Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
These are the questions and the search criteria I use to identify authorization vulnerabilities in the code beyond web.config <authorization> node.
- How does the code protect access to page classes?
Attributes
Search for PrincipalPermission attributes. If there is no match, the code does not perform standard authorization checks.
findstr /S /I "PrincipalPermission" *.cs
Empirical checks
Search for empirical IsInRole calls. If there is no match, the code does not perform standard authorization checks.
findstr /S /I "IsInRole" *.cs
Rolemanager
Search for empirical IsUserInRole calls for Rolemanager API. If there is no match, the code does not perform standard authorization checks.
findstr /S /I "IsUserInRole" *.cs
- Does the code use Server.Transfer?
When the code uses Server.Transfer it may improve performance but potentially it may pose a threat of elevation of privileges, more info is here Performance Gain - Security Risk
findstr /S /I "Transfer" *.cs
Related posts
- Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities
- Security Code Review – String Search Patterns For Authentication Vulnerabilities
- SOA, Strong Authentication, Standard Authorization - Cool Solution
- Authentication Hub
Comments
- Anonymous
July 24, 2008
PingBack from http://blog.a-foton.ru/2008/07/security-code-review-%e2%80%93-string-search-patterns-for-authorization-vulnerabilities/