Insecure Design Patterns
Bypassing inadequate validations often occurs when the intent of the filter fails to measure up to the implementation of the filter. In a way, implementation errors bear a resemblance to logic-based attacks. Consider the following examples of poor design.
Lack of Authorization Checks
Authorization has also been covered in Chapter 5, “Breaking Authentication Schemes.” Each action a user may take on a Web site must be validated against a privilege table to make sure the user is allowed to perform the action. An authorization check might be performed at the beginning of a process, but omitted at later steps under the assumption that the process may only start at step 1. If some state mechanism permits a user to start ...
Get Seven Deadliest Web Application Attacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
