background preloader

Security

Facebook Twitter

SecurityTube - Watch, Learn and Contribute Computer Security Videos. XSS (Cross Site Scripting) Prevention Cheat Sheet. Last revision (mm/dd/yy): 10/8/2018 This article provides a simple positive model for preventing XSS using output escaping/encoding properly. While there are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack. This article does not explore the technical or business impact of XSS.

Suffice it to say that it can lead to an attacker gaining the ability to do anything a victim can do through their browser. Both reflected and stored XSS can be addressed by performing the appropriate validation and escaping on the server-side. DOM Based XSS can be addressed with a special subset of rules described in the DOM based XSS Prevention Cheat Sheet. For a cheatsheet on the attack vectors related to XSS, please refer to the XSS Filter Evasion Cheat Sheet. Before reading this cheatsheet, it is important to have a fundamental understanding of Injection Theory. A Positive XSS Prevention Model Why Can't I Just HTML Entity Encode Untrusted Data? Transport Layer Protection Cheat Sheet. Last revision (mm/dd/yy): 09/29/2018 This cheat sheet provides a simple model to follow when implementing transport layer protection for an application. Although the concept of SSL is known to many, the actual details and security specific decisions of implementation are often poorly understood and frequently result in insecure deployments.

This article establishes clear rules which provide guidance on securely designing and configuring transport layer security for an application. This article is focused on the use of SSL/TLS between a web application and a web browser, but we also encourage the use of SSL/TLS or other network encryption technologies, such as VPN, on back end and other non-browser based connections. Architectural Decision An architectural decision must be made to determine the appropriate method to protect data when it is being transmitted. TLS is mainly a defence against man-in-the-middle attacks. Benefits Basic Requirements SSL vs. Cryptomodule Parts and Operation 1. 2.

SQL Injection Prevention Cheat Sheet. Last revision (mm/dd/yy): 02/6/2018 This article is focused on providing clear, simple, actionable guidance for preventing SQL Injection flaws in your applications. SQL Injection attacks are unfortunately very common, and this is due to two factors: the significant prevalence of SQL Injection vulnerabilities, and the attractiveness of the target (i.e., the database typically contains all the interesting/critical data for your application).

It’s somewhat shameful that there are so many successful SQL Injection attacks occurring, because it is EXTREMELY simple to avoid SQL Injection vulnerabilities in your code. SQL Injection flaws are introduced when software developers create dynamic database queries that include user supplied input. This article provides a set of simple techniques for preventing SQL Injection vulnerabilities by avoiding these two problems.

Primary Defenses: Additional Defenses: Unsafe Example SQL injection flaws typically look like this: Language specific recommendations: 1. Cryptographic Storage Cheat Sheet. Last revision (mm/dd/yy): 06/18/2018 This article provides a simple model to follow when implementing solutions to protect data at rest. Architectural Decision An architectural decision must be made to determine the appropriate method to protect data at rest. There are such wide varieties of products, methods and mechanisms for cryptographic storage. This cheat sheet will only focus on low-level guidelines for developers and architects who are implementing cryptographic solutions. The general practices and required minimum key length depending on the scenario listed below.

Key exchange: Diffie–Hellman key exchange with minimum 2048 bits Message Integrity: HMAC-SHA2 Message Hash: SHA2 256 bits Assymetric encryption: RSA 2048 bits Symmetric-key algorithm: AES 128 bits Password Hashing: Argon2, PBKDF2, Scrypt, Bcrypt. Secure Cryptographic Storage Design All protocols and algorithms for authentication and secure communication should be well vetted by the cryptographic community.

E.g. Cross-Site Request Forgery (CSRF) Prevention Cheat Sheet. Last revision (mm/dd/yy): 04/7/2014 Cross-Site Request Forgery (CSRF) is a type of attack that occurs when a malicious Web site, email, blog, instant message, or program causes a user’s Web browser to perform an unwanted action on a trusted site for which the user is currently authenticated. The impact of a successful cross-site request forgery attack is limited to the capabilities exposed by the vulnerable application. For example, this attack could result in a transfer of funds, changing a password, or purchasing an item in the user's context.

In effect, CSRF attacks are used by an attacker to make a target system perform a function (funds Transfer, form submission etc.) via the target's browser without knowledge of the target user, at least until the unauthorized function has been committed. Impacts of successful CSRF exploits vary greatly based on the role of the victim. Using a Secret Cookie Remember that all cookies, even the secret ones, will be submitted with every request. Authentication Cheat Sheet. Last revision (mm/dd/yy): 04/7/2014 Authentication is the process of verification that an individual or an entity is who it claims to be. Authentication is commonly performed by submitting a user name or ID and one or more items of private information that only a given user should know.

Session Management is a process by which a server maintains the state of an entity interacting with it. This is required for a server to remember how to react to subsequent requests throughout a transaction. Sessions are maintained on the server by a session identifier which can be passed back and forward between the client and server when transmitting and receiving requests. Sessions should be unique per user and computationally very difficult to predict. User IDs Make sure your usernames/userids are case insensitive. Implement Proper Password Strength Controls A key concern when using passwords for authentication is password strength.

Password Length Password Complexity Recommendation: Error Codes and URL's. Authentication Cheat Sheet. Last revision (mm/dd/yy): 04/7/2014 Authentication is the process of verification that an individual or an entity is who it claims to be. Authentication is commonly performed by submitting a user name or ID and one or more items of private information that only a given user should know. Session Management is a process by which a server maintains the state of an entity interacting with it. This is required for a server to remember how to react to subsequent requests throughout a transaction. Sessions are maintained on the server by a session identifier which can be passed back and forward between the client and server when transmitting and receiving requests. User IDs Make sure your usernames/userids are case insensitive. Implement Proper Password Strength Controls A key concern when using passwords for authentication is password strength.

Password Length Longer passwords provide a greater combination of characters and consequently make it more difficult for an attacker to guess. OAuth OpenId.