Vulnerability

1. Directory (Path) Traversal
2. Leftover Debug Code
3. User Enumeration
4. Privilege Escalation
5. Cross-Site Request Forgery(CSRF)
6. Encoding vs. Hashing vs. Encryption
7. Password Storage
8. SQL Injection
9. Command Injection
10. Denial of Service via Unrestricted File Upload
11. Server-Side Request Forgery
12. Race Condition
13. Insecure TLS Validation

Directory (Path) Traversal

• What: It allows illegal access to directories and files stored inside the server.
• How: It's possible using "../" on the address.
• Solution: Verify the path before to create the URI

References:

• PortSwigger
• Wiki

Leftover Debug Code

• What: It is a back door code let by the developer to debug or test the app
• Solution: Create some routine to remove this kind of code.

Reference: J2EE Bad Practices: Leftover Debug Code

User Enumeration

• What: It's a ilegal access to data/functionality from a user that can exist or not.
• How: It's caused by a misconfiguration by username that can exist or not.
• Solution: Right config of the users, take care about the response messages.

Reference: Hacksplaining

Privilege Escalation

It is a vulnerability in which the attacker has unauthorized access. It allows one user to create, read, update and delete the data.

• Horizontal Privilege Escalation: The attacker act as another user.
• Vertical Privilege Escalation: The user gains higher privileges.

References:

• Cynet
• Acunetixis
• Netwrix

Cross-Site Request Forgery(CSRF)

This vulnerability permits an attacker to force another logged-in user of the app to perform actions.

References: PortSwigger

Encoding vs. Hashing vs. Encryption

Encoding is a technique that can be used to transform data and also to compress data to be transferred. However, the decode is an easy process given that its scheme is available. Because of that, should be avoid to be used as a secure way to transfer data.

Hashing also transforms data but using the hash function. Using in security operation together with cryptographic, it can be used to ensure the integrity of data.

Encryption transforms data to ensure the security of data follows some rules. Encryption should be used if data confidentiality is the goal. Neither hashing nor encoding provides enough security to keep data safe.

References:

• JCA - Java Cryptography Architecture
• Blockchain - Init

Password Storage

Sql Injection

Use PreparedStatement and not string concatenation.

#Example of sql:
' or 1='1

Command Injection

• Avoid calling OS commands
• Use an API
• Implement a strong input validation

References:

• Portswigger

Denial of Service via Unrestricted File Upload

You can prevent this vulnerability by:

• File type verification
• Restrict specific file extensions
• Malware prevention
• User authentication
• Store files in an external directory

References:

• How to Prevent File Upload Vulnerabilities
• Unrestricted File Upload
• OWASP - Unrestricted File Upload

Server-Side Request Forgery

References:

• PortSwigger - SSRF
• OWASP

Race Condition

You can prevent by:

• The use of keywords provided by the programming language (e.g. synchronized)
• The use of libraries that guarantee atomicity and provide advanced lock implementations

References:

• Infosec
• Hacking Banks With Race Conditions

Insecure TLS Validation

References:

• Testing for Weak SSL TLS Ciphers Insufficient Transport Layer Protection
• TLS Security 6: Examples of TLS Vulnerabilities and Attacks