Ensure that your input is valid. If you're expecting a number, it shouldn't contain letters. Nor should the price of a new car be allowed to be a dollar. Incorrect input validation can lead to vulnerabilities when attackers can modify their inputs in unexpected ways. Many of today's most common vulnerabilities can be eliminated, or at least reduced, with strict input validation.
Insufficient output encoding is at the root of most injection-based attacks. An attacker can modify the commands that you intend to send to other components, possibly leading to a complete compromise of your application - not to mention exposing the other components to exploits that the attacker would not be able to launch directly. When your program generates outputs to other components in the form of structured messages such as queries or requests, be sure to separate control information and metadata from the actual data.
If attackers can influence the SQL that you send to your database, they can modify the queries to steal, corrupt, or otherwise change your underlying data. If you use SQL queries in security controls such as authentication, attackers could alter the logic of those queries to bypass security.
Your software acts as a bridge between an outsider on the network and the internals of your operating system. When you invoke another program on the operating system, and you allow untrusted inputs to be fed into the command string, you are inviting attackers into your operating system.
Information sent across a network crosses many different nodes in transit to its final destination. If your software sends sensitive, private data or authentication credentials, beware: attackers could sniff them right off the wire. All they need to do is control one node along the path to the final destination, any node within the same networks of those transit nodes, or plug into an available interface. Obfuscating traffic using schemes like Base64 and URL encoding offers no protection.
Cross-site request forgery is like accepting a package from a stranger -- except the attacker tricks a user into activating a HTTP request "package" that goes to your site. The user might not even be aware that the request is being sent, but once the request gets to your server, it looks as if it came from the user -- not the attacker. The attacker has masqueraded as a legitimate user and gained all the potential access that the user has. This is especially handy when the user has administrator privileges, resulting in a complete compromise of your application's functionality.
A race condition involves multiple processes in which the attacker has full control over one process; the attacker exploits the process to create chaos, collisions, or errors. Data corruption and denial of service are the norm. The impact can be local or global, depending on what the race condition affects - such as state variables or security logic - and whether it occurs within multiple threads, processes, or systems.
Chatty error messages can disclose secrets to any attacker who misuses your software. The secrets could cover a wide range of valuable data, including personally identifiable information (PII), authentication credentials, and server configuration. They might seem like harmless secrets useful to your users and admins, such as the full installation path of your software -- but even these little secrets can greatly simplify a more concerted attack.
The scourge of C applications for decades, buffer overflows have been remarkably resistant to elimination. Attack and detection techniques continue to improve, and today's buffer overflow variants aren't always obvious at first or even second glance. You may think that you're completely immune to buffer overflows because you write your code in higher-level languages instead of C. But what is your favorite "safe" language's interpreter written in? What about the native code you call? What languages are the operating system API's written in? How about the software that runs Internet infrastructure?
If you store user state data in a place where an attacker can modify it, this reduces the overhead for a successful compromise. Data could be stored in configuration files, profiles, cookies, hidden form fields, environment variables, registry keys, or other locations, all of which can be modified by an attacker. In stateless protocols such as HTTP, some form of user state information must be captured in each request, so it is exposed to an attacker out of necessity. If you perform any security-critical operations based on this data (such as stating that the user is an administrator), then you can bet that somebody will modify the data in order to trick your application.
When you use an outsider's input while constructing a filename, the resulting path could point outside of the intended directory. An attacker could combine multiple ".." or similar sequences to cause the operating system to navigate out of the restricted directory. Other file-related attacks are simplified by external control of a filename, such as symbolic link following, which causes your application to read or modify files that the attacker can't access directly. The same applies if your program is running with raised privileges and it accepts filenames as input. Similar rules apply to URLs and allowing an outsider to specify arbitrary URLs.
Your software depends on you, or its environment, to provide a search path (or working path) to find critical resources like code libraries or configuration files. If the search path is under attacker control, then the attacker can modify it to point to resources of the attacker's choosing.
While it's tough to deny the sexiness of dynamically-generated code, attackers find it equally appealing. It becomes a serious vulnerability when your code is directly callable by unauthorized parties, if external inputs can affect which code gets executed, or if those inputs are fed directly into the code itself.
If you download code and execute it, you're trusting that the source of that code isn't malicious. But attackers can modify that code before it reaches you. They can hack the download site, impersonate it with DNS spoofing or cache poisoning, convince the system to redirect to a different site, or even modify the code in transit as it crosses the network. This scenario even applies to cases in which yourownproduct downloads and installs updates.
When your system resources have reached their end-of-life, you dispose of them: memory, files, cookies, data structures, sessions, communication pipes, and so on. Attackers can exploit improper shutdown to maintain control over those resources well after you thought you got rid of them. Attackers may sift through the disposted items, looking for sensitive data. They could also potentially reuse those resources.
