July 2021 Summaries
14 posts from StackHawk
Filter
Month:
Year:
Post Summaries
Back to Blog
The article delves into the ongoing battle between cyber attackers and defenders, focusing on Cross-Site Request Forgery (CSRF) vulnerabilities. It explains how CSRF allows malicious websites to perform unauthorized actions on behalf of authenticated users of trusted websites, using a bank.com and freecatpicz.com scenario to illustrate the concept. The article provides a step-by-step guide on recreating this vulnerability using a simple PHP and Vue application, followed by the creation of a malicious app to exploit it. It then demonstrates how to mitigate the vulnerability by incorporating a CSRF protection library into the application, ensuring that only legitimate requests are processed. The author emphasizes the importance of understanding and implementing security measures in web applications to protect against such exploits, encouraging readers to stay informed about the latest security practices.
Jul 31, 2021
2,298 words in the original blog post.
Rust has gained a reputation for being a secure programming language, especially for applications that require high levels of security. However, even Rust applications can be vulnerable to SQL injections, a common attack where hackers input SQL commands through user input fields to manipulate databases. The article discusses how Rust applications, like those developed using other languages, can be susceptible to SQL injections if proper sanitization measures are not implemented. It highlights the importance of understanding SQL injection, where hackers exploit input fields to send commands to a database, leading to potential data breaches. The text offers solutions to mitigate these risks, such as using Rust crates like libinjection, SQLx, and Diesel, which provide mechanisms to protect against SQL injections by implementing object-relational mapping (ORM) or other protective measures. Additionally, the article emphasizes the continuous need for vigilance in application security, recommending regular code scanning and testing to prevent vulnerabilities, especially in collaborative environments where multiple developers contribute to a project.
Jul 30, 2021
1,316 words in the original blog post.
Cyberattacks are prevalent, and path traversal vulnerabilities pose a significant risk by allowing unauthorized access to sensitive files, such as the /etc/passwd file, by manipulating URLs. This vulnerability occurs in web applications, including those built with Ruby on Rails, when paths are not properly validated. Rails offers some protection against path traversal attacks by default, but vulnerabilities may still arise if developers use user input for path generation without validation or rely on outdated Rails versions or gems. To mitigate these risks, developers should use Rails-native methods for path handling, avoid using user input directly, run applications as non-root users, and keep Rails and its components updated. Security scanning tools like StackHawk can assist in maintaining a secure application environment by identifying vulnerabilities like path traversal. The post, authored by Dawid Ziolkowski, emphasizes the importance of proactive security measures and regular updates to protect against potential attacks.
Jul 27, 2021
1,325 words in the original blog post.
Modern web applications are increasingly susceptible to attacks, with open redirect vulnerabilities posing a significant risk. Such vulnerabilities occur when a hacker alters the destination URL of a redirect, potentially leading users to malicious sites or unauthorized areas of a website, such as admin panels. In Rails applications, this risk is heightened when user inputs are used in the redirect_to method without proper validation, leading to possible phishing attacks or unauthorized access. To mitigate these threats, developers should avoid using user input as redirect parameters or employ strategies like whitelisting allowed parameters and sanitizing input. Moreover, automated security testing tools like StackHawk can be integrated into CI/CD pipelines to detect and address these vulnerabilities efficiently. Despite being less popular among hackers today, open redirect vulnerabilities remain a viable attack vector, underscoring the importance of vigilant and proactive security measures in web development.
Jul 27, 2021
1,281 words in the original blog post.
Application security remains a critical concern for software engineers, with Rust not exempt from threats such as Cross-Site Scripting (XSS) vulnerabilities. XSS attacks exploit web applications to execute unintended actions, steal data, or cause disruptions, even in Rust applications, which are often perceived as secure. The blog post outlines how Rust applications can be susceptible to XSS, particularly when using HTML on the front end, and highlights the importance of implementing protection measures like X-Content-Type-Options, Permissions-Policy, and X-Frame-Options headers. Additionally, it suggests utilizing tools like Ammonia for HTML sanitization and Rast Armor for XSS filtering to enhance security. Although Rust has several built-in security features, developers are encouraged to remain vigilant and adopt a security-focused mindset, as new threats continue to emerge. The author, Taurai Mutimutema, emphasizes the need for continual security awareness and adaptation in the face of evolving programming challenges.
