Why Are Privileges Important For Secure Coding?
Authentication and Authorization are two most fundamental security aspects for applications. While authentication determines a user’s identity, authorization on the other hand determines what privileges the authenticated users have. While both authentication and authorization are crucial for security of an application, this article provides an overview of how and why privileges are important in securing applications.
What is authentication
Authentication is the security process that allows users/applications to verify their identities in order to gain access to a particular account or service. This typically happens when users login to applications, however this can also happen for applications to connect to other services behind the scenes. For example, an application requires authentication to a database to be able to verify the user supplied credentials.
The following picture shows the flow of a typical user authentication process in web applications.
- A user opens a login page on a website and enters credentials. The credentials in a simplistic form can be username and password. However, in highly security sensitive applications, additional steps such as multi factor authentication may be required.
- Once the application’s server side code receives the user supplied credentials, it needs to validate them by providing these credentials to a database.
- Once the application successfully authenticates, the user supplied credentials are verified and if they match with the already stored credentials, the user is authenticated and access is provided to the account.
What is authorization?
Authorization is the process, which determines whether access to a requested resource should be granted or denied. The terms authentication and authorization are often misunderstood. Authentication validates the identity, whereas authorization validates if an authenticated user has access to a specific resource.
Web Applications often contain features that may be accessed by users with different roles. Following is a high level design of a simple web application with two different user roles.
As we can notice the application has a standard user role and admin role. Administrator role in the application comes with more privileges, which include control over all users in the database. This could include creating user accounts, resetting user passwords and deleting user accounts.
Why are privileges important?
When applications contain multiple roles, there is a potential risk of access control/authorization related security issues. Considering the same application as an example, let us assume that a standard user has gained access to the administrator’s dashboard by accessing a direct URL associated with the admin dashboard, which may look as follows.
This is a serious security risk as an unauthorized user can control all other users in the application. Accessing direct URL is just an example and this may be achieved in various other ways. This is why it is important to consider implementing appropriate access controls in web applications. They also need administrators to manage the application’s access control rules and the granting of permissions or entitlements to users and other entities. There are various access control design methodologies available and choosing the most appropriate one depends on the application. Ideally a risk assessment should be done on the application in order to properly understand the threats and vulnerabilities specific to this application. This will help determine which type of access control methodology is appropriate for an application.
Privilege escalation attacks in web applications
Privilege Escalation is broadly categorized into two types.
- Horizontal Privilege Escalation
- Vertical Privilege Escalation
Horizontal Privilege Escalation
When a user with low privileges can access the resources or data of other users with same privileges, it is called horizontal privilege escalation.
Vertical Privilege Escalation
When a user with low privileges can obtain higher privileges than what is intended by the system administrator, it is known as Vertical Privilege Escalation.
Horizontal Privilege Escalation is typically seen in web applications, where one user will be able to access the resources of another user. Let us assume that a user has performed a transaction online, and he was given a transaction ID to verify his transaction details at a later point in time. The URL can look as shown below.
Now, the user can change this ID to something else, and he can view the transaction details associated with that ID if the application is vulnerable.
This is a simple example of horizontal privilege escalation in web applications.
The principle of least privilege is an essential component of information assurance and security activities. Access control issues are often dangerous as they can lead to attacks such as privilege escalation. In the next few articles, we will discuss how least privilege vulnerabilities can be exploited and mitigated.