Software security is not security software. Here we're concerned with topics like authentication, access control, confidentiality, cryptography, and privilege management.
NSURLConnection
or NSURLSession
fails to check what host it is sending the credentials to.NSURLConnection
or NSURLSession
callbacks to handle authentication requests. Forgetting to ensure that the authentication request comes from the expected host would result in credentials being sent to every URL the application loads. In addition, failing to check that the credentials can be sent securely would result in credentials being stolen.
- (void)URLSession:(NSURLSession *)session didReceiveChallenge:(NS URLAuthenticationChallenge *)challenge completionHandler:(void (^)(NS URLSessionAuthChallengeDisposition, NSURLCredential *))completionHandler {
NSString *user = [self getUser];
NSString *pass = [self getPassword];
NSURLCredential *cred = [NSURLCredential credentialWithUser:user
password:pass persistence:NSURLCredentialPersistenceForSession];
completionHandler(NSURLSessionAuthChallengeUseCredential, credential);
}
NSURLConnection
or NSURLSession
fails to check what host it is sending the credentials to.NSURLConnection
or NSURLSession
callbacks to handle authentication requests. Forgetting to ensure that the authentication request comes from the expected host would result in credentials being sent to every URL the application loads. In addition, failing to check that the credentials can be sent securely would result in credentials being stolen.
func urlSession(_ session: URLSession, didReceive challenge: URLAuthenticationChallenge, completionHandler: @escaping (URLSession.AuthChallengeDisposition, URLCredential?) -> Void) {
let user = getUser()
let pass = getPassword()
let credential = URLCredential(user: user, password: pass, persistence: .none)
completionHandler(Foundation.URLSession.AuthChallengeDisposition.useCredential, credential)
}
tx.origin
for authorization purposes.tx.origin
global variable holds the address of the account from where a transaction originates.tx.origin
contains the address of account, A1, used for calling S1. If the intent of tx.origin
is to verify authorization of A1, then this authorization is bypassed.tx.origin
, then tx.origin
will hold the address of the user account that initiated the transaction and authorization will be bypassed.tx.origin
before transferring funds to a provided address.sendTo
function in the vulnerable contract, then the condition within the require
statement will be true and funds will be transferred to whatever address the attacker contract specified when calling sendTo
.
function sendTo(address receiver, uint amount) public {
require(tx.origin == owner);
receiver.transfer(amount);
}
0.0.0.0/0
) the TCP port 22
, where an SSH server typically responds to incoming connection requests.
- name: Task to open SSH port
amazon.aws.ec2_group:
name: demo_security_group
description: Open the ssh port to the world
state: present
vpc_id: 123456
region: us-west-1
rules:
- proto: tcp
ports: 22
cidr_ip: 0.0.0.0/0
- name: Create Lambda policy statement for S3 event notification
community.aws.lambda_policy:
action: lambda:InvokeFunction
function_name: functionName
principal: *
statement_id: lambda-s3-demobucket-access-log
source_arn: arn:aws:s3:us-west-2:123456789012:demobucket
source_account: 123456789012
state: present
publicly_accessible
parameter to yes
.
- name: example1
community.aws.redshift:
identifier: mycluster
command: create
db_name: mydb
node_type: ds1.xlarge
username: "{{ username }}"
password: "{{ password }}"
publicly_accessible: yes
encrypted
parameter is set to false
.
- name: Basic AMI Creation
amazon.aws.ec2_ami:
state: present
instance_id: i-xxxxxx
name: test_ami
device_mapping:
device_name: /dev/sda
encrypted: false