Practical Assignment 2
Introduction to Computer Security at NYU Paris
Hunting for Bugs in Web Applications
Despite the fact that today's web applications are indispensable in our daily lives, many different kinds of bugs, errors and weaknesses can exist in their programming.
In this practical assignment, you will audit a web application written specifically for this class and attempt to find and exploit four different types of bugs in order to gain control over the web application.
Here are just a few different types of bugs that occur in web applications:
- Cross-site scripting (XSS): a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
- Cross-site request forgery (XSRF): an attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. CSRF attacks specifically target state-changing requests, not theft of data, since the attacker has no way to see the response to the forged request. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing.
- Bad cryptography: a web application could use insufficient or outdated cryptographic constructions in order to protect user data. This can lead to passive attackers obtaining privileged information out of publicly available tokens.
- Flawed authentication logic: a web application could neglect to impose restrictions on its login pages, which could lead to forced authentication through anything from brute force to crafting invalid input values that force the application to authenticate the user.
- Injection: while XSS is a form of client-side injection, there also exist "server-side" injections that could permanently alter a web application's database, resulting in more severe consequences that could range from permanent database corruption to permanent alterations of key web application code or content.