There are couple of things regarding Risks in Web-Based Applications that you should know, let’s talk about them.
When crossing the street, we look at both sides to prevent ourselves from being hit by a car,
but, if someone never actually got hurt on the road, why does he keeps on looking both sides?
That’s because that same someone was aware of the Risks, the things that could actually happen to us if we won’t be cautious, remember – risk, is firstly a threat, and it becomes a risk only when there’s a way to actualize it.
When talking about web application related risks the most famous list is the OWASP Top 10,
but, let’s try and focus on the actual and most relevant three of them and how they can be carried out:
- SQL injection – probably the most exploitable of them all, a technique that is considered very common, SQL injection is a code injection technique in which the so-called “hacker” (our typical horror-film villain) inserts harmful SQL statements inside fields that require a certain input from the user, this way, he basically levels his way to the database due to a code not written securely by the developer\programmer.
- Remote Code Execution (RCE) – also called Arbitrary Code Execution (or ACE). when surfing the web we can be exposed to many websites that offer us files that we can easily download to our personal local drive, but, just because it’s easily accessible doesn’t mean it’s good for us. This types of attacks are carried out when a user (the Target) accidentally download a harmful software written by the attacker which, later on, enables him to perform certain action remotely from his own system, he can steal information from the target, delete files from the target’s system and even carry out other attacks using the target’s system and address.
- The XML External Entity Injection (XXE) – most web applications use the XML format to transfer data between the server and the browser, the attacker need to alter and modify the submitted XML presented for the injection to be successful. this type of injection can allow the attacker to disrupt application’s processing of XML related data, it allows the attacker to gain access to files and codes placed on the server or inside the database, it even grants him access to make changes in the part that’s “behind the scenes” and responsible for everything.
As we can see, web applications although very profitable can be a very risky business, we can see that the main factor causing these risks and threats is the human factor, making mistakes is in our nature, that’s why it’s important to write and develop the app securely right from the start, as always i recommend going to the Pros.
For example, our platform Kayran scan and prevent
those risks by discovering possible vulnerabilities
right from the beginning of the development of the network application.
So stay safe out there, and always,
Look both sides.