6

I am currently working on security for a website (JSP) that contains 2 pages: a login and a data page. Once a user logs in, he is able to SELECT data from a specific table with read only access.

After browsing security risks online, I have wrote down a general list of what I might have to defend against

  1. Injections
  2. XSS
  3. Auth / Session hijacking
  4. CSRF
  5. Direct Object Ref

Currently, I am reading about how to defend these attacks and what I should include in my code. However, I won't really know if my code actually works unless I test these attacks out for myself (and even then, there still might be other attacks that work). Right now, I just want some security, and thus I need to know how to produce these attacks so I can try them on my site.

Injections were simple as all I had to do what type '1'='1 in my code to reveal that it was flawed. Then I used prepared statements and SQL injections didn't work anymore.

How can I produce the rest of these attacks to see if my security atleast works against basic attacks?

(Also, is there perhaps some safe site or tool I can use to test out my vulnerabilities?)

krikara
  • 2,395
  • 10
  • 37
  • 71
  • Not an expert at all.. check this out perhaps? http://code.google.com/p/websecurify/ I'm curious about it. – Nava2 Oct 28 '13 at 04:03
  • Websecurify does not do anything but tell you that you don't have HTTPOnly on, you have autocorrect on, and your banner tells you server type / version. It does not let you know if you are vulnerable to attacks. I tested the app on my website with no security, and websecurify didn't even test for simple stuff like injections. This is the free version though, from the above the link. Perhaps if I paid the $100, it might detect actual vulnerabilities. – krikara Oct 29 '13 at 08:00

1 Answers1

4

I assume from your list that you're looking at the Open Web Application Security Project Top Ten. Good!

Really, the best advice I can give is to read through the OWASP site. A good first step would be to go through the individual links on that page (e.g. Broken Authentication and Session Management) and check the "Am I vulnerable?" section. Here are some further hints:

XSS

The XSS Cheat Sheet can be pretty helpful here. More examples than you can shake a stick at, ready to paste into your site.

CSRF

OWASP's wiki has a CSRF Testing Guide full of great links and suggestions.

Auth/Session hijacking

Well, are you using HTTPS? See this answer for more.

More resources

If you want to Go Deeper and do some real testing, here are some things you can do:

Community
  • 1
  • 1
Christian Ternus
  • 8,406
  • 24
  • 39