Posted on

Identifying, Exploiting, and Preventing Host Header Attacks on Web Servers

Summary

A typical web application uses HyperText Transfer Protocol (HTTP) for communication purposes. There are various attributes in HTTP, termed as Headers (for both Request and Response), that have their significance, and all the attributes in HTTP Headers should be configured securely for communication purposes. Often most of the attributes in HTTP Headers are misconfigured in web servers which makes the entire HTTP communication vulnerable to various cyber-attacks. 

HTTP Host headers are among one of the HTTP Header attributes that are misconfigured often and it can cause potential threat which is termed as Host Header Injection. In this literature, the author has shown how to exploit HTTP Host Header, where web servers are misconfigured in such a way that web servers respond to malicious HTTP requests without identifying the origin from which HTTP(S) Request(s) (Host Header) is made. In this literature, the author has also shown how to check incoming traffic on web servers w.r.t the origin or HTTP Host Headers and rejecting the same in case request is not coming from whitelisted origin.

Posted on

Securing Web Applications and APIs With Confidence [Webinar Sign-up]

The number of web applications and APIs exposed to the internet are growing exponentially. Unsecure web applications and APIs are low-hanging fruit that attackers are targeting to steal sensitive data. In a recent report “State of the Web Security for H1 2020,” CDNetworks highlighted that, in particular, web application attacks rose by 800%.

Legacy WAFs can no longer provide comprehensive coverage for cloud native architectures since attackers are looking to exploit unsecured APIs, Bad Bots, and more. Security, operations, and infrastructure teams require a holistic solution with comprehensive protection across the full application lifecycle.

Posted on

Web Application Security Driven by WAF is Favoring Organizations

Web application security through WAF is a great way to protect a company's web applications from hacking attempts. It provides comprehensive security for the server's web applications, allowing the company to protect the data stored in back-end databases. While a WAF cannot provide the same level of protection as a dedicated firewall, it can prevent data leakage in a secure manner.

First-Generation WAF

Although first-generation WAFs scanned web traffic without detecting malicious content, these models did not offer the highest level of security. They weren't flexible enough to handle constant software updates, and a stateless WAF could not prevent attackers from devising new attack behaviors. Additionally, they were too expensive, offered false positives, and required dedicated IT expertise to maintain.

Posted on

10 Node.js Security Practices

Web application security is rapidly becoming a major concern for companies as security breaches are becoming expensive by the day. The Open Web Application Security Project (OWASP) is a non-profit organization dedicated to web security. OWASP has put together a regularly updated list of the top ten web application security risks.

In the course of this article, we will examine the ten secure practices in Node.js which are in line with the OWASP top 10 web application security risks.

Posted on

JavaScript and Node.js Security: The Common Pitfalls [Video]

JavaScript and Node.js have shown themselves to be amazing platforms. Their sheer ease of use has empowered an entire community of creative individuals to build amazing things. As in all cases, however, amongst the goodness lurk some risks. Nobody’s perfect, including Node.js and JavaScript, and a language’s strength can quickly translate to its vulnerability if looked through an evil (or paranoid) lens.

We created a cheat sheet on 10 npm Security Best Practices that we encourage you to follow where you will find npm security and productivity tips for both open source maintainers and developers. 

Posted on

So You Think You’re Just Gonna npm install? Think Again

We embraced the birth of package lockfiles with open arms, which introduced deterministic installations across different environments and enforced dependency expectations across team collaboration.

Life is good! Or so I thought… what would have happened had I slipped some changes into the project’s package.json file but had forgotten to commit the lockfile along side of it?

Posted on

Getting Webhooks Behind That Firewall of Yours

In this post, I'll show you how to receive webhooks in real time from GitHub.com, even if your CloudBees Core stuff is behind a firewall. You can generalize this to other services too — such as BitBucket or DockerHub, or anything really that emits webhooks, but the instructions will be for GitHub projects hosted on github.com. The benefit, of course, is that you can use these public hosted services if you like, but your Core instances do not necessarily have to be directly open to the internet.

What Are Webhooks?

Just a very quick refresher on what webhooks are: Messages (often JSON, but not always) typically posted by HTTP(S) from a server to a client that is listening for events.

Posted on

Objective C vs. C/C++: Getting the Message

Most of the time, working in cybersecurity, when we're reverse engineering an application we're working either with C or C++. Both of these languages use function semantics for method or function calls. Objective C is different — instead of using function semantics, where you use a 'call' instruction to pass program execution and state to a specific section of memory, Objective C uses message passing semantics. Let's explore exactly what that is, and how it differs from function semantics. We'll start by outlining exactly what function semantics are and how they work. To do that, we'll need to outline use of the call instruction and name mangling in C++.

C code is pretty straightforward to analyze. A function call in C will look something like this:

Posted on

How to Integrate React Application Using Firebase

The world of serverless is growing and when talking about the term serverless, Firebase is a name that comes to the mind of many developers and enterprises. But what is Firebase? We'll discuss what Firebase is, how to authenticate with it, and how to use it in your next React project. Excited? Let’s begin.

Firebase is a Google cloud service that provides backend services for mobile and web applications. It is a widely used option for developers for backend-as-a-service. It has a real-time database service so all the records are instantly updated whenever there are changes in the database.

Posted on

Using Session Puzzling to Bypass Two-Factor Authentication

Sessions are an essential part of most modern web applications. This is why session-related vulnerabilities often have a sizable impact on the overall security of a web application. They frequently allow the impersonation of other users and can have other dangerous side effects.

What Are Session Variables?

For those not familiar with session variables, they are server-side variables whose value is tied to the current session. This means that if a user visits the website, you could store their username in the session variable as they log in and it will be available until the session expires or the user logs out. If another user logs in, that triggers a new session and the session variable will return a different username for that particular user.