A10 Unvalidated Redirects and Forwards

If a user is redirected or forwarded to a page defined by an unverified entry, the target URL can be manipulated by an attacker. This attack is used to redirect a user to a malicious website through a website with a trusted domain name or to access an unauthorized internal page.

Impact on Security:

• Attack on Confidentiality
• Attack on Integrity
• Attack on Availability

Detectability   : Easy

Exploitability  : Average

Impact           : Moderate

Possible Mitigation:

1. Avoid using redirects and forwards.
2. Don’t involve user parameters in calculating the destination.
3. If destination parameters can’t be avoided, ensure that the supplied value is valid, and authorized for the user. IT is recommended that any such destination parameters be a mapping value, rather than the actual URL or portion of the URL, and that server side code translate this mapping to the target URL.
4. Create a whitelist of allowed pages or external sites (blacklists should not be used).

A9 Using Components with Known Vulnerabilities

There are a lots of vulnerabilities discovered everyday and that is a major reason every software gives a patch/updates. Known software vulnerabilities are available to everyone on the Internet. If an attacker knows which components you use, he can retrieve these vulnerabilities and find a way to exploit them.

Impact on Security:

• Attack on Confidentiality
• Attack on Integrity
• Attack on Availability

Detectability    : Difficult

Exploitability   : Average

Impact            : Moderate

Possible Mitigation:

1. Identify all components and the version you are using including all dependencies.
2. Monitor the security of these components in public database, project mailing lists, and security mailing lists, and keep them up to date.
3. Where appropriate, consider adding security wrappers around components to disable unused functionality and/or secure weak or vulnerable aspects of the component.

A8 Cross-Site Request Forgery (CSRF)

CSRF exploits the trust that a site has in a user’s browser.  i.e. In CSRF, attacker creates a forged HTTP request and sends it to the victim’s browser by any means and force user to click on that link. If victim clicks that link, server considers it as a legitimate request and serves that request.

Impact on Security:

• Attack on Integrity

Detectability   : Easy

Exploitability  : Average

Impact           : Moderate

Possible Mitigation:

1. Include hte unique token in a hidden field. Prefer to include it in the body of HTTP request instead of including it in URL.
2. Use CSRF Guard or ESAPI.
3. Use CAPTCHA to prove they are user.