Wednesday, October 28, 2009

Lab 5 : Web Application Security

1.Discuss the differences between GET and POST method in submitting variable in web application. Which method is vulnerable to attack? ·

Post - method can use for sending large amount of data.
There is no limitation on the number of Variables passed from the form.
This is a transparent way of transmitting variables to the webserver where hidden variable are always hidden ·

Get - method can use small scale of data.

2. List 2 configuration that can be made to the configuration file of an apache web server so that it become more secure

- Permission on server directory

3 List 3 configuration setting than can be made to PHP so that it become more secure ·

- Disable register globals and use E_STRICT to find uninitialized variables. ·
- Ensure that all file and streams functions (stream_*) are carefully vetted ·
- Disable allow_url_fopen and allow_url_include in php.ini

4. List 3 prevention measure that can be taken to overcome the Insecure direct object reference and Cross site request forgery vulnerabilities.

The prevention that can be taken to overcome the insecure direct object reference and Cross site request forgery vulnerabilities are input validation. Every input supplied to a system must be validated before it sends to be processed by server. Besides that, we must ensure that all user-supplied data is appropriately entity encoded before rendering. Next, we must use an index, indirect reference map or another indirect method to avoid direct references. This is to prevent exposure of direct object references.

5. Do the exercise under Improper Error Handling | Fail open Authentication Scheme, What is the vulnerability found in this exercise and can you prevent it from happening?

In this exercise, user can login without any password. There is no validation if the user left the password field blank (Due to the deletion by WebScarab). It will send directly to server. In order to prevent from this happening, the java code must be validated and enhances in security particularly on the authentication part.