290 Part II: Developing an Ajax Library^
Attack Name Goal How It Is PerformedPossible
Countermeasures
Field
manipulationTo change the state
of the application
or trigger an error
message.Intruder will use tools to remove
field size restrictions, input
unexpected data, and modify any
default values.Reject all fields that
are not expected
outright. Expected
fields that are not
within norms should
either be rejected
or sanitized to meet
application size and
format constraints.Add page signatures
via form fields or a
cookie to indicate what
was sent field and
value wise versus what
is returned.Sanitize error messages
in case intruder is able
to trigger them.Poison upload To upload some
form of malware
to gain access or
retrieve data if it
is run, or to simply
consume tremendous
resources such as
disk space for a form
of denial of service.Any URL that receives input from
a form that allows file submission
can be sent a file. If there are no
limits here, the potential intruder
will upload a dangerous file,
lots of files, or very large file(s)
to cause trouble or attempt a
compromise.Move file uploads to a
secured location on a
file system away from
the Web application.Disallow file types that
may be executable
and never execute an
untrusted file except
in a very controlled
environment.Limit the number and
size of submitted files.
Forceful
browsingTo access URLs or
systems they should
not be able to.This is not really hacking in all
senses, but it describes the idea
of manipulating URLs to get to a
file or bit of information that the
intruder is not authorized to see.
In some situations it simply is the
problem of relying on security by
obscurity to protect the resource.URLs are inputs; if
they are not allowed
they should be rejected
or trigger an error.
If a URL is allowed
but the resource is
considered sensitive,
access control should
be enforced with
authentication.TABLE 7-2 Sampling of Web Application Data Input Attacks (continued)