Jul 26, 2021
1,391 words in the original blog post.
Cross-Site Request Forgery (CSRF) is a common and easily executed attack method used in phishing and social engineering, where a user's browser unknowingly submits a request to a vulnerable site, which could range from transferring funds to liking a social media post. While CORS can prevent certain malicious scripts, it does not stop the submission of HTML forms, though the rise of Single-Page Web Apps using APIs has reduced the risk of CSRF. To protect FastAPI applications from CSRF attacks, the FastAPI CSRF Protect library offers a flexible solution inspired by `flask-wtf` and `fast-api-jwt-auth`, using expiring signed tokens transmitted via cookies or headers. The guide details the implementation steps, such as setting up the library, creating a CSRF token endpoint, and ensuring validation in request handlers, while also highlighting the need for diligence in securing endpoints due to the reliance on dependency injection. Written by Tim Armstrong, a seasoned engineer and technical writer, the post emphasizes the importance of thorough peer reviews in maintaining secure FastAPI applications.
Jul 22, 2021
991 words in the original blog post.
FastAPI, an ASGI framework in Python, offers an efficient way to set up Cross-Origin Resource Sharing (CORS) using Starlette's CORS middleware. This tutorial delves into implementing CORS in FastAPI, highlighting its combination of features from Flask, Django-Rest-Framework, Pydantic, and Starlette, which makes it appealing even without using Python's Async capabilities. CORS is a protocol that allows scripts from one domain to access resources on another, achieved through a preflight exchange of headers. The guide critiques the limitations of using regex-based reverse proxies for CORS, suggesting that code-based solutions like FastAPI's middleware offer greater flexibility and security. By default, FastAPI's CORS middleware supports a static list of origins and origin regex, though it can be extended to dynamically manage origins using a database. Implementing CORS in FastAPI is straightforward and can be customized for enhanced flexibility, although users need to be cautious about setting fail-safe options to prevent unintended access. The discussion also touches on performance considerations when using databases for dynamic CORS origin checks and suggests alternatives like in-memory databases to optimize response times.
Jul 21, 2021
1,434 words in the original blog post.
Web security is fundamentally built on trust, and safeguarding websites from vulnerabilities such as cross-site scripting (XSS) attacks is crucial to maintaining this trust. XSS vulnerabilities occur when malicious scripts are injected into trusted websites, exploiting the browser's trust to access sensitive user data like cookies and local storage. The document explores an example of an XSS vulnerability in a Vue application, demonstrating how attackers can exploit HTML parsing to inject harmful scripts. To mitigate such vulnerabilities, it suggests disabling HTML parsing, using an HTML sanitizer like the sanitize-html package, or implementing a Content Security Policy (CSP) as potential solutions. These measures aim to protect applications while ensuring that users can safely engage with user-generated content on the web. The text underscores the importance of proactive security measures to stay ahead of potential attacks and safeguard user data, emphasizing the role of tools like StackHawk in enhancing web security.
Jul 20, 2021
2,929 words in the original blog post.
The blog post explores the open redirect vulnerability, a security flaw where websites allow user-generated content as URL redirect parameters without validation, potentially leading users to malicious sites. It illustrates this vulnerability using a hypothetical scenario involving a fake MyBank website setup with Laravel, demonstrating how attackers can exploit such vulnerabilities for phishing attacks. The post further outlines methods to mitigate these risks, including fixed redirects, whitelisted redirects, and domain-based redirects, to ensure that users are directed only to safe, validated URLs. It emphasizes the importance of understanding and addressing open redirect vulnerabilities to protect users and maintain secure web environments. The article was authored by John Pereira, a seasoned technology expert with extensive experience in web application development.
Jul 17, 2021
2,374 words in the original blog post.
