Resources

Account Harvesting

>Basics

• The ability to discern valid userIDs
• We can do this by observing how the server responds to valid versus invalid authentication (kind of a side channel analysis)

>Defence

<aside> 👉 Preparation

</aside>

• All authentication error messages must be consistent and must not give too much information about the problem
• userIDs must be tracked for a given number of bad logins and then locked out temporarily.
• Slowing down authentication and verification response to prevent side channel attacks

<aside> 👉 Identification

</aside>

• Frequent login attempts with no activity, after a successful login

OS Command Injection

>What is it?

• Programmers are given unrealistic deadlines, so they end up using existing code and libraries from the Internet instead of writing it from scratch and this is how vulnerabilities pop up! 😢
• Some web applications take input from a user, and may process that input by involving a shell to run a program to handle the input.
• In this type of attack, an attacker sends OS commands through some sort of user input present in the application.

>Understanding how it can take place

• We have a web-app where we're going to create a mailbox for a user.