Security Information and Review

Collection of security information and review

Archive for the 'Web Application Security' Category

CubeCart SQL Injection Vulnerability

Author : Admin

The latest vulnerabilities has been reported in CubeCart. With this vulnerability, an attacker can exploit CubeCart to manipulate and inject SQL queries. This vulnerability is caused input validation error in “includes/content/viewProd.inc.php” when processing the productId parameter. This issue is not going to happen if input passed to the productId parameter is properly sanitized before being used in SQL queries. This vulnerability is reported by sangteamtham and it’s confirmed in version 4.3.6 and prior versions may also be affected. … continue reading : CubeCart SQL Injection Vulnerability.

20 November 2009 at 06:58 - Comments

Wordpress 2.8.5 XSS and File Upload Vulnerability

Author : Admin

The latest vulnerability was discovered on Wordpress v2.8.5 with XSS ( cross site scripting ) and file upload vulnerability. A security issue and vulnerability in Wordress, which can be exploited by an attacker with malicious code to conduct script insertion attacks and compromise a vulnerable system.

The first vulnerability issue is be caused by input passed not properly sanitized before being displayed to the user. … continue reading : Wordpress 2.8.5 XSS and File Upload Vulnerability.

15 November 2009 at 23:50 - Comments

Piwik and Open Flash Chart Vulnerability

Author : Admin

In the Piwik with the Open Flash Chart Module has been discovered a vulnerability which can be exploited by malicious people to compromise a vulnerable system. The vulnerability exists in Piwik’s implementation of “open-flash-chart”, a module which resides in the “./libs/open-flash-chart/php-ofc-library” directory.

Piwik is an open source web analytics software with open sources and GPL licensed. … continue reading : Piwik and Open Flash Chart Vulnerability.

21 October 2009 at 02:06 - Comments

Best Practices to Build Web Application More Secure

Author : Admin

In this discussion, we will learn best practices to build web application more secure, such as tips and tricks. In the previous discussion, we have learned how to protect web application files but overall protect web application in every sections. We will discuss a set of best practices that if practiced will result in better security for our web applications.

In our web applications, we often use authentication information to restricted access to our applications. The best practices for this situation is store authentication data way from the web document tree and make sure our application read authentication related files from outside the web document tree. … continue reading : Best Practices to Build Web Application More Secure.

10 October 2009 at 17:11 - Comments

Controlling Access Web Application with Web Based Basic Authentication

Author : Admin

If we want to restrict access to our web based application, we can use web based authentication. In this discussion, we will learn how to protect our web based application with web based basic authentication. It’s simple authentication that it’s very common use in the world in various web server.

We can use our web server’s basic authentication scheme quite easily with .htaccess file in our web directory. In this example, we will restrict access to directory in our web based application : http://www.widyani.com/basic_auth. We can create and edit .htaccess file in the %DocumentRoot%/basic_auth, … continue reading : Controlling Access Web Application with Web Based Basic Authentication.

10 October 2009 at 01:33 - Comments

How to Protect Web Application Files

Author : Admin

When we build web application, all files in our web application becomes available for everyone. So, an attacker will try to find any holes in our web application or attack our data. How to protect sensitive file in our web application ..? In this discussion, we will learn step by step to protect our sensitive files in our web application.

The first step to control access to our sensitive file from visitor our web application with web server configuration. It’s assumed that we are using Apache web server and PHP as server side scripting. … continue reading : How to Protect Web Application Files.

10 October 2009 at 00:10 - Comments

SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution

Author : Admin

SquirrelMail is one of the famous webmail package written in pure PHP and support standard e-mail protocol such as IMAP and SMTP protocols. In the SquirrelMain, all pages will render in pure HTML with no JavaScript Script enable required for maximum compatibility in all browsers.

 

In August 12, 2009, a vulnerability was reported at SquirrelMail which can be exploited by an attacker with Cross Site Request Forgery – CSRF technique. Find more information about this technique at Problem and Solution : Cross Site Request Forgery ( XSRF ). … continue reading : SquirrelMail Cross-Site Request Forgery CSRF Vunerability and Solution.

13 August 2009 at 03:48 - Comments

Guidelines Basic Security Policy of the Web Services

Author : Admin

If we want to build an enterprise web application services, we should not only focus on the features but the most important is to create the availability and security of the web application services. We also must focus to make good overall web services security. Many people focus only on the security mechanisms to make web application more secure. Security mechanisms are only valuable if they are part of an overall security fabric that provides the level of protection both desired and thought to be in place. It’s important that an enterprise’s security policy be comprehensive and thorough. So, It’s developing good policies more important that must provide for enterprise’s security strategy. … continue reading : Guidelines Basic Security Policy of the Web Services.

25 July 2009 at 23:51 - Comments

Security Challenges of the Web Application Service

Author : Admin

An enterprise web application service, we can configure and use a web application services in many ways. See detail at Introduction and Guide How to Build Web Application Service, find more about many ways that can be used to provide web application services. In this discussion, we must give more attention about security of web application services. Each of ways to build web application services has unique security challenges. Whatever way we take to build web application services. … continue reading : Security Challenges of the Web Application Service.

25 July 2009 at 14:39 - Comments

Hardening Web Application Security with SSL

Author : Admin

These days, internet or world wide web is a network for everyone, with thousands of businesses, large and small. When data travels from one point of the internet to another, it goes through a number of computers such as router, gateways and others network devices and interception is a possibility at one of these nodes. So, we need a security protocol that ensures secured transactions between the customer’s web browser and the web server. It’s called SSL / TLS protocol, provides endpoint authentication and communications confidentiality over the internet using cryptography and designed to prevent eavesdropping, tampering and message forgery. … continue reading : Hardening Web Application Security with SSL.

23 July 2009 at 11:39 - Comments