The world will lose 10.5 Trillion Dollars annually to Cyber Crime by 2025. That is a crazy amount of money. but how do these cyber crimes happen? With hundreds of programming languages, thousands of frameworks, and MILLIONS of lines of code… there’s always a bug that can be costly.
Software is a lot like us humans versatile, intelligent… BUT deeply insecure.
In this article, I am going to describe 5 ways that software can be vulnerable and be attacked by those who have some intentions that can questionable.
1.) SQL Injection
One of the central sources of truth for any application is its database. Databases is a very broad term, there are even lots of different types of databases. However, the primary way of talking to this database is through a language called SQL or Structured Query Language for short. A common application would have an architecture like this.
A user on a website will have a form, which will send the information to the server and then the server takes that input from the user and gets it from the database which is then returned back to the client. Let’s go a little deeper.
Let’s say our form has a search bar where a user can search for names in our database. When I insert the name “Lewis” into the database, the information is sent up to the database. So I have to write server code to talk to the database to get the results for the user. So I create this SQL statement where I search
the user's table where the name is equal to the input like this. So whenever I enter:
• Lewis
• Sally
• Will
It will look for those values. Awesome.
There is absolutely NOTHING wrong with this statement did you read the title? I don’t really need to foreshadow this, do I? What if instead of putting another name, I put in a certain SQL statement? If I put in OR (1=1). It pulls the entire database because of the true value 1=1. This is SQL Injection and it’s extremely dangerous.
In 20017, 7-Eleven lost over 4.2 million debit and credit card numbers due to a SQL injection attack. There are easy ways to avoid this attack. 1 Sanitize your inputs Sanitizing can mean many things but essentially makes it so that the input from users is seen as ONE data type and NOT one that can affect your code. 1 Use an Object Relational Mapping package This is a package that turns your SQL statements into an easy-to-use API. These are not necessarily vulnerabilities free but are often maintained to avoid this. 1 Set correct permissions for your database user. If you set the database user to read a very limited amount of data, then even if they do an SQL injection, they won’t be able to access the critical data.
2.) Cross-Site Scripting
Have you ever noticed that almost every single application you use nowadays is on the web? It’s probably how you are seeing my handsome face on your screen right now. On the web, websites are organized and laid out using a Markup Language called HTML. If you right-click and inspect it, you can see it on any website you visit.
HTML is made up of tags that organize text across your screen… but how can text in a tag hurt you? well, that’s one way. The real answer is the tag that runs JavaScript code that is inside of it.
Let’s say I made a blog that was pretty popular and allowed anyone to comment…I want everyone to have a little bit of jazz in their comments so I allow my users to style their comments with HTML. After I come back, I see an alert that I don’t remember putting there… Ok, no biggie… wait… why is everything looking so weird?
Since I allowed users to insert HTML, they were able to add a tag that can do things like to grab all of your cookie or local storage information, change comments, or potentially contact my server.
This ran because it was assumed that the website I was going to was trusted. In 2005, a MySpace user named Samy wrote a tag that would automatically add you as a friend and add you to the “hero” section. This was an exponential effect that gathered over 1 million friends in 24 hours.
There are ways to prevent this like 1 Preventing your users from using markup Restrict your users from using trusted tags. A lot of frameworks that you might use will probably already have this covered. 1 Secure your cookies Many web applications tie session cookies to the IP address of the user who originally logged in, then only permit that IP to use that cookie.
3.) DDoS
You have probably heard of this one before as you might have tried to visit a site or game that just launched and gets extremely overwhelmed by the number of users.
However, that experience can be used in a malicious way. A direct Denial-of-Service attack is a malicious way you disrupt the traffic of a server by overwhelming it as your own traffic. Think of yourself trying to turn at an intersection and millions of cars are driving by.
What makes this attack tough to combat is the distributed aspect of the attack, these computers are sometimes bots or other computers that are being controlled remotely. This makes it hard for the server to identify who are the imposters among us.
A DDoS isn’t a vulnerability itself but often is used as a way to discover vulnerabilities or exploit them. Usually, these types of attacks are complex and can be isolated to what layer they are targeting. There are a lot of creative ways that DDoS attacks are carried out so it’s really hard to 100% be bulletproof against them, however, there are preventative measures. In 2018, Github was hit with a DDos attack that clocked in at 1.35 terabits per second for 20 minutes… which means that 202 terabytes were sent… That’s like sending 540 million images in 20 minutes… wow… There are 2 things you can do to really make sure that you are at least prepared for something like this.
1 Knowing your network’s traffic. How much volume do you typically get and try and scout out any suspicious traffic that might be coming from random IPs, 2 Take advantage of cloud platforms to load balance your traffic? Of course, a giant data center is going to be better than your measly little server.
4.) Log4J
This one was discovered recently and was a nuclear BOMB on the internet. Log4J is a logging utility for the Java Programming Language. It’s used to log information for developers to see across their applications. When it was announced that there was a DEADLY vulnerability affecting it… people freaked out.
This was something that could affect MILLIONS… perhaps BILLIONS… since Java likes to shove it in our faces and all. Java has something called the Java Naming and Directory Interface (JNDI for short) that lets you get resources from another server. When developing an app this comes super handy because you can quickly download code that you can plug into your application. Similar to SQL injection and Cross Site Scripting. If a user was to input a JNDI lookup as input and the logger logged it, it would execute that lookup where a hacker could pull their
resources and execute it in your app. When this was discovered, there were 10 million attempts an hour to exploit this vulnerability. The most important thing you can do now to protect yourself against this is to update yourself to the newest version of Log4J. That way you are up to date.
5.) Cross-Site Request Forgery
Let’s say I have an awesome website where I can add and delete pictures of really cool cats that I like. I also have a feature to let people comment about how cool these cats might be. The way I programmed this in the backend is that if I send a POST request to the URL coolcats.com/delete-cat with my cookie attached for authentication and the id of the cat I want to delete, this means it is 100% secure right? … Did you still fall for my foreshadowing trick? When I click on a link that was in the comments, I go back to my app and see ALL of my cats are gone… why?? In the link that I clicked in the comments, there was a hidden request made to the endpoint that I have created which, since I am already logged in, automatically included the authentication token.
I have been pwned yet again. In 2020, TikTok was hit with a vulnerability that allowed attackers to send messages to other TikTok users. TikTok ended up patching this within 3 weeks but lots of damage has been done. This type of attack still happens to this day but is easily preventable. The most common is Anti CSRF Tokens. These are tokens that are randomly generated by your server on request so when you submit the form, you have to provide the correct token. Most backend frameworks support this.
The web can be a scary place but if you are constantly thinking about security you are most likely in good hands.
