aashishrbhandari · October 24, 2021 10:10
diff --git a/Security Learning b/Security Learning
 SQL Injection Types: Ref: https://www.imperva.com/learn/application-security/sql-injection-sqli/
    In-band SQLi:
        Use same communication channel to both launch the attack and gather results.
        SubTypes:
            Error-based SQLi:
                relies on error messages thrown by the database server to obtain information about the structure of the database.
            Union-based SQLi:
                UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response.
    Inferential (Blind) SQLi
        No data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band (which is why such attacks are commonly referred to as “Blind SQL Injection Attacks”).
        SubTypes:
            Boolean-based (content-based) Blind SQLi:
                relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
            Time-based Blind SQLi:
                relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding.
    
    Out-of-band SQLi
        this form of attack when certain features are enabled on the database server used by the web application.


 WASC: Web Application Security Consortium
 Web Top 10: 

    Injection:
        Including SAST and DAST tools in your CI/CD pipeline
    
    Broken Authentication:
    
    Sensitive Data Exposure
        
    
  
    
 API Top 10:  
    API1:2019 — Broken object level authorization
        Improper Access COntrol like IDOR
    API2:2019 — Broken authentication
        Poorly implemented API authentication allows attackers to assume other users’ identities.
    API3:2019 — Excessive data exposure
        expose a lot more data in the API Result/Response, which is then filtered by the App Logic
    API4:2019 — Lack of resources and rate limiting
        Can Lead to DOS due to Hugh Requests or Hugh Payload Sizes, Brute force attacks
    API5:2019 — Broken function level authorization
        A Normal user can URL File Path to access Admin URL
        - Proper Access Control
    API6:2019 — Mass assignment
        An API call to set a Field, If it is not validated, Whitelisted, the attacker can use another field which should have not been permitted to EDit and can edit, due to improper Validation on Server Side.the code might accept the request
    API7:2019 — Security Mis-Configuration
        Weak TLS, Default Username Password, Unprotected files and directories, Unnecessary features enabled, Over Exposed Logs
    API8:2019 — Injection
        Attackers construct API calls that include SQL, NoSQL, LDAP, OS, or other commands that the API or the backend behind it blindly executes.
        SQL, NoSQL, LDAP, OS commands, XML Parsers, Object-Relational Mapping (ORM)
    API9:2019 — Improper assets management
        Implement additional external controls, such as API firewalls.
    API10:2019 — Insufficient logging and monitoring
        - Logs gives a lot Important Insights, it can help you find failed attempts, request limit, injection, etc 


 Mobile Top 10:
    M1 Improper platform usage
        platform permissions, misuse of TouchID, misuse of keychain, 
    M2 Insecure data storage
        
    

 Xposed Framework: Can Work With ROOT, without ROOT

 Thick Client: 
    Hard-coded Sensitive Information in Code & Config/Log files
    Unquoted Service Paths
    DLL Hijacking
    SQL Injection
    Lack of code obfuscation
    Buffer Overflow
    


 Static Analysis     SAST
 Dynamic Analysis    DAST
	SQL Injection Types: Ref: https://www.imperva.com/learn/application-security/sql-injection-sqli/
	In-band SQLi:
	Use same communication channel to both launch the attack and gather results.
	SubTypes:
	Error-based SQLi:
	relies on error messages thrown by the database server to obtain information about the structure of the database.
	Union-based SQLi:
	UNION SQL operator to combine the results of two or more SELECT statements into a single result which is then returned as part of the HTTP response.
	Inferential (Blind) SQLi
	No data is actually transferred via the web application and the attacker would not be able to see the result of an attack in-band (which is why such attacks are commonly referred to as “Blind SQL Injection Attacks”).
	SubTypes:
	Boolean-based (content-based) Blind SQLi:
	relies on sending an SQL query to the database which forces the application to return a different result depending on whether the query returns a TRUE or FALSE result.
	Time-based Blind SQLi:
	relies on sending an SQL query to the database which forces the database to wait for a specified amount of time (in seconds) before responding.

	Out-of-band SQLi
	this form of attack when certain features are enabled on the database server used by the web application.


	WASC: Web Application Security Consortium
	Web Top 10:

	Injection:
	Including SAST and DAST tools in your CI/CD pipeline

	Broken Authentication:

	Sensitive Data Exposure




	API Top 10:
	API1:2019 — Broken object level authorization
	Improper Access COntrol like IDOR
	API2:2019 — Broken authentication
	Poorly implemented API authentication allows attackers to assume other users’ identities.
	API3:2019 — Excessive data exposure
	expose a lot more data in the API Result/Response, which is then filtered by the App Logic
	API4:2019 — Lack of resources and rate limiting
	Can Lead to DOS due to Hugh Requests or Hugh Payload Sizes, Brute force attacks
	API5:2019 — Broken function level authorization
	A Normal user can URL File Path to access Admin URL
	- Proper Access Control
	API6:2019 — Mass assignment
	An API call to set a Field, If it is not validated, Whitelisted, the attacker can use another field which should have not been permitted to EDit and can edit, due to improper Validation on Server Side.the code might accept the request
	API7:2019 — Security Mis-Configuration
	Weak TLS, Default Username Password, Unprotected files and directories, Unnecessary features enabled, Over Exposed Logs
	API8:2019 — Injection
	Attackers construct API calls that include SQL, NoSQL, LDAP, OS, or other commands that the API or the backend behind it blindly executes.
	SQL, NoSQL, LDAP, OS commands, XML Parsers, Object-Relational Mapping (ORM)
	API9:2019 — Improper assets management
	Implement additional external controls, such as API firewalls.
	API10:2019 — Insufficient logging and monitoring
	- Logs gives a lot Important Insights, it can help you find failed attempts, request limit, injection, etc


	Mobile Top 10:
	M1 Improper platform usage
	platform permissions, misuse of TouchID, misuse of keychain,
	M2 Insecure data storage



	Xposed Framework: Can Work With ROOT, without ROOT

	Thick Client:
	Hard-coded Sensitive Information in Code & Config/Log files
	Unquoted Service Paths
	DLL Hijacking
	SQL Injection
	Lack of code obfuscation
	Buffer Overflow



	Static Analysis SAST
	Dynamic Analysis DAST