Session poisoning or Session Pollution is a term used to refer to security exploit when an invalidated input is assigned to session variables which then gets carried over to other pages opening the supposed to be secured pages to outside world. It can also refer to a state when more than one application shares the same session variable which when modified without necessary validation causes a race condition. There is a possibility for an attack or a session hijack when the external agent gets control over the session variable used by victim on the server. Both the agent and the victim needs to have access on the same server for such attacks to take place. When the same scenario happens on the cookie variables, it is called cookie poisoning. Precaution to avoid such hijacks are to validate each condition if a cookie or a session is shared or if values are assigned to session or cookies. In such cases, it is also advisable to use a secured transaction path to avoid such attacks.

It is often advisable not to disclose information than is necessary when web request are made to Apache server. By default, Apache displays the version of the server, modules loaded in the server and the version of PHP if PHP is configured with Apache. In httpd.conf file, set the following directives. ServerSignature Off ServerTokens ProductOnly By default, ServerSignature is set to Off and ServerTokens is set to Full in most Linux distros.

Session Fixation is method by which an intruder creates a session id which gets carried on when a user comes with that path and continues his/her activity on a website. For e.g. an intruder may create a link to a site called samplesite.com as <a href="http://samplesite.com/cart.php?PHPSESSID=Ax23mDud" />Sample Site<a> When a user clicks on this link the session id gets carried on to the site 'samplesite.com'. The intruder waits for the user starts to perform a transaction on the site and will take over vital details by intruding user's activity on samplesite.com. (more…)

Kerberos Authentication is a means by which a communicating entity on a non-secure network can prove itself to another entity about its identity in a secured way. In a system developed for a client-server model, it is inconceivable to identify the threat posed by the network users and the intruders. Primary goal of Kerberos Authentication System is to prevent free text based transmission of passwords over the network. Kerberos was created by MIT with a license similar to BSD and the current version is Version 5. It is implemented across various OS - Linux, Unix, Windows, MacOS. Kerberos system is built on a symmetric key algorithm. (more…)

It is always secured to turn OFF register_globals in PHP applications. Earlier, we have seen how to turn OFF register_globals setting via .htaccess file and in this blog we will use php.ini instead. Using a text editor create a file called php.ini. This will be our first step. Next, we need to add the following line of code in php.ini register_globals = off Upload php.ini file to the root folder where your application resides.

Sticky bit There may be situation where you wanted all users to store files in a certain folder but might want to restrict users from deleting other users file. For this scenario, you can set the sticky bit of the folder which will serve our purpose. For example we have created a folder inside /tmp directory called "user" root@dev:/tmp# ls -l | tail -1 drwxr-xrwx 2 root root 4096 2009-07-13 11:39 user root@dev:/tmp# cd user Now create a file called a.txt (you are currently with root privileges) root@dev:/tmp/user# touch a.txt Now change to the user with normal privileges (i have created a user called 'usr100' for this purpose) usr100@dev:/tmp/user$ su usr100 password: usr100@dev:/tmp/user$ whoami usr100 (more…)