# What you'll learn

After watching this video, you will be able to: 
* Describe broken access control, cryptographic failures, and injection.
* Explain ways to prevent broken access control, cryptographic failures, and injection.

# What is access control?

* Access control is when specific rights (or permissions) are granted to authenticated users allowing them access to applications and resources.
* Access control allows users the right or the privilege to utilize the resources and features for which access has been granted .
* Access control provides users with their own workspace without requiring any other rights other than those provided to them.
* Access control enforces security policies so that users can’t act outside of their intended permissions when using applications, systems, or other resources.

# What is broken access control?

Broken access control is when attackers can access, modify, delete, or perform actions outside of an application or system’s intended permissions. 
* Hackers who exploit access control vulnerabilities could compromise your application's security, tarnish your company's image, and even result in financial loss.
* Hackers tamper with information in URLs to see if there’s anything exploitable.
* For example, if a user's ID is visible in the URL, attackers can try and change it to see if something happens.
* If it does, confidentiality could be compromised, and the security of your application is at risk.
* Broken access control is the number one vulnerability in the 2022 OWASP Top 10.
* It is one of a web application's most encountered vulnerabilities.

# Broken access control prevention

![image.png](attachment:9cae0699-9025-41b1-9dd7-b39367fc6449.png)

Here are some things you can do to prevent broken access control: 
* **Assigning limited privileges to users enables them to remain in their privileged workspace**: Limited access rights prevent users from secretly moving around in an environment they are not permitted to be in or making unauthorized changes.
* **Regular access control checks are beneficial to security**: It ensure that administrators will always be aware of the levels of access users require according to their level, both horizontally and vertically.
* **Distribute limited public information about your application**: 
    * Making too much information publicly available can also harm your application's security by unintentionally opening gates for attackers to exploit your application.
    * Limit public information to only what is necessary to keep your application safe.
* **Disable directory listings in URLs to prevent the outside world from knowing where pages reside in your web server's directory**.
    * You may have noticed that a file path is sometimes visible in a URL.
    * Hackers consider that an open invitation to your web server's directory listings.
* **Alert your system administrators if you notice any access control failures recorded in the server logs**: You don't want the logs to record access control failures and do nothing about them.

# What are cryptographic failures?

![image.png](attachment:6bc4409f-8703-425d-b252-c5772c999f78.png)

Cryptography is achieved by using multiple encryption methods.
* If you plan to use encryption in your application, you should be aware of cryptographic failures.
* Let's look at this example: Perhaps your HTTP request holds some information associated with sensitive information, such as a user ID or a credit card number.
* If the user ID is 123 and you use the encryption to change it to a random string, it can only be read or understood if it is decrypted by the intended recipient.
* If your HTTP request, passed along in the URL, uses weak or well-known encryption methods, your data will likely encounter a cryptographic failure that will leak or expose your sensitive data or information to attackers.

# Cryptographic failures prevention

* Attackers can easily decrypt traditional encryption methods.
* The best strategy to prevent cryptographic failures is to encrypt all sensitive data stored in the database using authenticated encryption instead of traditional encryption methods.
* Encrypt all data that is actively being transmitted or is at rest.
* Also, it’s important to understand that HTTPS is secure, while HTTP is not.
* Websites using HTTP are more likely to be attacked because they are not secure.
* HTTPS ensures that information is encrypted during transmission, which keeps your data safe and secure.
* Avoid using old protocols such as SMTP and FTP.
* They are more prone to man-in-the-middle attacks.

# Encryption key best practices

* Encryption keys are essential and are prime targets for hackers.
* A compromised key can give them access to a trove of personal information and intellectual property.
* Never hard code them in your software application.
* Keys should be limited to a single, specific purpose.
* Follow a key lifecycle and management process.
* Be sure to back them up and store them securely to keep them safe.

# What is injection?

* Injection occurs when untrusted information is transmitted to an interpreter with a command, query, or hostile data.
* It works by tricking (or fooling) the interpreter into executing unintended commands to allow hackers unauthorized access to data.
* Common types of injection attacks include: 
    * SQL injection, 
    * Operating system command injection, 
    * HTTP Host header injection, 
    * LDAP injection, 
    * Cross-site scripting code injection, and 
    * Code injection.

# Injection prevention

The best way to eliminate injection attacks is to:
* Use a secure API that avoids using the interpreter or offers a parameterized interface.
* Blocking keywords or special characters by using an escape list can help.
* Keeping your keyword list updated regularly is always a best practice.
* Sanitize statements by checking to see if the attackers are utilizing select statements.

# Summary

In this video, you learned that: 
* One of the most common vulnerabilities in online applications is broken access control.
* Hackers who exploit access control vulnerabilities could compromise your application's security, tarnish your company's image, and even result in financial loss.
* There are multiple encryption methods available for achieving cryptography.
* A well-known encryption method could leak or expose sensitive data to the public.
* Important strategies for reducing encryption failures include using authenticated encryption on all sensitive data stored in the database and encrypting all data at rest and during transmission.
* Use HTTPS instead of HTTP and avoid old protocols like SMTP and FTP, which are prone to man-in-the-middle attacks.
* Injection attacks occur when untrusted information is transmitted to an interpreter with a command, query, or hostile data.
* Examples of injection attacks are code injection, SQL injection, operating system command injection, cross-site scripting, and LDAP injection.