Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
Well defined set of search patterns helps significantly reduce time (cost) when performing security code inspections. This post focuses on input validation vulnerabilities commonly found in ASP.NET web applications.
SQL Injections and XSS attacks are most common that exploit improper data access and lack of output encoding. Following are the how-to’s on finding these vulnerabilities:
To search and find security vulnerabilities you start asking questions or better yet create a list of the questions. Here is the example how - Generate Your Own Security Code Review Checklist Document Using Outlook 2007.
Use search utility similar to FindStr to perform your searches (look at Performing Text Searches). When Visual Studio is available then you can use it - Visual Studio 2005 As General Code Search Tool. Any other search tool is just fine. Following are the most common questions and search patterns.
If the code does not use Validators or Regex there is a potential vulnerability. Review each control how it is validated for type, length, range, string format. In the searches I assume there is no inline code and developers use code behind technique to separate markup from code.
findstr /S /I ".Validator" *.aspx
findstr /S /I ".Validator" *.ascx
findstr /S /I "Regex" *.cs
Review that there is no external input involved in building paths and file names.
findstr /S /I “File" *.cs
findstr /S /I “Path" *.cs
Using Cookies and QueryStrings poses a risk of the tampering threat (review STRIDE Explained to understand threats). If there is a use of Params property there is a chance for CSRF attack - Cross-Site Request Forgery Attack explained
findstr /S /I “Cookies" *.*
findstr /S /I “QueryString" *.*
findstr /S /I “Params" *.*
If there is a usage of MapPath review that it does not use external input parameters and it is restricted to access only application file space. Make sure its third parameter set to false.
findstr /S /I “MapPath" *.*
Below are detailed step-by-step guidelines for writing code that is not vulnerable to SQL Injections and XSS attacks:
If you’ve got more search patterns to suggest – please do so! Let’s make the World [Wide Web] a more secure place together.