Path traversal attacks are a significant security concern for Laravel-based websites, allowing unauthorized users to access internal files by exploiting unsanitized user inputs. These attacks occur when a web server processes user-provided information as file paths without proper validation, potentially exposing sensitive files such as configuration data and SSL certificates. Laravel's directory structure, which isolates public files from other directories, provides some protection, but issues arise when files stored outside the public directory need to be delivered to users. To prevent such vulnerabilities, developers can use PHP functions like `basename()` and `realpath()` to sanitize file paths, ensuring that only authorized files within specified directories are accessible. Additionally, alternative approaches like hardcoding file names and using database mappings for user-generated content can further enhance security. The article, authored by Lukas Rosenstock, emphasizes the importance of addressing path traversal attacks alongside other vulnerabilities like XSS, SQL injection, and CSRF to maintain robust web application security.
Jul 16, 2021
1,569 words in the original blog post.
The grpc-java project offers GrpcCleanupRule for cleaning up Grpc Service resources in JUnit 4 tests, but it is incompatible with JUnit 5, which utilizes extensions instead of the @Rule classes used in JUnit 4. Despite the GRPC team's recommendation to continue using JUnit 4, StackHawk has developed a JUnit 5 extension named GrpcCleanupExtension to automatically manage resource cleanup and prevent test pollution. This extension, which mirrors the functionality of GrpcCleanupRule, tracks and shuts down server and channel resources after each test execution via the afterEach function. By implementing this extension, StackHawk ensures that resources are properly terminated, thereby maintaining test reliability and cleanliness.
Jul 11, 2021
595 words in the original blog post.
JPA Specifications streamline the process of creating dynamic queries by leveraging JPA Models for Entity classes, simplifying the use of Criteria and Paths to avoid manually crafting numerous findBy JPA methods. This guide offers a brief overview of integrating Kotlin with JPA Specifications, focusing on the use of annotation processors to generate Entity metadata as Java source files. By incorporating the `kotlin-kapt` plugin and `jpamodelgen` library, developers can automatically generate these metadata files, which are essential for using Specifications. The article provides an example of an Entity class and its corresponding Java metadata, while demonstrating how to utilize JPA Specifications in a DAO context by wrapping columns in functions that build Specifications with CriteriaBuilder. It also highlights the importance of configuring a repository to subclass `JpaSpecificationExecutor` to access auto-generated JPA Repository methods. Lastly, it touches on enabling SQL logging for verification purposes, emphasizing the practicality of JPA Specifications for dynamic query building without delving into exhaustive details.
Jul 08, 2021
579 words in the original blog post.
In a bid to enhance the tracking of API requests beyond the capabilities of raw HTTP logs, a custom annotation, @Auditable, was developed for Kotlin-based SpringBoot applications. This annotation integrates with the HTTP request lifecycle via an Interceptor, allowing specific controller methods to be tagged for auditing. The implementation automatically records URL parameters and path values, while also supporting the addition of arbitrary data to the audit record. The process involves defining the annotation and its types, populating an AuditPayload object with request parameters, and using a custom AuditSendService to persist the audit data. This approach streamlines the audit process by efficiently capturing and processing audit information within the request lifecycle, ultimately enabling greater flexibility and insight into API interactions.
Jul 07, 2021
1,344 words in the original blog post.
StackHawk's application scanner, HawkScan, uses Kotlin and the Ktor framework to test various web authentication types, including cookie-based authentication, which involves manipulating HTTP headers to set and retrieve authentication cookies. The testing process for external cookie authentication involves making an initial request to an application, following a redirect to an external host, and retrieving the authentication cookie from the Set-cookie header provided by the external application. To facilitate this, StackHawk employs helper functions such as `startTestWebApp` to start embedded servers and `stopTestWebApps` to clean them up between tests, ensuring that the tests use actual servers rather than mocks for integration testing. These functions, defined in a shared utility file, allow the creation of GET requests with specified response bodies, headers, and status codes, enabling effective verification of the authentication process. The Ktor framework's flexibility and StackHawk's custom utilities streamline the process of writing, reading, and maintaining these authentication tests.
Jul 06, 2021
1,124 words in the original blog post.