One important thing to note is that “anything where we can get input to our application and back to the backend is a potential hack factor or vulnerability factor”. These would include Query Parameters, URL path, PUT/POST parameter, Cookies, Referrer headers, file uploads, Emails, Form fields, Web sockets, browser’s local/session storage etc.
Cross-Site Scripting (XSS)
XSS occurs when the application uses data parameters and pass it to the browser without properly validating the data.
Validate and sanitise all the user based inputs
Encode the output for specific contents, especially in cases where the output contains HTML tags
Set proper headers like Strict transport security, X-frame-options, X-XSS-protection, X-Content-Type-Options, Content-Security-Policy
Cross-Site Request Forgery (CSRF)
This is pronounced as “see-surf”. It allows victim’s browser to make a forged HTTP request. It forces the end user to execute unwarranted actions on a web application in which they are currently authenticated. So while the user thinks that he is just browsing his own dashboard, the malicious code snippet loads in the background. For instance, there can be a hidden frame of Facebook on a page and while the user is browsing the page and is logged in to his Facebook account in the browser, the code in the background can make him post content on his behalf.
So, this gives the hackers the permission to force the user’s browser to generate requests without him knowing it.
Include a random, unpredictable token in requests
Add tokens to requests that can mutate the state of the application
Origin of the request must be verified
Hackers normally use leaks/flaws in the authentication mechanism to impersonate other users.
Don’t expose session tokens in the URL
Session tokens should have a timeout
Recreate session tokens after every successful login
Use HTTPS for sending tokens
Use appropriate permissions
Use some well known authenticating mechanism
Use strict mode whenever possible
This eliminates silent errors and shows them all the times.
Sensitive Data Exposure
Encrypt all sensitive data at rest and in transit
Do not store unnecessary data
Disable cache on forms that store sensitive data
Use strong algorithms for hashing passwords
Enforce stronger passwords
Use 2 factor authentication
Use Google authenticator
For cookies set the following flags:
Secure: only to be used over HTTPS
Enforce proper cookie scoping
Only to be accessed by certain domains
Only accessible on certain paths
Expires after a stipulated time
Link here: https://www.youtube.com/watch?v=BeKMbTSm7x8