The Common Weakness Enumeration (CWE™) Top 25 Most Dangerous Software Errors (CWE Top 25) is a demonstrative list of the most widespread and critical weaknesses that can lead to serious vulnerabilities in software. These weaknesses are often easy to find and exploit. They are dangerous because they will frequently allow adversaries to completely take over execution of software, steal data, or prevent the software from working. The CWE Top 25 is a community resource that can be used by software developers, software testers, software customers, software project managers, security researchers, and educators to provide insight into some of the most prevalent security threats in the software industry.
To create the list, the CWE Team used a data-driven approach that leverages published Common Vulnerabilities and Exposures (CVE®) data and related CWE mappings found within the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD), as well as the Common Vulnerability Scoring System (CVSS) scores associated with each of the CVEs. A scoring formula was then applied to determine the level of prevalence and danger each weakness presents. This data-driven approach can be used as a repeatable, scripted process to generate a CWE Top 25 list on a regular basis with minimal effort.
reference:
Top 25 is list here :
reference:
one-way hash : A one-way hash maps data of arbitrary size to a bit-string of fixed size ( the hash value ) such that the process is infeasible to invert. Used in cryptographic functions, such as strong passwords securely
salt : A salt is randow data that is used as an additional input to a one-way function that hashes a password or passpharse. it ensures the randomness of the hashed outcome, making the hash very difficult to crack.
brute-force attacks : In a brute-force attacks, the attacker iteratively tries hashing all possible values and compares the hashes to the stored hashes.
( if weak hashing is used, even strong passwords can be easily compromised by brute-force attacks).
[ In practice, even when strong hashing is used, hashed passwords might be vulnerable to dictionary attacks ].
what is dictionary attacks ?
In a dictionary attacks, the attacker hashes a list ( dictionary ) of possible passwords and compares them to stored hashes.
How to prevent weak hashing ?
Generate a random salt
[ each time you process a new password. Add the salt to the plaintext password before hashing it. When you store the hash, also store the salt ]
suggestion:
Do not use the same salt for every password that you process (CWE-760).
Use one-way hashing
[ that allow you to configure many rounds, such as bcrypt. This may increase the expense when processing incoming authentication requests, but if the hashed passwords are ever stolen, it significantly increases the effort for conducting a brute force attack, including rainbow tables
Testing [ How to test the weak hashing vulnerabilities ? ]
Find the hashes used by the application.
Determine the algorithm used for hashing.
Decide whether the hashing algorithm matches application security requirements:
Make sure that an iterative hashing algorithm with a sufficient number of rounds is used.
Make sure that a unique salt is used for each password and is stored with the hash.
Not using a salt, not using an iterative algorithm, or not using a sufficiently large amount of round all constitute weaknesses of this type.
No comments:
Post a Comment