If you don't properly initialize your data and variables, an attacker might be able to do the initialization for you, or extract sensitive information that remains from previous sessions. If those variables are used in security-critical operations, such as making an authentication decision, they could be modified to bypass your security. This is most prevalent in obscure errors or conditions that cause your code to inadvertently skip initialization.
When attackers have control over inputs to numeric calculations, math errors can have security consequences. It might cause you to allocate far more resources than you intended - or far fewer. It could violate business logic (a calculation that produces a negative price), or cause denial of service (a divide-by-zero that triggers a program crash).
Grow-your-own cryptography is a welcome sight to attackers. Cryptography is hard. If brilliant mathematicians and computer scientists worldwide can't get it right -- and they're regularly obsoleting their own techniques -- then neither can you.
Hard-coding a secret account and password into your software is extremely convenient -- for skilled reverse engineers. If the password is the same across all your software, then every customer becomes vulnerable when that password inevitably becomes known. And because it's hard-coded, it's a huge pain to fix.
Beware critical programs, data stores, or configuration files with default world-readable permissions. While this issue might not be considered during implementation or design, it should be. Don't require your customers to secure your software for you! Try to be secure by default, out of the box.
You may depend on randomness without even knowing it, such as when generating session IDs or temporary filenames. Pseudo-Random Number Generators (PRNG) are commonly used, but a variety of things can go wrong. Once an attacker can determine which algorithm is being used, he can guess the next random number often enough to launch a successful attack after a relatively small number of tries.
Your software may need special privileges to perform certain operations; wielding those privileges longer than necessary is risky. When running with extra privileges, your application has access to resources that the application's user can't directly reach. Whenever you launch a separate program with elevated privileges, attackers can potentially exploit those privileges.
Don't trust the client to perform security checks on behalf of your server. Attackers can reverse engineer your client and write their own custom clients. The consequences will vary depending on what your security checks are protecting, but some of the more common targets are authentication, authorization, and input validation.
Por Efraín Ocampo Netmedia - Me enteré de un ejemplo más de lo que puede ser capaz un miembro del staff de sistemas, tecnologías de la información o lo que se le parezca cuando está enojado. Terry Childs se enteró de que sería despedido y bloqueó los accesos a información vital del Ayuntamiento de San Francisco. A sus 43 años, vaya usted a saber qué pasó por su cabeza al enterarse de que sería despedido del Departamento de Tecnología del Ayuntamiento de San Francisco. Lo que es seguro, es que decidió mostrar su descontento, o desquitarse, al eliminar todos los perfiles de nivel de administrador de los sistemas neurálgicos de la ciudad y únicamente dejando el suyo activo. Aún quedando él como único administrador de dichos sistemas, se negó a revelar las contraseñas necesarias para continuar la operación. Estuvo cinco años trabajando para la ciudad de San Francisco, California, y actualmente está bajo custodia policiaca. Hasta el momento, no es algo muy común este tipo de problemas.
Se anuncia como el gran evento cibernético de México. Se trata de reunir a 2000 adictos a Internet en un solo espacio, conectados en una red LAN con 1 GB de banda ancha. Obvio, patrocina Telmex con su "infinitum". La conexión será con Switch ProCurve de HP acceso a una conexión de red a 1.000 Mbps y enlace entre sí a 10 Gigabit/s. Aldea Digital es una reunión de aficionados y profesionales de la computación que buscan intercambiar conocimientos y realizar durante varios días todo tipo de actividades relacionadas con la computación, encontrarse con personas a las que sólo conocían a través de la computadora, mostrar sus desarrollos cibernéticos, compartir con sus colegas, competir en divertidos retos que los organizadores les plantearán y en general, sumergirse durante cuatro días y tres noches, en el fascinante mundo digital. Constituye parte de un fenómeno que tuvo su origen a finales de la década de los ochenta en el norte de Europa, en países tales como Noruega, Din
El dispositivo USB Franklin CDU-680 fue lanzado hace unas semanas en México, ha sido esperado por mucha gente debido a sus nuevas caracteristicas, respecto al CDU 550. Su tamaño es 1/3 parte de EvDO Modems como Kyocera 650 o Audiovox 5740. En esta nueva edición, Franklin ha agregado nuevas cualidades respecto a sus antecesoras: Dispositivo EVDO Rev-A Approximately 1/3 of the size of previous USB Modems Memoria Flash 64 MB incorporada GPS incorporado Puerto de conexión para antenas o amplificadores externos Compatibilidad con Windows XP/Vista, Mac OS X, Linux (drivers e instalador cargado en la memoria Flash, ¿ya no necesita cargar el CD de instalación! Manual de Instalación (en la Memoria Flash) Administrador de Conexión para Mac OS X incluyendo el soporte para GPS Conector USB plegable Dispositivo USB solo requiere 500ma Max Cable adaptador "Y" no es necesario, sin embargo está incluido por un mejor posicionamiento Lo Bueno Los dispositivos que Franklin ha sacado tien