MOHAMAD AMIRUL ISYRAF

Understanding SQL Injection Attacks:

SQL Injection (SQLi) is a common web security vulnerability that allows attackers to interfere with the queries that an application makes to its database. By injecting malicious SQL code into input fields, attackers can manipulate, access, and sometimes even delete data that should be protected.

Why is SQL Injection Dangerous?

SQL Injection attacks can have serious consequences, such as bypassing authentication, gaining unauthorized access to sensitive information, and executing administrative operations on the database. Understanding and defending against these attacks is crucial for secure application development.

Example Scenarios:

• Authentication Bypass: By entering ' OR 1=1 -- into a login form, an attacker may bypass authentication if the application’s SQL query is not properly sanitized. This works by making the conditional statement always true, granting unauthorized access.
• Data Extraction: An attacker could retrieve confidential data, like usernames and passwords, by injecting ' UNION SELECT username, password FROM users --. If the database is improperly protected, this could expose user details.
• Blind SQL Injection: When error messages are suppressed, attackers may use Blind SQLi techniques. For instance, injecting code like ' AND 1=1 -- or ' AND 1=2 -- in various fields to determine if they get different responses, helping them gather information without visible data retrieval.

Best Practices to Prevent SQL Injection:

• Use Prepared Statements: Ensure that input values are treated as parameters rather than code by using parameterized queries or prepared statements.
• Validate User Input: Filter and validate user input to ensure it only contains expected values (e.g., digits for a phone number field).
• Limit Database Permissions: Give applications only the minimum necessary privileges to reduce potential damage if an attack occurs.

Additional Learning Resources:

• For more details, explore articles on OWASP Top 10, which highlights common vulnerabilities, including SQL Injection.
• Practice safely on platforms like Hack The Box or TryHackMe to build your skills in a secure environment.

Understanding Cross-Site Request Forgery (CSRF) Attacks:

Cross-Site Request Forgery (CSRF) is a web security vulnerability that tricks a victim into unknowingly submitting requests to a website where they are authenticated. This can result in unauthorized actions like changing user details, transferring funds, or deleting data, all executed under the guise of the victim’s identity.

Why is CSRF Dangerous?

CSRF attacks exploit the trust a web application has in the authenticated user. When successful, these attacks allow unauthorized actions to be performed on behalf of the user without their knowledge or consent, potentially causing serious harm.

Example Scenario:

• Unintended Money Transfer: Imagine an online banking site where a user is authenticated. If an attacker sends the user a malicious link or embeds a hidden form on a webpage the user visits, the attacker could trick the user into unknowingly transferring funds from their account to the attacker’s account.
• Account Settings Change: On social media or other platforms, CSRF attacks can change account settings. For example, an attacker might embed a link that updates a user’s email address to one controlled by the attacker, allowing them to take over the account.

Best Practices to Prevent CSRF:

• Use CSRF Tokens: Include a unique token in each form or request, verifying that the request is legitimate. This token should be validated server-side and regenerated frequently.
• Require User Re-Authentication: For sensitive actions like password changes or fund transfers, require users to re-authenticate to confirm their identity.
• Use SameSite Cookies: By setting cookies to SameSite=Strict or SameSite=Lax, you can reduce the risk of CSRF attacks by preventing cookies from being sent with cross-site requests.

Additional Learning Resources:

• Explore more about CSRF and other vulnerabilities on OWASP Top 10.
• Try CSRF challenges on secure learning platforms like Hack The Box or TryHackMe to deepen your understanding.

Understanding JWT (JSON Web Token) Attacks:

JWT (JSON Web Token) is a popular method for securely transmitting information between parties as a JSON object. However, if JWTs are not securely implemented, they can become vulnerable to attacks, allowing unauthorized access to sensitive data or services.

Common JWT Attack Vectors:

• Token Tampering: If an attacker gains access to the JWT and its signing algorithm is weak, they may be able to tamper with the token’s payload, modifying claims to escalate privileges or impersonate other users.
• Algorithm Confusion Attack: Some JWT libraries may mistakenly allow an attacker to change the signing algorithm to none, bypassing signature verification. This attack lets an attacker create arbitrary tokens without a valid signature.
• Brute Force Attacks on Weak Secrets: JWTs signed with weak or common secrets can be brute-forced. If the signing key is guessable, attackers may generate valid tokens to access protected resources.

Example Scenario:

• Privilege Escalation: An attacker who obtains a user-level JWT could modify its claims (e.g., change role: user to role: admin) and bypass security measures if the token validation is insufficient.
• Session Hijacking: By intercepting a JWT (e.g., through insecure transmission), an attacker could impersonate the user and perform unauthorized actions until the token expires.

Best Practices to Secure JWTs:

• Use Strong Algorithms: Always use secure signing algorithms, like HS256 or RS256, and avoid using none as an algorithm to ensure signatures are verified.
• Implement Expiration and Revocation: Set short expiration times for JWTs and implement a revocation mechanism to invalidate tokens when necessary (e.g., upon logout).
• Store JWTs Securely: Avoid storing JWTs in local storage. Instead, use HTTP-only cookies to prevent them from being accessed by JavaScript and reduce XSS risks.
• Validate Claims: Ensure the claims (like roles or permissions) in the JWT are properly validated server-side to prevent privilege escalation.

Additional Learning Resources:

• Learn more about JWT security practices on OWASP Top 10.
• Explore JWT security challenges on platforms like Hack The Box or TryHackMe to practice in a safe environment.