5 posts

STRIDE threat modelling vs DREAD thread modelling

Which THREAT modelling framework/methodology should I go for? This is a very common question nowadays, since the “Shift-left revolution”, we have all been trying to introduce security as early into the SDLC as possible (if we aren’t? we should!). THREAT modelling is the foundational activity of shifting left, which basically means finding threats early into the SDLC. Finding threats early in the software development lifecycle helps you save costs in terms of time, finances and more importantly possible reputational damage. Now that you are sold on doing threat modelling in the design phase of SDLC, the question you must be […]

How I was able to delete 13k+ Microsoft Translator projects

Introduction Sometime back I was hunting for Vulnerabilities in Microsoft Web services, as Microsoft has large online infrastructure, finding a vulnerability which could lead to Microsoft hall of fame for security researchers wasn’t difficult. While browsing around their online services, one of their services, Microsoft hub translator caught my attention. Microsoft hub translator is and I quote:  “Microsoft Translator Hub empowers businesses and communities to build, train, and deploy customized automatic language translation systems—-”.  I signed up and started looking for vulnerabilities and found critical level vulnerability through which I was able to delete All Microsoft hub translator 13000+ projects. As the vulnerability is fixed now, I’m sharing […]

second order sql injection

Second Order SQL Injection Explained with Example

Introduction Second Order Sql injection is an application vulnerability, it occurs when user submitted values are stored  in the database, and then it gets used by some other functionality in the application without escaping or filtering the data. Usually data from external sources (user supplied) is considered dangerous and is escaped/filtered. Developers trust the data coming from the database. This behaviour is similar to Stored Cross Site Scripting attack. Second Order Sql Injection requires more knowledge of how submitted values are later used in order to perform successful second order sql injection. Still confused? follow the example below:- Second Order […]

Application Threat Modeling using DREAD and STRIDE

Introduction Application Threat Modeling using DREAD and STRIDE is an approach for analyzing the security of an application. It is a structured approach that enables you to identify, classify, rate, compare and prioritize the security risks associated with an application. Application Threat modeling should be considered separate from Risk Assessment, although similar but Application Threat Modeling is more of a calculated approach. Inducing Application Threat Modeling into SDLC process has its advantages for the security of the entire project. Most importantly when performing security assessments following the threat modeling approach gives the reviewer a comprehensive overview of the Application. This […]

10 Methods to Bypass Cross Site Request Forgery (CSRF)

10 Methods to Bypass Cross Site Request Forgery (CSRF)

During web application security assessments, Cross Site Request Forgery is often an underrated vulnerability and often ignored, either due to the fact that it requires some sort of user interaction or lack of severity. Lack of severity part is debatable, it depends on which functionality the CSRF vulnerability exists, for example it would be severe if it exists on a password change functionality, an attack could send a crafted link to victim, victim clicks the link (Actual click is not required, one could use embedded HTML links in a page), attacker rides the victims session and password gets changed of […]