injection Vector - Often found in SQL,XPATH or NoSQL queries - It occurs when application sends untrusted data to the interpreter, - For example, Attacker can execute malicious SQL statements that control a web application’s database server.
--’ and password = ‘something’ Executed query: Select * from accounts where userId = ‘10’ OR ‘1’=’1’ URL: http://example.com/app/accountView?id=10' or '1'='1
not protected - Easily guessable credentials - Session IDs in URL - Session IDs don’t time out - Passwords, Session IDs and credentials are sent over unencrypted connections
defined, implemented and maintained as defaults/ not set to secure values - Can happen at any level - Platform - Webserver - Application server - Database - Framework
Returning error stack trace to the user from app server - Removing sample applications that come with app servers - Provide proper access permissions on all web folders
not adequately protected - Ex: passwords, session tokens, credit card data - Exposing sensitive token in public source code - Old/ weak cryptographic algorithm used
modern software to the point that even browser web applications are often written in JS and use API’S to get data. - Client software is easily reversed and communications interpreted. - Testing API’s is similar to testing other web applications