dev-secure-code-warrior-pilot[bot]
commented
3 years ago Micro-Learning Topic: Code Injection (CWE 94)
Code injection happens when an application insecurely accepts input that is subsequently used in a dynamic code evaluation call. If insufficient validation or sanitisation is performed on the input, specially crafted inputs may be able to alter the syntax of the evaluated code and thus alter execution. In a worst case scenario, an attacker could run arbitrary code in the server context and thus perform almost any action on the application server.
Try to identify instances where external input is subsequently used in a dynamic code evaluation call and identify the code context in which each input is used. Carefully review the data flow of these inputs and determine if appropriate filtering or encoding is being performed. You may need to look up language reference material to identify the language-specific special characters that any validation or sanitisation logic will need to account for.
Try this challenge in Secure Code Warrior
Micro-Learning Topic: NoSQL Injection (Detected by phrase)
NoSQL is a variation of data-management technologies, grouped arbitrarily under this name, that really means “non-relational database systems”. This includes graph databases (Cassandra), document databases (MongoDB), key-value stores (Amazon DynamoDB) amongst others.
NoSQL injection happens when an application uses input to build a query or statement without proper filtering or encoding. This may allow an attacker to modify the instruction that is sent to the non-relational database system by supplying specially constructed values, resulting in unauthorised retrieval or modification of data records.
Find all the instances of NoSQL database interaction and check how the queries or statements are being constructed. If any variables are used to construct the queries or statements, back trace these back to their source. Try to identify any variables that originate from input parameters and determine if appropriate filtering or encoding is being performed. Each NoSQL database technology has its own query language so you may need to refer to documentation to identify the special characters that processing may need to account for.
Try this challenge in Secure Code Warrior
Micro-Learning Topic: SQL Injection (Detected by phrase)
This is probably one of the two most exploited vulnerabilities in web applications and has led to a number of high profile company breaches. It occurs when an application fails to sanitize or validate input before using it to dynamically construct a statement. An attacker that exploits this vulnerability will be able to gain access to the underlying database and view or modify data without permission.
Examine code which interacts with relational databases and identify how each statement or query is constructed. Check if any statements are built by joining strings with external inputs and trace these data flows to see whether proper filtering or encoding was performed. Determine if special characters (such as single quotes) and keywords (such as SELECT or DROP) supplied in inputs can affect the statement that is constructed.
Try this challenge in Secure Code Warrior
Micro-Learning Topic: Improper Authentication (Detected by phrase)
Improper authentication happens when mechanisms intended to identify the user are flawed (easily tamperable or insufficient). This would allow an attacker to bypass access controls or to easily impersonate a user.
Try to identify functionality that requires authentication to access and trace the authentication flow. Look for insufficient, incorrect or missing authentication checks that may allow a user to access functionality without supplying correct credentials. Examples of this include secret cookies, hidden form fields, relying on other user provided values, missing checks or incorrect assumptions about user state.
Try this challenge in Secure Code Warrior
Micro-Learning Topic: Server-Side Request Forgery (SSRF) (Detected by phrase)
Server-Side Request Forgery (SSRF) vulnerabilities are caused when an attacker can supply or modify a URL that reads or sends data to the server. The attacker can create a malicious request with a manipulated URL, when this request reaches the server, the server-side code executes the exploit URL causing the attacker to be able to read data from services that shouldn't be exposed.
Look for places where URLs are handled such as calling resources from external servers, requests that are sent to external services or custom webhooks. Additionally, check where the user can specify custom URLs.
cwe 94 ssrf nosql injection what have you broken authentication