Google
AspAlliance.com Web
AspAlliance
Register
Edit My Profile
Author List
Write for Us
About AspAlliance
Contact Us
Privacy Policy
Link To Us
Advertise

Subscribe
Free Newsletter
Newsletter Archive
RSS Syndication

.NET Tutorials
Learn .NET
Learn WCF
Learn WPF
Learn ASP.NET
Learn AJAX
Learn Silverlight
Learn Visual Studio
Learn ADO.NET
Learn LINQ
Learn C# (CSharp)
Learn VB.NET
Learn Web Services
Learn Controls
Learn BizTalk
Learn SharePoint
Learn Mobile
Learn SQL
Learn SQL Reporting
Learn Windows Forms
Learn XML
Learn Crystal Reports
Learn FarPoint
Learn DevExpress
Examples
ASP.NET 2.0 Examples

ASP Tutorials
Learn ASP
Learn VBScript
Learn JScript
Learn SQL
Learn XML

Software Resources
Shopping Cart Ecommerce
Charts and Dashboards

Other Resources
Learn Java
Learn Oracle
Opinion / Editorial
Crystal Reports Alliance
WPF Resources
AJAX Resources
Silverlight Resources

Free Tools
Cache Manager
SimpleCMS

Reviews
Book Reviews
Product Reviews
Expert Advice

Books
ASP.NET Developer's Cookbook
Sample Chapters
Book Reviews

Community
Regular Expressions

Print This Article Print  Add To Favorites Add To Favorites    Email This Article To A Friend Email To Friend  Rate This Article Rate This Article   
Securing ASP.NET Applications
page 2 of 5
by Gil Shabat
Feedback
Average Rating: 
Views (Total / Last 10 Days): 31089/ 68
Attacks Are Easier Than You Might Think

It might be surprising to many project & product managers that exploiting web applications does not necessarily require expert knowledge. Attacks are often perpetrated by hobbyists with very simple means. Here are two recent examples.

Attack I: SQL injection at Telegraph results in 700,000 emails stolen

The Attack - On March 6th, 2009, a hacker used blind SQL injection to penetrate to the web site of The Telegraph, a leading English daily paper. Based on reports, he or she was able to gain access to about 700,000 email addresses on the site’s database. Telegraph’s response can be found on their blog.

Some Background – SQL statements are generally used to retrieve, update and delete data against a web application’s database. This is normally done behind the scenes and the results are displayed to a user based on their authority level. This means that the data is protected and access is granted on a selective basis.

Attack Explanation - Many web applications provide some form of search capabilities where users can provide their own filtering on the data the application might display. For example, a filter to see only the records posted in 2009. If the application is not secure, a hacker can potentially exploit this functionality. Rather than supplying a value to filter upon, he might provide another SQL statement that is then injected in to the SQL statement that the application uses to retrieve data.

Attack Example – Let’s assume a user only has access to the records of his department and to filter through the records, he enters some criteria. He wants to see the latest records, so he enters 2009 in the year range.

The application might attempt to execute the following statement against the database: SELECT * FROM … WHERE … AND Year = 2009

A hacker on the other hand, might try to trick the application and enter the following into that same year range field: 2009 OR 1=1

The application, if not careful, might then execute the following statement against the database: SELECT * FROM … WHERE … AND Year = 2009 OR 1=1

This would potentially provide the user with access to all the records in the system, even the ones to which they shouldn’t.

Attack II: Authentication Security Holes at Sage

The Attack – Sage, a leading provider of accounting software in the UK, was about to launch Sage Live, a small business accounting product as SaaS (software as a service). However according to ZDnet, Sage Live went dead after serious security flaws were exposed in the product. The flaws were exposed by the founder of a tiny rival. Duane Jackson, CEO of UK-based KashFlow, described what she found on her blog: “A little bit of prodding around the site and I found myself looking at… pages that only authorized people should be seeing.”

Attack Explanation - Users navigate to and though web applications by going from one URL address to another, much like postal addresses point to residential homes and businesses. As a result, users can easily change the URL and its parameters that can potentially lead to pages and information that they wouldn’t ordinarily be allowed to view.
View Entire Article

User Comments

Title: Good Job   
Name: Swapon
Date: 2009-12-01 11:45:31 PM
Comment:
Really nice article.Well done.But it would be nice if you give the complete example with code.
Title: Good work   
Name: phani
Date: 2009-05-09 6:42:43 AM
Comment:
Hi,
Its really nice article but it would have been more effective if you have explained the measures to be taken elaboratively.
Title: Nice work!   
Name: Chama
Date: 2009-05-01 1:11:53 PM
Comment:
I love this article. Nice work dude!
Title: s   
Name: Ajay
Date: 2009-04-29 12:23:46 AM
Comment:
Excellent stuff!

Product Spotlight
Product Spotlight 





Community Advice: ASP | SQL | XML | Regular Expressions | Windows


©Copyright 1998-2024 ASPAlliance.com  |  Page Processed at 2024-04-24 3:17:13 AM  AspAlliance Recent Articles RSS Feed
About ASPAlliance | Newsgroups | Advertise | Authors | Email Lists | Feedback | Link To Us | Privacy | Search