1. Check the versions of OS, middlewares (web server, web application engine, database, framework, etc) used
- If we found that the version used is an EOL software/product, report to the client as soon as possible. It is imperative to let them know before they plan to release the website. Let them know that there is a risk that further vulnerablities for that version would not be patched. Suggest them to use newer version.
- Check if there is any known vulnerabilites with high severity level, and if the web application have that vulnerabilities. The client needs to patch if they insist to use the EOL software/product.
2. Check for generally known vulnerabilities, i.e.
- SQL injection
- Command injection
- XSS
- Open redirect
- URL rewriting of cookie sesion
- If the user IDs are subject to dictionary attacks / rainbow attacks
- If the login are subject to brute force attack (no account lockout, etc)
- If users can set a password that is easy to guess
- Cookie for Session ID is not secure
- No logout
- Credit card info was not handled properly
- Codes or information not deleted properly or shown when error occuredetc.
Things to consider:
- Even though the page shows an error when we tried to do some attack by manupulating parameters, sometimes error handling is not done correctly, i.e. manipulated data is in the session and is not cleared, or even written back to database, etc.)
No comments:
Post a Comment