Bug or Feature? Hidden Web Application Vulnerabilities Uncovered
Dec 15, 2023
Web App Security / Secure Coding
Web Application Security consists of a myriad of security controls that ensure that a web application: Functions as expected. Cannot be exploited to operate out of bounds. Cannot initiate operations that it is not supposed to do. Web Applications have become ubiquitous after the expansion of Web 2.0, which Social Media Platforms, E-Commerce websites, and email clients saturating the internet spaces in recent years. As the applications consume and store even more sensitive and comprehensive data, they become an ever more appealing target for attackers. Common Attack Methods The three most common vulnerabilities that exist in this space are Injections (SQL, Remote Code), Cryptographic Failures (previously sensitive data exposure), and Broken Access Control (BAC). Today, we will focus on Injections and Broken Access Control. Injections SQL is the most common Database software that is used, and hosts a plethora of payment data, PII data, and internal busi...