AppSec Blog

Top 25 Series - Rank 7 - Path Traversal

In October 2001, the DShield.org site was just about a year old, I was alerted to a flood of reports hitting the site. Looking at the reports in more detail, I found out that most of them are due to blocked ICMP packets being reported to the site. Further investigation revealed that the reports where … Continue reading Top 25 Series - Rank 7 - Path Traversal


Top 25 Series - Rank 6 - Reliance on Untrusted Inputs in a Security Decision

During a code review I came across code that looked like this: // for testing only String testId = request.getParameter("secretId"); if (testId != null && !testId.equals("")) id = testId; else id = codeToLookupTheRealId(); This code allows a malicious user to perform an access control bypass attack by simply supplying the "secretId" parameter in the request. … Continue reading Top 25 Series - Rank 6 - Reliance on Untrusted Inputs in a Security Decision


Top 25 Series - Rank 5 - Improper Access Control (Authorization)

Foursquare is a mobile app that lets you "check in" to a location and tell your friends about it. If you check in someplace often enough you can, among other things, become the "mayor" of that location. If you're the mayor you can even sometimes win free food [1]. Normally, people are supposed to actually … Continue reading Top 25 Series - Rank 5 - Improper Access Control (Authorization)


Top 25 Series - Rank 4 - Cross Site Request Forgery

Cross Site Request Forgery (CWE-352) is one of the more common vulnerabilities in existent today. Although it is relatively common, not all instances of vulnerability provide sufficient incentive for an attacker to exploit the vulnerability. The vulnerability is based on the fact that the web application assumes any request by the user is a legitimate … Continue reading Top 25 Series - Rank 4 - Cross Site Request Forgery


Top 25 Series - Rank 3 - Classic Buffer Overflow

Classic buffer overflow (CWE-120) is a huge problem in programming, we have all seen the damage that can be done by buffer overflow. There were numerous worms that leveraged this vulnerability in the early 2000's. Starting from the Morris worm early on, extending to the Code Red and SQL Slammer, they are all proof that … Continue reading Top 25 Series - Rank 3 - Classic Buffer Overflow