Clarity, Technology, and Solving Problems | PracticeThis.com
WP7 App with Key Windows Azure resources – Slides, Videos, How-To’s, and T-shooting – for quick consumption on the go.
This post contains string search patterns that can help identifying authentication vulnerabilities during security code inspection for your ASP.NET application. Most common vulnerability is about insecurely manipulating credentials in the code. The question we want to actually ask is:
The associated threat is identity theft or identity spoof that can be achieved by disclosing the credentials or/and tampering it.
Credentials are usually required when accessing a down stream resource – database, web service, active directory, MQSeries, or any other. This information can be easily obtained from the architecture document. Following are possible searches that can lead you to the hotspots to nail potential authentication vulnerabilities:
findstr /S /I ".Open( " *.cs
findstr /S /I ".Credentials =" *.cs
LogonUser API – usually used for impersonation
findstr /S /I "LogonUser" *.cs
This one is my favorite. This search pattern is actually trying to spot the anti-pattern of identifying end user. The assumption here is that when there is no matches for that search then the solution either does not identifies the requests or uses home grown solution which might be potential vulnerability in both cases.
findstr /S /I “.Identity" *.cs
Other than above searches it is good idea to review the web.config file for potential clear text credentials.
Got more suggestions for search patters to identify potential authentication vulnerabilities? - Please, share!