This post contains string search patterns that can help identifying authentication vulnerabilities during security code inspection for your ASP.NET application. Most common vulnerability is about insecurely manipulating credentials in the code. The question we want to actually ask is:
- Are you passing clear text credentials?
The associated threat is identity theft or identity spoof that can be achieved by disclosing the credentials or/and tampering it.
What to Search for and Why
Credentials are usually required when accessing a down stream resource – database, web service, active directory, MQSeries, or any other. This information can be easily obtained from the architecture document. Following are possible searches that can lead you to the hotspots to nail potential authentication vulnerabilities:
findstr /S /I ".Open( " *.cs
findstr /S /I ".Credentials =" *.cs
LogonUser API – usually used for impersonation
findstr /S /I "LogonUser" *.cs
This one is my favorite. This search pattern is actually trying to spot the anti-pattern of identifying end user. The assumption here is that when there is no matches for that search then the solution either does not identifies the requests or uses home grown solution which might be potential vulnerability in both cases.
findstr /S /I “.Identity" *.cs
Other than above searches it is good idea to review the web.config file for potential clear text credentials.
Got more suggestions for search patters to identify potential authentication vulnerabilities? – Please, share!
- Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities
- Avoid Manipulating Passwords In Memory – It Is Easy To Reveal
- Authentication And Identity Flow When ASP Page Consumes ASP.NET Web Service
- Security Educational Workshop – Authentication Explained
- SOA, Strong Authentication, Standard Authorization – Cool Solution
- Authentication Hub