Page 277 - StudyBook.pdf
P. 277

Communication Security: Web Based Services • Chapter 5  261


                          ■   Threat Modeling, http://msdn2.microsoft.com/en-us/
                              security/aa570411.aspx


                    One scripting vulnerability to watch out for occurs within Internet Server
                 Application Programming Interface (ISAPI) scripts.The command RevertToSelf()
                 allows the script to execute any following commands at a system-level security
                 context.The RevertToSelf function is properly used when an application has been
                 running in the context of a client, to end that impersonation. However, in a prop-
                 erly designed ISAPI script, this command should never be used. If this command is
                 present, the code has been altered or was designed by a malicious or inexperienced
                 coder.The presence of such a command enables attacks on a Web server through
                 the submission of certain Uniform Resource Locator (URL) syntax constructions.


                 EXAM WARNING

                      We mentioned logic bombs in Chapter 2 in a very simplified manner.
                      Here, we look at logic bombs in a practical sense, as written into the
                      code itself. Remember that for the Security+ exam, a logic bomb is an
                      attack that is set off or begins to run when a certain variable is met
                      within the code. Using the RevertToSelf() function is a practical example
                      of such an attack in action.




                    It is important that any scripts used on a Web site are fully understood. Not
                 only does this refer to code that is taken from the Internet, but also those that have
                 been developed by other people within the organization.This is particularly impor-
                 tant if there has been a change in personnel who have administrative access to the
                 Web server, such as developers whose employment has been terminated or who are
                 disgruntled for other reasons. Periodic reviews of code can help identify potential
                 problems, as can auditing permissions on the Web server. By checking permissions
                 and scripts, you may find potential backdoors.As mentioned in the previous sec-
                 tion, no directories should have any more permissions than are absolutely needed.
                 If access is too high, then it should be lowered to an appropriate level to avoid any
                 issues that could occur at a later time.










                                                                              www.syngress.com
   272   273   274   275   276   277   278   279   280   281   282