Analysis of Modern Computing Threats: Injection and Server Side Request Forgery

Date

2022-09

Journal Title

Journal ISSN

Volume Title

Publisher

Yeshiva University

YU Faculty Profile

Abstract

In the modern world, digital computing and the Internet define the way we live our lives. Banking, commerce, transit, and even most jobs rely on various computing systems. Due to the importance of these systems, it is imperative that they stay secure from malicious attacks. To protect against such attacks, it is necessary to understand exactly what vulnerabilities exist, and how exactly to exploit them. It is a cybersecurity axiom that there is no security through obscurity. It is not enough to simply hide the implementation details; the security implementer must know how to break into a system to better protect it.¶ The core question that this thesis will address is how many of today’s major services are vulnerable to easily automated and commonplace cybersecurity attacks. This thesis will present a broad overview of two types of vulnerabilities (Injection (A03), and Server Side Request Forgery (A10)), how to exploit them, and give some historical examples. Finally, the conclusion will attempt to show approximately how many web pages are potentially vulnerable.¶ Due to legal constraints, I can only test websites that have a “safe harbor” clause, but malicious users have no such constraints. Consequently, this paper cannot fully determine the scope of vulnerability. Generally, it is not possible to probe for vulnerabilities without exploiting them, and since the researcher is knowingly and intentionally attempting to access unauthorized content, there is legal liability.

Description

Undergraduate honors thesis / YU only

Keywords

cybersecurity, vulnerabilities, Injection (A03), Server Side Request Forgery (A10)

Citation

Mankowitz, B. (2022, September). Analysis of Modern Computing Threats: Injection and Server Side Request Forgery [Undergraduate honors thesis, Yeshiva University.]