.NET: Backend Security Basics

.NET: Backend Security Basics

Learn about code vulnerability, why it happens, and how to eliminate it

Select a tutorial and start sharpening your skills!

This is a free version.

SQL Injection

SQL Injection is a type of application security vulnerability whereby a malicious user is able to manipulate the SQL statements that the server-side application sends to the backend database server for execution. A successful SQL injection attack exposes the data of the underlying database directly to the attacker. Play and Learn...

5-8 MIN

SQL Injection

XXE Processing

XML External Entity (XXE) Processing is a type of application security vulnerability whereby a malicious user can attack poorly configured/implemented XML parser within an application. Malicious external entity references can be forced by an attacker, which results in unauthorized read-access to sensitive files on the server that the XML parser runs from. Denial of Service is another potential outcome. Play and Learn...

5-8 MIN

XXE Processing
Available in Full Version only

Directory (Path) Traversal

Directory (Path) Traversal is an application vulnerability that allows an attacker to access directories and files that are stored outside the web root folder. This type of vulnerability is found in applications that make insecure references to files based on the user-supplied input. A classic example is manipulating file location input variables with “dot-dot-slash (../)” sequences and its variations, to access arbitrary files and directories of the server's file system, such as sourcecode or password files, or other sensitive files. Play and Learn...

5-8 MIN

Directory (Path) Traversal
Available in Full Version only

Server-Side Request Forgery

Server-Side Request Forgery (SSRF) allows an attacker to craft requests originating from the vulnerable server, thus bypassing the firewall and providing the attacker with a channel to use a server's authorization and authentication to perform attacks on the other servers inside the protected network. Play and Learn...

5-8 MIN

Server-Side Request Forgery
Available in Full Version only

Race Condition

Race conditions arise from multiple processes/threads that operate on related entities in an OS that has preemptive scheduling. This module explains race condition issues and their exploits, and presents a few techniques that help avoid such issues.

5-8 MIN

Race Condition
Available in Full Version only

Denial of Service via Unrestricted File Upload

Uploaded files could represent a significant risk to the application. Using a file upload, attackers could deliver some malicious code to the system. After that, they only need to find a way to get the code executed. The consequences of the unrestricted file upload vary from a simple defacement to a complete system takeover, depending on where the application stores the uploaded files and what it does with them. To protect against attacks via the unrestricted file upload, one should analyze everything the application does with those files and implement a defense-in-depth strategy. Play and Learn...

5-8 MIN

Denial of Service via Unrestricted File Upload
Available in Full Version only

Command Injection

A Command Injection vulnerability results in the execution of arbitrary system commands on the host operating system. Command Injection attacks are possible when an application passes unsafe user-supplied data (forms, cookies, HTTP headers, etc.) to a system command. The malicious system command is run server-side with the same privileges as the application. Play and Learn...

5-8 MIN

 Command Injection
Available in Full Version only

Second Order SQL Injection

Second-Order SQL Injection happens when a malicious user saves the malicious payload in the database of a server-side application, and then this saved payload is used by another server-side application in its requests to the database. A successful Second-Order SQL injection attack exposes the data of the underlying database directly to the attacker. Play and Learn...

5-8 MIN

Second Order SQL Injection
Available in Full Version only

Encoding vs. Hashing vs. Encryption

From a security perspective, developers sometimes tend to use encoding and/or hashing instead of encryption to maintain data confidentiality. This leads to inevitable data leakage and flawed security because neither encoding nor hashing should be used for this purpose. Play and Learn...

5-8 MIN

Encoding vs. Hashing vs. Encryption
Available in Full Version only

Password Storage

Databases containing emails, passwords, and other sensitive user data are among the most sought-after trophies for hackers. There exist different approaches to the protection of sensitive data - especially passwords - in the database. Some of them don't help a lot, some - provide a sufficient level of protection. Play and Learn...

5-8 MIN

Password Storage
Available in Full Version only

LDAP Injection

Lightweight Directory Access Protocol (LDAP) injection is an attack that targets web applications utilizing directory services. The attack is possible when attackers can manipulate filters that define what data should be retrieved from the LDAP server. A successful LDAP injection can lead to the disclosure of sensitive user data, the elevation of privileges or even the authentication bypass. Play and Learn...

5-8 MIN

LDAP Injection
Available in Full Version only

Components With Known Vulnerabilities

Code libraries, both proprietary and third-party, need constant maintenance and updates. Even if the proprietary code is 100% secure, failure to update third-party components, and particularly updates that mitigate security vulnerabilities, will likely leave environments vulnerable to attack. Play and Learn...

5-8 MIN

Components With Known Vulnerabilities
Available in Full Version only

Insecure Object Deserialization

Insecure Object Deserialization is a security vulnerability that permits an attacker to abuse application logic, deny service, or execute arbitrary code, when an object is being deserialized. Play and Learn...

5-8 MIN

Insecure Object Deserialization
Available in Full Version only

Insecure TLS Validation

Insecure TLS validation is a security vulnerability that permits an attacker to bypass SSL pinning. Play and Learn...

5-8 MIN

Insecure TLS Validation
Available in Full Version only

Cross Site Request Forgery (POST)

Cross-Site Request Forgery (CSRF) is an application security vulnerability that permits an attacker to force another logged-in user of the application to perform actions within that application without realizing. The classic example is Bob and Alice both being logged-in users of an online banking application, and Bob tricks Alice into making a funds transfer to Bob's account with CSRF. Importantly, in CSRF attacks the attacker does not have a direct mechanism for seeing the application's response to the victim. Play and Learn...

5-8 MIN

Cross Site Request Forgery (POST)
Available in Full Version only

Vertical Privilege Escalation

Missing Function Level Access Control is an application vulnerability that allows either an Anonymous User or Legitimate User of the application to access the create, read, update and/or delete functionality belonging to another user of the application. This example we show how Vertical Privilege Escalation is a potential outcome of this vulnerability. Play Learn...

5-8 MIN

Vertical Privilege Escalation
Available in Full Version only

Horizontal Privilege Escalation

Horizontal Privilege Escalation is an application vulnerability that allows one (normal) User of an application to create, read, update and/or delete the data belonging to another (normal) User. This type of vulnerability is often the result of errors in the authorization logic. Play and Learn...

5-8 MIN

Horizontal Privilege Escalation
Available in Full Version only

User Enumeration

User Enumeration is a type of application security vulnerability whereby the vulnerable web application reveals whether a username (email address or account name) exists or not, this can be a consequence of a misconfiguration or a design decision. The information obtained via user enumeration can then be used by an attacker to gain a list of users on the system. This information can be used to further attack the web application, for example, such as through a brute force credential guessing attack. Play and Learn...

5-8 MIN

User Enumeration
Available in Full Version only

Leftover Debug Code

A common development practice is to add "back door" code specifically designed for debugging or testing purposes that is not intended to be shipped or deployed with the application. When this sort of debug code is accidentally left in the application, the application is open to unintended modes of interaction. These back-door entry points create security risks because they are not considered during design or testing and fall outside of the expected operating conditions of the application. Play and Learn...

5-8 MIN

Leftover Debug Code