Posts

Storing multiple user roles in a single column(TinyInt) to a database.

Image
  Role Based Access Control (RBAC): It is the developer's responsibility to ensure the security of web applications while developing it. Broken access control is one of the critical vulnerabilities in web applications. It allows users to access resources that are not supposed to be accessed by them. To learn more about this vulnerability click here . This vulnerability can be eliminated by implementing the right access control logic. One of the common and simple methods is Role-Based Access Control (RBAC). In this approach, we assign a user with specific roles. Each role will have specific resource access. I know most of the web developers will be aware of it. But I've seen many developers use strings to store roles in the database. Look at the below table, ( approach:1 )  id  name role 1 tony stark admin 2 peter parker customer 3 bruce vendor 4 natasha romanof customer   Some application need multiple user roles for single user, so t...
Post a Comment
Read more

CSRF token vs CORS in SPA

Image
CSRF token vs CORS in SPA    Single Page Application (SPA) with REST API was common nowadays. It is easy and efficient to build the front-end with React or Angular, and back-end with node js (or whatever language). If you have developed some web application that renders server side, you might use HTML forms to get input from users. Most of the web frameworks (Django, Laravel, etc...)  will automatically include an extra hidden input field called CSRF tokens. Note : I assume you already familiar with sessions and cookies          This article doesn't explain everything in detail. I try to explain everything as short as possible In the above image, you can see that Laravel includes a hidden input field in the HTML form (_token). This token is called a CSRF token. Let's see a brief about CSRF and CSRF token. What is CSRF Attack? Cross-Site Request Forgery (CSRF or XSRF). As the name says it is a forgery,...
Post a Comment
Read more

Maintaining STATE with JWT (Get full controll)

Image
Maintaining STATE with JWT    When I start building REST API, I wondered how JWT works. It felt like something magical, that we can verify authorized users without using the session ID. It saves a lot of storage at the server-side and we don't have to query the database for each and every request (to check whether the session ID exists and whom it belongs to). I thought that sessions will die soon and every application will implement JWT. But it wasn't right. Sessions are still better than JWT in many cases. Let's see a few scenarios where JWT really sucks. The token is still valid after the password reset.  The token is not invalidated even if the account deleted. The server cannot invalidate the token after logout. (technically there is no real logout, the token is valid until it expires). You cannot control how many devices can be logged in at a time. The above-mentioned issues can only be solved by tracking the state of the application. So tha...
5 comments
Read more

IDOR - Developers Guide

Image
IDOR - Developers Guide    I've been learning about cybersecurity for a few years. I was learning it online in my free time. I was a slow learner, and also I felt very difficult to understand the theory. One way to improve skills in the cybersecurity field is to participate in Bug Bounty programs. So I signed up in HackerOne (one of the popular online bug bounty platforms) 6 months ago. It looked hard for me to find a vulnerability in those given programs. Many professional hackers have been there for years and I'm new to Bug Bounty.     So I've decided to find a bug in a web application that I'm already familiar with it. So I've chosen one organization's web app. I was analyzing the entire web app flow and within two hours, I was able to find a vulnerability and exploit it. I reported the vulnerability to the organization but still, the vulnerability has not resolved. Here I'm not going to mention the organization I've attacked as it still...
1 comment
Read more