AppSec Blog

Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail

It's my pleasure to post this guest blog from my colleague and fellow security professional, Khash Kiani, about an interesting design flaw in Yahoo! Mail. Intent The ultimate goal of this exercise was to reveal a few fundamental design flaws with the authentication mechanism of Yahoo! Mail, more specifically its password reset scheme. The exercise … Continue reading Following a Trail of Breadcrumbs - A Design Flaw in Yahoo! Mail


Top 25 Series - Rank 2 - SQL Injection

Item #2 in this year's Top 25 is CWE-89 [1]. It is officially called Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection'). There are many public examples that show the devastating impact that SQL Injection can have including the Mass SQL Injection attacks that began in 2008 [2,3,4] as well as … Continue reading Top 25 Series - Rank 2 - SQL Injection


Top 25 Series - Rank 10 - Missing Encryption of Sensitive Data

Entry #10 on the CWE/SANS Top 25 is CWE-311: Missing Encryption of Sensitive Data [1]. In a previous post [2] we discussed how we obtained command line access to the server. As a result, we could now conduct any number of malicious activities. But, our primary goal was to retrieve confidential customer information. Navigating around … Continue reading Top 25 Series - Rank 10 - Missing Encryption of Sensitive Data


Top 25 Series - Rank 8 - Unrestricted Upload of Dangerous File Type

File uploads are a hard problem, and it is no surprise that they made it into the top 25 list. We covered some of the tactical issues in allowing file uploads in an earlier blog. This blog discusses how to use the SDL to your advantage to avoid some of the risks. Continue reading Top 25 Series - Rank 8 - Unrestricted Upload of Dangerous File Type


Top 25 Series - Rank 9 - OS Command Injection

Entry #9 on the new CWE/SANS Top 25 is about OS Command Injection [1]. It's officially called Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection'), but I prefer to keep the title short when describing it. In a previous post [2] we had just gained access to the application by … Continue reading Top 25 Series - Rank 9 - OS Command Injection