It is already well-known to all of us that the app’s employ the logic for delivering their functionality. If we take a closer look, we can easily realize that the writing code which appears in programming language involves at its root nothing more than just a breaking complex process into simple and discrete logical steps. Although, we may admit that it requires plenty of skills and discretion. Well, this topic is going to be about the situation where a large number of designers or programmers (or even together) work in the parallel on the same app. Here is where the simple opportunity for the mistakes may occur.
We already learned that the users expect that the most vulnerabilities occur on with the SQL injection. But, the flaws in the app’s logic are harder to characterize. For an example, the each instance may appear to be a unique one-off occurrence. Of course, in that case, it is not identified by any automated vulnerability scanners. So, what is the result of that? As you can predict, they generally aren’t as well appreciated or even understood. So, therefore, they became the great interest of the attacker.
The Nature of Logic Flaws
Let’s start with the information that the logic flaws in the web applications are extremely varied. They can literally range from a single bug which is manifested in a handful of lines or a code. It complexes the vulnerabilities which are arising from the interoperation of several core components of the app. Sometimes, they are easy and obvious to detect, but most of the times they aren’t. The problem is that the no common signature is associated with the logic flaws.
We say that if you want to learn about the logic flaws, you should turn to the real life and practice. Theorizing won’t teach you all. So, what do we got here? The best way you will learn this is to by becoming acquainted with some actual examples. Let’s start with the first example, and it is called-”Asking the Oracle”. There were the authors who found the instances of the encryption oracle flaw within many other different types of apps. Of course, they’ve used it in the numerous attacks. All you need is the functionality for the start. You know the ”remember me” option? Never use that option. Think it is not a big deal? I would recommend you to learn more about the internet security tips.
The second thing is the assumption. The developers researched which kind of a cookie attracted fewer attackers, and in that case they decided that the ScreenName cookie is safer than the RememberMe cookie, we talked about. There are a lot more examples, but most of them the same. If you learn enough about the cyber security tips you wouldn’t need to bother yourself with all of the examples that may sometimes happen to you.
Finding Dynamic Execution Vulnerabilities
They most commonly arise in the languages (such as PHP or Perl). But not to forget this, any type of the application platform may pass a user-supplied input to a script-based interpreter, and sometimes even on a different back-end server.
Preventing OS Command Injection
What is the best way to prevent the OS command injection flaws? It is definitely the avoiding of calling out the directions to operating system commands. It might be tricky to understand because virtually any conceivable task that a web app might need to carry out can be achieved using the built-in APIs which can’t be manipulated to perform commands other than the one which is already intended.
Manipulating File Paths
There is a lot of different types of the functionality which is commonly found in the web applications that involve processing user-supplied input as a file or directory name. Most of the times, the input is passed to an API which accepts a file path. It is like in the retrieval of a file coming from the local filesystem. Then, the app processes the results of the API call within its response to the user’s request. Let’s say a user-supplied input is improperly validated, and in that case, its behavior might lead to various security vulnerabilities. Furthermore, the most common of those is which’s file path traversal bugs and file inclusion bugs.
The Attack
How does the SQL injection defense works? It works by doubling any quotation marks which are appearing within the user input. In that case, within the each pair of quotes, the first quote actually acts as an escape character to the second one. But, the developers didn’t consider what might happen to the sanitized input, if it was then handed to the truncation function.
Avoiding Logic Flaws
We will now take a closer look at this problem. I don’t like the word problem so I will call it a challenge. So, let me introduce you to our next knowledge and practice challenge. It is easy to predict that there are no unique signatures by which logic flaws in the web applications can be simply identified. Also, there isn’t any silver bullet that will protect you from all the vulnerabilities that lay just around the corner. Although, I might admit that there is a range of great practices which can be applied for the significant reducement of the risk and the protection of the logical flaws which may occur. You don’t want that right? So, get your concentration and start reading.
1. Always ensure that the every single aspect of the app’s design is clearly documented in a sufficient detail for an outsider to understand every assumption that the designer made. Those should be also explicitly recorded within the design documentation.
2. You need to mandate that the all of the source codes are clearly commented to include the information we will provide you now:
-it has to contain the purpose and the intended users of the each code component,
-never skip the assumptions which are made by the each component about anything that is outside of its direct control,
-you need to collect the references to all the client’s code which uses the component we mentioned.
3. Always be sure that you reflect on every assumption which is made within the design. You should do it during the security-focused reviews of the app’s design.
4. Think literally about two key areas. Those are-the ways in which the application will handle the unexpected user behavior, and of course the potential side-effects which will occur after that. They may also happen between the different code components and the different application functions, so stay aware.
We’ve learned a bit, don’t you agree? We fulfilled our previous chapter with this knowledge for our better understanding how can the vulnerabilities work to the simple details. I hope you’ve enjoyed this ”lesson”. And also, I hope that you will learn this and implement it in your daily tech’s life. It is really needed. So, we saw that the attacking the app’s logic involves a mixture of the systematic probing and lateral thinking. That might be our conclusion. But don’t forget, the most important challenge when probing for the logic flaws is always to try to get into the developer’s mind. You know how they say:”Keep your friends close, and your enemies closer!”