🔟OWASP Top 10

This page will be a dedicated one to the OWASP Top 10 to act like a writeup of the TryHackMe room (link of the room below)

TryHackMe | Cyber Security TrainingTryHackMe

Here, the OWASP Top 10 sumarry list. I will go through every point in this writeup:

1. Broken Access Control

2. Cryptographic Failures

3. Injection

4. Insecure Design

5. Security Misconfiguration

6. Vulnerable and Outdated Components

7. Identification and Authentication Failures

8. Software and Data Integrity Failures

9. Security Logging & Monitoring Failures

10. Server-Side Request Forgery (SSRF)

1. Broken Access Control

3 examples of CWE for this category: Cross-Site Request Forgery (CSRF), Path Traversal: '.../...//', Improper Access Control

Broken Access Control allows attackers to bypass authorisation, allowing them to view sensitive data or perform tasks they aren't supposed to. Access control is a security mechanism used to control which users or systems are allowed to access a particular resource or system.

Challenge:

IDOR or Insecure Direct Object Reference refers to an access control vulnerability where you can access resources you wouldn't ordinarily be able to see.

2. Cryptographic failures

3 examples of CWE for this category: Weak Encoding for Password, Use of Hard-coded Cryptographic Key, Use of a Broken or Risky Cryptographic Algorithm

Challenge:

• Access to the DB file

• Get the hash of the admin

• Crack the hash (Weak Encoding for Password)

• Login as the admin !

3. Injection

3 examples of CWE for this category: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting'), Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'), Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Challenge:

Command Injection is a vulnerability that occurs when an attacker manipulates input fields to inject malicious commands into a vulnerable application. This can lead to unauthorised execution of arbitrary commands on the targeted server, potentially resulting in data breaches, system compromise, or unintended operations.

• Use the "inline commands" to execute OS Command Injection inside a PHP script vulnerable

• $(....)

4. Insecure Design

Challenge:

• Use the "Insecure Design" of the password reset system to login as joseph user (remember of the Instragram vulnerability about password resseting)

5. Security Misconfiguration

Challenge:

• Use a debugging interface to execute Python command and access to credentials inside the app.py file.

6. Vulnerable and Outdated Components

Simply, it's when a system use a well-known vulnerability

Challenge:

• Use an exploit to obtain a RCE on the server (https://www.exploit-db.com/exploits/47887)

7. Identification and Authentification Failures

Authentication and session management constitute core components of modern web applications. Authentication allows users to gain access to web applications by verifying their identities.

• Brute force attacks

• Weak credentials

• Weak session cookies

Challenge:

• Use a developer's mistake (re-registration of an existing user) to login as darren by addind a blank space before the username -> " darren"

8. Software and Data Integrity Failures

When a system don't use any kind of integrity checks (hash for example)

Challenge (Software Integrity):

• Explain how to use a system which can check integrity of a resource the client need to download when he visit your website. For example, for the jquery third-party libraries, instead of using:

<script src="https://code.jquery.com/jquery-3.6.1.min.js"></script>

You can use this https://www.srihash.org/ to generate hashes for any library:

<script src="https://code.jquery.com/jquery-3.6.1.min.js" integrity="sha256-o88AwQnZB+VDvE9tvIXrMQaPlFFSUTR+nldQm1LuPXQ=" crossorigin="anonymous"></script>

Challenge (Data Integrity):

• Will be around JWT and the None Algorithm

9. Security Logging & Monitoring Failures

Everything about logging

Challenge:

• Read a log to find some information

10. Server-Side Request Forgery (SSRF)

SSRF vulnerabilities often arise from implementations where our web application needs to use third-party services (external API for example to perform an action).

Challenge:

• Use our own server to get the API key