overwhelming a web server’s available system resources, such as CPU, disk space, memory, and bandwidth by flooding said server through the use of a single client flooding it, or multiple clients (through a botnet), which is termed as a Distributed Denial of Service Attack.

What makes DoS vulnerabilities especially dangerous is that it can be done even by people with limited technical knowledge (and in fact, there are hackers right now offering DDoS attacks for a fee).

Prestige Technologies has a redundant security system. Click here to know more.

Brute Force

As the name implies, Brute Force attacks try to use brute force to defeat authentication and authorization schemes, by trying a large number of possible answers. It uses a dictionary file (hence its other name – dictionary attack). This is usually done not by a single person, but by a large number of computers working together to “brute force” their way in. Given enough time, and given enough number of computers working together, the success rate of a brute force attack is favorable to the hacker. Thankfully, brute force attacks are easily prevented through the implementation of request throttling, tracking, and limiting of the frequency of web requests per second to any particular login file and from any specific IP.

Information Leakage

An individual who wants to hack a server’s first task is to determine the specifics of the server – from the operating system, to the application server, the database platforms, and everything in between. Letting a hacker have easy access to these types of information is a form of web vulnerability in itself, as it allows the attacks to be targeted instead of the hacker going in blindly with all of his tools. This is prevented by spoofing or obfuscating the signatures of your technology platforms, from obvious ones like the file extensions in HTTP to more subtle ones like HTTP header order, ETag formats, and even services running on IP/port combinations.

Doing this preventive measure may deter some of the less committed hackers or at least trick them into using the wrong types of attacks (such as using a Linux/Unix-specific hack on a Windows system).

XSS or Cross-Site Scripting

Cross-Site Scripting works by injecting dangerous HTML code or client-side scripts into web pages viewed by other users, which effectively bypasses browsers’ “same origin policy,” which aims to protect users by ensuring that requests are always coming from the same domain.

Through cross-site scripting, an attacker can get elevated access privileges to sensitive content, session cookies, and any number of client-side objects. XSS is usually don in conjunction with social engineering, phishing, and other browser exploits.

Remote File Inclusion

Majority of web application frameworks support the ability to package common code into separate files that can be referenced by main application modules, which can be used to take user input such as URL, text strings, parameter values, etc, and pass them into file include commands. With Remote File Inclusion, the web application is tricked into including remote files with malicious code in them, which can then be used to inject different types of malware on a client, such as keyloggers, viruses, trojans, or worms.

Irresponsible Cryptographic Storage

There are web applications that don’t use appropriate encryption for the information that they store, which isn’t a problem unless it’s being used to store sensitive information such as credit card information, login passwords, or names and social security numbers. Heyday of this vulnerability was in the late 90s, when some shopping cart software were discovered to be storing the customers’ credit card information in an unencrypted log file, which made it easy pickings for hackers as soon as they found out where the log is stored on the server.

These days, web applications make every effort to encrypt sensitive information that passes through them, though there are rare cases of failure to do so. Additionally, administrators should also remember to encrypt their off-site backups and to store the decryption keys separately.

Session Fixation

Session Fixation works by forcing a user’s session ID to a specific predetermined value. This is done through a number of different techniques such as XSS or flooding a web site with previously made HTTP requests. Once the hacker succeeds in “fixing” a user’s session ID, he can now wait for that user to log in and then assume that user’s online identity.

The main purpose of Session Fixation is to gain access to websites that use sessions to identify authenticated users as the user who’s session has been fixed, effectively allowing the hacker to log in to the accounts even though he doesn’t know the login details. From there, he can do anything from change passwords to copy sensitive information. Users themselves can help prevent Session Fixation by refusing to allow services to “remember” their login and by clearing cookies after every log in. The trade off being they lose some semblance of convenience as they now have to log in every time.

SQL Injection

Like DoS, SQL Injection is a very common web vulnerability. It uses application code to gain access or corrupt the contents of a database, usually through a web request where the user input is incorrectly filtered for string literal escape characters that can be embedded in your SQL statements and thereby unexpectedly interpreted and executed as SQL.

The worst thing about SQL Injections is that it is one of the most preventable vulnerabilities and is also the one that gives an attacker the most likely guarantee of gaining illegitimate access to a website, by virtue of the probability of success. This is because we are still using relational SQL databses when there are already NoSQL database systems such as MongoDB or CouchDB. That is not to say that the alternatives won’t have vulnerabilities themselves, but SQL injections are annoying because people already know the problem but it has not been addressed to this day.


Leave a Reply

You must be logged in to post a comment.