TRY_HACK_ME : WEB APPLICATION SECURITY

INTRODUCTION:

Web security is like the online bodyguard for your digital activities. When you use web applications such as online shopping or email, they run on remote servers, which are like powerful computers. These servers store crucial information in databases, and if a hacker manages to sneak in, it could lead to data theft or other cyber threats. To prevent such risks, web developers employ protective measures, like validating inputs and using robust coding techniques, acting as a shield against unauthorised access. Essentially, web security ensures a safe and trustworthy online experience, making sure your personal information remains confidential and your digital world stays protected.

Developers continually update and strengthen these security measures to stay one step ahead of potential threats. It's like having a vigilant guardian for your digital space, always on the lookout to maintain the integrity and privacy of your online interactions.

Web Application Security Vulnerabilities and Mitigation Strategies:

Identification and Authentication Failures indicate weaknesses in confirming user identity and preventing unauthorized access. Examples include susceptibility to brute force attacks, allowing automated tools to guess passwords, the potential for weak password choices, and storing passwords in plain text, which can be compromised if an attacker gains access to the file containing them.

Broken Access Control is another area of concern, highlighting flaws in managing user privileges and permissions. Failing to enforce the principle of least privilege can result in users having more access than necessary. Issues like viewing or modifying another user's account and accessing authenticated pages without proper login credentials pose additional threats to data security.

Injection vulnerabilities signify weaknesses in input validation and sanitisation, allowing users to insert malicious code. This could lead to attacks like SQL injection, where unauthorised code is injected into a query, potentially compromising the database.

Cryptographic Failures encompass issues related to encryption and decryption processes. Sending sensitive data in clear text, relying on weak cryptographic algorithms, and using default or weak keys for cryptographic functions expose data to interception and compromise. For instance, transmitting data over HTTP instead of the secure HTTPS protocol allows potential eavesdropping.

In summary, these vulnerabilities collectively highlight the importance of robust security measures, including proper authentication, access control, input validation, and encryption practices, to safeguard web applications and the sensitive data they handle. Addressing these issues is crucial for ensuring a secure online environment and protecting against potential cyber threats.

Example of web application security:

In investigating a website vulnerable to Insecure Direct Object References (IDOR), the focus is on broken access control, where attackers can gain unauthorized access to information or perform actions not intended for them. This vulnerability often occurs when a web application overly trusts user-supplied input to retrieve objects, such as files or user data, identified through sequential numbering. For instance, manipulating the ID parameter in URLs may reveal sensitive information, as demonstrated in the example of a product page (e.g., https://store.tryhackme.thm/products/product?id=52), where an attacker could attempt to enumerate other product IDs.

The exploitation process involves systematically attempting sequential ID enumeration to discover objects not meant to be accessible. This technique is applied to various URLs, including those containing sensitive data such as user details. Detecting anomalies in the system's response, particularly when unauthorized access is granted, signifies the presence of an IDOR vulnerability. The real-world impact of such vulnerabilities can be demonstrated by examining an Inventory Management System, as seen in the provided scenario where an attacker has manipulated planned shipments, potentially causing chaos in the system.

To mitigate the IDOR vulnerability, it is essential to understand its implications and take corrective actions. In this context, clicking on "View Site" and exploring different tabs, like "Planned Shipments," reveals the attacker's manipulations. Reversing the sabotage and rectifying the incorrect assignments, such as tires to assembly lines, showcases the practical steps needed to undo the damage. Additionally, reporting the vulnerability and implementing measures like improved access control validation are crucial to prevent similar exploits and enhance the overall security of the web application.