XSS, CSRF and Sql Injection - Bug Reaper

Bug Reaper

Lean about Automation Testing,Selenium WebDriver,RestAssured,Appium,Jenkins,JAVA,API Automation,TestNG,Maven, Rest API, SOAP API,Linux,Maven,Security Testing,Interview Questions

Sunday, 19 April 2020

Home Security Testing XSS, CSRF and Sql Injection

XSS, CSRF and Sql Injection



The major cause XSScross-site scripting is invalid data.

Invalid data got to come from the user.

User types the invalid data with the intention to hack the system or the invalid data can come from the database

So in this case the user types the invalid data and that data is stored into the system and the same data is retrieved and shown to the user

Type of cross-site- scrpting 
1.)Stored 
2.)Reflected 
3.)Dom --> This happens when we take javascript from the user and try to process data inside the javascript

Possible Abuses from XSS 
1.) Stealing Session Cookies 
2.) Page Content Rewrite (as we have access to Javascript, we can rewrite the content on the pages )
3.) Logging Keystrokes (as you can use javascript, you can steal user id or passwords )

Possible ways to solve XSS 
1.) Validate the untrusted dat.
2.) encode all the data even < to &lt
3.) content security policy
4.) xss prevention cheat sheet

Cross Site Request Forgery (CSRF) 
Generally  when you are browsing the site session is stored in the cookie
There's a possibility that this session can be used , to fire unauthorised uRL

How to prevent this 
1.) Introduce unpredictable unique token in every request ,typically in hidden form field.
2.) Reauthenticate the user when performing the significant actions like if there is huge bank transaction is going on, ask him to again authenticate
3.) OWASP CSRF Guard
4.) Spring Security

SQL injection 

How To prevent?

a.) Always have parametrized database queries
b.) Always validate the data input by the user

c.) Have safe list of characters and allow only those characters

Example

Bad Sql Query

string sql = "select count(UserID) from user_login where UserID='" + txtUSerID.Text + "' and pwd='" + txtPwd.Text + "'";  

 Good SQL Parameterized Query
string sql = "select count(UserID) from user_login where UserID=@UserID and pwd=@pwd";
As you have seen parameterized didn’t execute the SQL Script but why?

 Reason: The reason behind this the parameterized query would not be vulnerable and would instead look for a user id or password which literally matched the entire string.

In other words ‘The SQL engine checks each parameter to ensure that it is correct for its column and are treated literally, and not as part of the SQL to be executed’.

 Conclusion: Always use parameterized query and input validations on client and server both side


Tags
Author Image

About N B
A Passionate enthusiastic ,self motivated software tester who loves and Enjoy testing Web and mobile applications,games.

My Quest in life is to dive into deep ocean of Testing.

I am ISQTB and HIPPA Certified Passionate software tester with hands on and extensive experience in testing Web Applications, Mobile Applications, Games

Tools: Selenium WebDriver, Appium, Jenkins, TestNG, JIRA, Maven, Junit, Accnetix (For Security Testing), SOAP UI (For API Testing), Jmeter (For Load Testing) , BurpSuite(For Security Testing), Test Link, Mantis

Posted by at
Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)