Free Online Courses for Software Developers - MrBool
× Please, log in to give us a feedback. Click here to login
×

You must be logged to download. Click here to login

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

×

MrBool is totally free and you can help us to help the Developers Community around the world

Yes, I'd like to help the MrBool and the Developers Community before download

No, I'd like to download without make the donation

How to take care with security loopholes in website development

This article will teach you many security loopholes which must be taken care of while building your website.

In this article we will discuss about:

  1. Problem in Client side validation
  2. Problem in posting data with GET Method
  3. Passing query parameter using URL
  4. Storing in cookie
  5. Best way of passing data in website

Suppose you made a web form like the below

Listing 1: Web form

<html>
<head>
<title>csanuragjain</title>
<script type="text/javascript">
function validate()
{
if(document.getElementById("myname").value==""){
       alert("Name can't be blank");
      return false;
}
location.href="http://www.mysite.com/success.php";
alert("Thanks to register");
}
</script>
</head>
<body>
<form  onsubmit="validate();">
Enter your username to enter this site:
<input type="text" value="" id="myname"/>
<input type="submit" value="submit" />
</form>
</body>
</html>

Here:

  1. We made a form which has a label to enter the name.A textfield to enter the name and a submit button to confirm.
  2. Now when we submit we call the validate method which check if the name is properly entered or not
  3. If name field is blank we display the error message to user.Otherwise if input is given then we redirect him to success page where the user name is written to database

Here all things work fine.But an attacker can save this page in his local machine and edit the webpage to following:

Listing 2: Web form

<html>
<head>
<title>csanuragjain</title>
</head>
<body>
<form  onsubmit=="http://www.mysite.com/success.php">
Enter your username to enter this site:
<input type="text" value="" id="myname"/>
<input type="submit" value="submit" />
</form>
</body>
</html>

Here , the attacker has removed the validate method so that the page gets accepted without showing any error and the database gets a corrupt value entry

This was a very small example with limited effect but this attack can be extended and can become really dangerous.

To protect websites against this we should make sure that all delicate validation are happening at server side also so that even after the html file has been changed the server validates and rejects and save database from corruption

Now we discuss the problem in posting with get method

When we post with get method then all the parameter are visible at the top url so that it become vulnerable to network attacks.

Listing 3: Wrong way

<form  method=”get” action=”http://www.somewhere.com”>
Enter your username:
<input type="text" value="" id="myname"/>
Enter your password:
<input type="password" value="" id="mypass"/>
<input type="submit" value="submit" />
</form>
 

To prevent from this problem always use Post method

Listing 4: Right way

<form  method=”post” action=”http://www.somewhere.com”>
Enter your username:
<input type="text" value="" id="myname"/>
Enter your password:
<input type="password" value="" id="mypass"/>
<input type="submit" value="submit" />
</form>
 

Now we discuss problem in passing query parameter in URL

Suppose I made a form and on being successful it is redirecting me to another url.The url structure is like: http://www.mysite.com/profile.php?id=5

Here the program is using the id parameter to determine which profile to show.It just finds the id and then search the database for that id

Now here the attacker may change the id manually in the url (for eg : http://www.mysite.com/profile.php?id=6) so that he is able to see profile of other people ie id =6.

To protect this problem always store these important information inside a session variable which is much more secure

Now we discuss the problem with cookies

You may use cookie to store general information but never use it to store critical information.Since there are many ways to watch and edit cookies

The best way to store information temporarily is by help of session variable.Whenever a user eneters your site with correct login and password then make a session variable.And now store all relevant information in this variable.

To make your session variable more secure make sure that you include a expire time so that your session variable gets expired after a certain interval of time.So that you can prevent your site from attacks like replay attack(atleast it cannot last for long)

This is all for todays article. Hope you liked it. See you next time



My main area of specialization is Java and J2EE. I have worked on many international projects like Recorders,Websites,Crawlers etc.Also i am an Oracle Certified java professional as well as DB2 certified

What did you think of this post?
Services
[Close]
To have full access to this post (or download the associated files) you must have MrBool Credits.

  See the prices for this post in Mr.Bool Credits System below:

Individually – in this case the price for this post is US$ 0,00 (Buy it now)
in this case you will buy only this video by paying the full price with no discount.

Package of 10 credits - in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download few videos. In this plan you will receive a discount of 50% in each video. Subscribe for this package!

Package of 50 credits – in this case the price for this post is US$ 0,00
This subscription is ideal if you want to download several videos. In this plan you will receive a discount of 83% in each video. Subscribe for this package!


> More info about MrBool Credits
[Close]
You must be logged to download.

Click here to login