Terminologies that seem to be always asked during interviews. But the problem is that my memory operates in a first in first out (FIFO) sort of way. Which befits the definition; a method that relates to the organization and manipulation of data according to time and prioritization.
Without further to do, the terminologies as I understand them:
Cross-Site Request Forgery (XSRF or CSRF)
Def
When the credentials used to access the targeted systems is sent from another application or system
Layman
The same login can be used by another application can be used to login by another application
Example
- Reusing the session token or cookie to login in as the current user from a different system/application
- The login of the application can be used to login into Facebook, and Facebook uses the same login
Cause
The GET method is allowed to perform other operations besides the retrieval of data
Fix
Unique and random session token for each GET request
How to test
Cross-Site Tracing (XST) aka TRACE method
Def
Basically echoes back the http data
Example
Retrieval of the target's cookies which contain either the authentication credentials or the means to bypass access controls
Cause
The TRACE method is enabled on the production system
Based on RFC 2616 which allows the GET method to conditionally retrieve information
Fix
Turn off HTTP TRACE support
If your using apache then you need to install the mod_rewrite engine. Add the following lines to your httpd.conf file.
RewriteEngine On
RewriteCond %{REQUEST_METHOD} ^TRACE
RewriteRule .* - [F]
If your using IIS then you need to filter out everything but GET, POST, and HEAD with urlScan
How to test
Open Burp and choose repeater. Change the request to something similar to:
TRACE / HTTP/1.0
Header1: <script>alert(document.cookie);</script>
The reply should look like this if TRACE is enabled:
HTTP/1.1 200 OK
Date: Sun, 23 Sep 2007 02:48:05 GMT
Server: Apache/1.3.34 (Ubuntu) mod_perl/1.29
Connection: close
Content-Type: message/http
TRACE / HTTP/1.0
Header1: <script>alert(document.cookie);</script>
SOAP
Simple Object Access Protocol (SOAP) standard an XML language defining a message architecture and message formats, is used by Web services it contain a description of the operations. WSDL is an XML-based language for describing Web services and how to access them. will run on SMTP,HTTP,FTP etc.
- Requires middleware support
- Returns XML based data
REST
REST Representational State Transfer (RESTful) web services. they are second generation Web Services. RESTful web services, communicate via HTTP and do not require XML messages or WSDL service-API definitions.
- REST no middleware is required
- REST can return XML, plain text, JSON, HTML, etc.
No comments:
Post a Comment