After our article summarizing and describing the 10 most frequent web attacks (as listed in the OWASP TOP 10), we now focus on each of them and explain what was set up within our very high security Cloud, CerberHost, to protect websites against it.
Among these attacks, one is very poorly media-covered and thus not well known: it is the attack by CSRF.
What is a CSRF vulnerability
It is a flaw that will affect web applications (website, mobile application, etc…) whose functionalities are known (like adding a user account, changing a password, adding files). It is for instance the case of open-source web applications (ex: WordPress) or even services that are open to the public (ex: Facebook, Gmail, etc…)
The attacker will use social engineering to attract a victim who is logged in on the attacked web application, in order to send him to another website.
Let us take the example of a Facebook user. If Facebook had a CSRF vulnerability and a hacker wanted to exploit it, one of the possible scenarios would be as follows:
- The Facebook user is connected to his account
- He receives a message offering to discover a photo album where he will have the possibility to download the pictures he likes, for free (social engineering act)
- The user clicks on the link and is redirected to another website where the photos are presented
- By clicking on the action “download the picture”, he will not only download it, but also allow the pirate to make an action on Facebook, by sending a request to the vulnerable website
- The result of these actions can “simply” be the post of a message from the Facebook account fo the user, the modification of his password, the creation of a new account, the retrieving of his data, etc… There are plenty of opportunities here and it range from spamming to the complete theft of databases
The attacker’s website often has interactive functions such as forms (ex: connect via Facebook). When the victim validates the form, it triggers the requested download but also the sending of a request to the vulnerable application. For instance, a button allowing to validate the form will actually send the following request:
POST /login/password-change.php HTTP/1.1
Here, the attacker managed to change the password of his victim’s account on the vulnerable application. There are many risks here, from the theft and the modification of information to the depositing of files enable then code execution.
For more details on the type of risks linked to avulnerable web application, discover our detailed article here: Cybersecurity, an unknown and underestimated stake.
These vulnerabilities are exploitable because the attacker knows the set of parameters to be included in the requests. The idea, to protect yourself against these attacks, is to make sure the attacker does not know the whole content of the request. It is thus necessary to add a random parameter, like for instance authentication token, which will be contained in every request and whose value is random for each connection.
CerberHost’s answers to CSRF
Before any production launch on our CerberHost infrastructure, a security review is made by our security department experts, in order to notice right away the potential “classic” vulnerabilities on the website. Within this review, if a CSRF vulnerability is found, then concrete advice will be given to set up an adapted protection.
CerberHost protects your website against all Top 10 OWASP attacks, and much more.
To discover CerberHost in pictures, watch its presentation video HERE.