that looks vuln
common (web) application security issues,
and how to mitigate them
Allowing user input to leak to somewhere where it will be interpreted as code.
mandatory XKCD 327 link:
Username: "drevil' OR '1' = '1"
SELECT * FROM users WHERE is_admin = '1' and name ="drevil OR '1'='1';
injection attacks: mitigation
Validate all external input.
Only allow exactly the kind of values you expect.
Disallowing common "dangerous" characters,
have maximum length
Always use context-aware escaping on output
SQL-safe escapes for sql,
HTML-safe escape for html etc.
There is no one-size-fits all here
Buffer overflow/invalid pointers
Very common coding mistake in languages with no safety guarantees
Use a safe language
(although it is not a guarantee, you might still use libraries/third-party tools that are vulnerable)
Impose explicit size limits in APIs
(there are most likely implicit ones anyway)
Sensitive data should be encrypted.
If it is stored encrypted, it should be transmitted encrypted.
There is no good performance reason to not use SSL everywhere.
Think "why should this be in cleartext",
not the other way around
incorrectly used crypto
Worse than no crypto, now the attacker knows where the sensitive data is.
broken random numbers in initialization
TOR with exit relay instead of end-end encryption
Don't roll your own.
Use NaCL or similar
WRONG crypto: mitigation
Don't roll your own!
Use high-level well known and trusted packages like
Sending too much data in errors back to clients can reveal important informaiton to an attacker.
(But don't overdo it, if done right, it can be perfectly fine to say why an error happened)
no/Broken access control
Lock down sensitive endpoints
Don't put session keys in urls so they might get logged
Negotiate per-session secrets
Implement timeouts for sessions
cross site scripting
Prevent injection at both input and output
Use CSP headers
Cross Site Request Forgery
Assuming that a logged-in browser can be trusted
Secret tokens in all requests (hidden form value)
keep up to date
OWASP top 10 list
Watch CCC security nightmares,
don't repeat the mistakes of others
that looks vuln