Blog of Sampath Rajapakse

Let's see why OAuth is important? OAuth is a specification that allows users to delegate access to their data without sharing their username and password with that service. That's cool. But why do you care, as a developer? There's a lot of information and a lot of uses that OAuth provides, that you wouldn't normally get without it, which include things like social graphs of your users, sharing information via your users, things like tweeting and posting to Facebook. You can aggregate user data in order to find interests, etc. about your users. In our day to day interactions on internet, we come across with lots of websites where we have to create accounts to use the website for our work.  If you use different credentials for different accounts, it becomes worse where you have to remember all your usernames and passwords for each website. In order to address this issue, modern websites make use of the OAuth protocol with the concepts of “Identity Federation” and “Del...

This post is a continuation of the previous post  which refers what is Cross Site Request Forgery (CSRF) and how we can prevent this attack using Synchronizer Token Pattern. As I've mentioned in the previous post there are mainly two ways of preventing a CSRF attack. In this post we will discuss how to prevent a CSRF attack using Double Submit Cookie Pattern. To get a basic understanding of how CSRF work please refer the previous post . Double Submit Cookie Pattern If storing the CSRF token in session is problematic, an alternative defense is use of a double submit cookie. A double submit cookie is defined as sending a random value in both a cookie and as a request parameter, with the server verifying if the cookie value and request value match. When a user authenticates to a site, the site should generate a (cryptographically strong) pseudo-random value and set it as a cookie on the user’s machine separate from the session ID. The server does not have to save this va...

First, Let's see what is CSRF and it's impact on the vulnerability of a system. According to CWE  , it's stated that when the application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request is known as CSRF. Describing it furthermore, when a web server is designed to receive a request from a client without any mechanism for verifying that it was intentionally sent, then it might be possible for an attacker to trick a client into making an unintentional request to the web server which will be treated as an authentic request. This can be done via a URL, image load, XMLHttpRequest, etc. and can result in exposure of data or unintended code execution. In 2010 this vulnerability was ranked at number 5 at OWASP Top 10 Most Critical Web Application Security Risks index , but by the extreme awareness provided by the industry has made this vulnerability to drop out of Top 10 ...