AppSec Blog

Top 25 Series - Rank 4 - Cross Site Request Forgery

Cross Site Request Forgery (CWE-352) is one of the more common vulnerabilities in existent today. Although it is relatively common, not all instances of vulnerability provide sufficient incentive for an attacker to exploit the vulnerability. The vulnerability is based on the fact that the web application assumes any request by the user is a legitimate … Continue reading Top 25 Series - Rank 4 - Cross Site Request Forgery


Top 25 Series - Rank 3 - Classic Buffer Overflow

Classic buffer overflow (CWE-120) is a huge problem in programming, we have all seen the damage that can be done by buffer overflow. There were numerous worms that leveraged this vulnerability in the early 2000's. Starting from the Morris worm early on, extending to the Code Red and SQL Slammer, they are all proof that … Continue reading Top 25 Series - Rank 3 - Classic Buffer Overflow


Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail

It's my pleasure to post this guest blog from my colleague and fellow security professional, Khash Kiani, about an interesting design flaw in Yahoo! Mail. Intent The ultimate goal of this exercise was to reveal a few fundamental design flaws with the authentication mechanism of Yahoo! Mail, more specifically its password reset scheme. The exercise … Continue reading Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail


Top 25 Series - Rank 2 - SQL Injection

Item #2 in this year's Top 25 is CWE-89 [1]. It is officially called Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection'). There are many public examples that show the devastating impact that SQL Injection can have including the Mass SQL Injection attacks that began in 2008 [2,3,4] as well as … Continue reading Top 25 Series - Rank 2 - SQL Injection


Top 25 Series - Rank 10 - Missing Encryption of Sensitive Data

Entry #10 on the CWE/SANS Top 25 is CWE-311: Missing Encryption of Sensitive Data [1]. In a previous post [2] we discussed how we obtained command line access to the server. As a result, we could now conduct any number of malicious activities. But, our primary goal was to retrieve confidential customer information. Navigating around … Continue reading Top 25 Series - Rank 10 - Missing Encryption of Sensitive Data