Framework and Application-Specific Vulnerabilities                          Chapter 9

            Exploiting RESTful MVC Routing Patterns

            Because Rails is so opinionated toward RESTful MVC patterns applied to CRUD apps, the
            URL routing structure is often easy to intuit. Understanding the  SFTPVSDF BDUJPO and
             SFTPVSDF \JEFOUJGJFS^ BDUJPO patterns allows an attacker to play around with
            potentially dangerous paths like  VTFST \JEFOUJGJFS^ VQEBUF that can be inferred
            from simple observation.


            Checking the Version for Particular Weaknesses

            As an application framework, Rails, like all popular software, has gotten waves of security
            updates over the years, addressing critical issues like handling SQL injection from within
            Active Record, or extending the CSRF protection scheme to include more basic request
            types. But because the barrier to building a Rails application is so low, and the language
            and framework are so productivity-friendly, Rails apps are often spun up quickly. And
            since Rails is a common small business/prototyping solution that is nevertheless often
            pressed into mature production service, there's a healthy amount of legacy Rails code out
            there. That combination of a quickly-assembled architecture with expectations of longevity,
            exacerbated by the plug-n-play nature of Rails scaffolding (entire CRUD apps can be
            created with just a few opinionated commands) means that Rails can be particularly
            susceptible to vulnerabilities caused by misconfigurations or unsafe defaults.



            Testing Cookie Data and Authentication

            Rails makes it very easy to store potentially secure information as cookies, and is therefore
            more susceptible to leaking potential information through cookies that are encoded, but it's
            (critically) not encrypted.



            Django ` Strategies for the Python App


            Django, as a common framework for quickly building CRUD-style apps that's been
            successfully implemented in a dynamically-typed language designed for developer
            productivity, naturally suffers many of the same pitfalls as Rails and shares many of the
            same weaknesses. Django also holds a strong opinion about RESTful, MVC-centric URL
            routing, allowing for the same URL hacking discussed in the preceding section. That said,
            Django provides a lot of great, global protections for common vulnerabilities like CSRF,
            XSS, and injection attacks out-of-the-box.



                                                    [ 158 ]