DEV Community

Cover image for Web Vulnerabilities: Romantic Conversations of a Vulnerable Application Part 2

Posted on

Web Vulnerabilities: Romantic Conversations of a Vulnerable Application Part 2

This is the second part of conversations between two lovers – Mr. Hacksaw and Miss App which unfortunately can be used to explain the concept of web vulnerabilities.

File/Permission Vulnerability- Day 10

Miss App: (Thinking out Loud) I have really given Hacksaw permission into my heart, my mind, and all of me. I hope this love is true. (Calls Hacksaw on the phone)

Mr. Hacksaw: Hey baby. Talk to me.

Miss App: Hey love. I was thinking if we can hook up tomorrow. But I wouldn’t be home up until 9 pm.

Mr. Hacksaw: Not a problem, App. You can leave your key somewhere I can get it. I’d be there waiting for you at 6 pm in the house already cooking your favorite food.

Miss App: All right, babe. But I have a secret spot just beneath my makeup shelf. Please make sure you avoid that place. There are customer files kept there and I don’t want them destroyed. You can check though and confirm they are still safe. Hehe. But please don’t touch it! I know I can trust you. Can’t I?

Mr. Hacksaw: Yes baby.

(Later that day by 9 pm)

Cross scripting, SQL injection – Day 10

Mr. Hacksaw: Welcome back, babe. I know you must have been stressed as hell.

Miss App: Yeah! A massage would do.

Mr. Hacksaw: You go get a shower first then you can then get your wish. Haha! But first, we must have a couple of strong drinks together. (Miss App and Mr. Hacksaw get high as Travis in the room.)

Mr. Hacksaw: I think the mood is right.

Miss App: You bad boy! Let’s do this. (Miss App and Mr. Hacksaw get violent kissing and fondling. But just as Mr. Hacksaw was to move further…)

Miss App: Why don’t we protect ourselves… sanitize… clean up… your tool… before you know… input it…penetrate… into me.

Mr. Hacksaw: (interrupts) what?! Are you saying you don’t trust me?

Miss App: No baby. Not that. You know what?! Just stick it in.

The Mishaps of Miss App – Day 11

Miss App wakes up to find Mr. Hacksaw no longer in the house. She tried his number but was unable to connect. She realized Mr. Hacksaw never loved her actually and only manipulated her as a front to successfully snoop on Customers’ records by going through sensitive information in the files she has told Hacksaw earlier not to touch. It was now clear to her Hacksaw’s plan especially the wrong information she had noticed in one of the customer’s files on their first date. She even worries more that she might have been infected or corrupted with an STI. She sees herself sitting in jail in her thoughts and thought of ways she would have prevented this sorry event from happening such as:

• Restricting permission of customer files from Mr. Hacksaw(Setting right file permission, session, and cookie validation, API access token, brute force limit, admin management access separation, IP restriction for API, sensitive data encryption).
• Insisting Hacksaw wears a rubber. (Prepared statements, input sanitizing, API sanitizing)

THE END!!!!!!
Enter fullscreen mode Exit fullscreen mode

However, a rare picture of Mr. Hacksaw lol.


Top comments (2)

eyyubzademireli profile image