Posts

Showing posts from 2018

CSRF: High-Tech Hypnotism

Image
[https://www.hobbyconsolas.com/noticias/simpson-lanzaran-episodio-escrito-hace-mas-20-anos-homer-cree-ser-nino-105672] Who are you CSRF? Cross-Site Request Forgery is known as CSRF in short. This is an attack that tricks an end-user to perform unintended tasks on a web application in which they are currently authenticated. The malicious tasks that the victim performs will be based on the attacker's interest. This is something similar to a hypnotist hypnotizing another individual to do something according to the hypnotist's wish. CSRF attacks are also known as Session Riding, XSRF, Sea Surf, and Hostile Linking. Microsoft name these types of attacks as "One-Click Attacks". What really happens in CSRF? CSRF attack is not something like stealing someone's session cookie and viewing their profile or updating their status and playing around with it. This attack is not about the data but rather changing the state and make the end-user do some malicious tas...

Encryption to take secure programming a step forward

Image
[http://blog.trendmicro.com/wp-content/uploads/2012/03/Cartoon-2.jpg] What is "Encryption"? Why is it associated with secure programming? What are the benefits of encryption? These are questions to be evaluated in this blog post along with some interesting facts about encryption. As we all know hashing is a one-way process in which the plain text/input cannot be retrieved from the hash value. What if we want to get the plain-text from the hash value? What could be the solution? The solution is Encryption . Encryption Encryption is a technique used to convert a plain text into an encoded format or cipher-text which could be reversed back to the original plain text. Unlike hashing, encryption is a two-way technique. Fig 1: The flow of encryption Fig 2: Encryption/Decryption related details for the Fig 1 Since encryption is a two-way process it allows the users to retrieve the encrypted value back to its original text. This is very useful in terms...

Hashing... First Step to Secure Software Programming

Image
Where it all started? Anyone in the field of programming wouldn't have missed the chance of implementing a login page. This login page might look very simple and straightforward. But in reality, it is not. What most of us would have done for our first login page is a simple string comparison for both username and password which might have already been hard-coded in the program. Some might have retrieved the username and password from the database and compared it with the user entering credentials based on roles. If we think about this scenario in a real-world enterprise or corporate level applications, the authentication procedure will not take place as simple as that. Authentication Authentication is all about ensuring that the system is being accessed by the correct user. Authentication plays a very important role in most of the systems or applications. The reason is to prevent the system from unauthorized access. Authentication methodologies 1. Username Password authentic...