Security Code Review – String Search Patterns For Authorization Vulnerabilities

These are the questions and the search criteria I use to identify authorization vulnerabilities in the code beyond web.config <authorization> node.

• How does the code protect access to page classes?

Attributes

Search for PrincipalPermission attributes. If there is no match, the code does not perform standard authorization checks.

findstr /S /I "PrincipalPermission" *.cs

Empirical checks

Search for empirical IsInRole calls. If there is no match, the code does not perform standard authorization checks.

findstr /S /I "IsInRole" *.cs

Rolemanager

Search for empirical IsUserInRole calls for Rolemanager API. If there is no match, the code does not perform standard authorization checks.

findstr /S /I "IsUserInRole" *.cs

• Does the code use Server.Transfer?

When the code uses Server.Transfer it may improve performance but potentially it may pose a threat of elevation of privileges, more info is here Performance Gain - Security Risk

findstr /S /I "Transfer" *.cs

Related posts

• Security Code Review – String Search Patterns For Finding Input Validation Vulnerabilities
• Security Code Review – String Search Patterns For Authentication Vulnerabilities
• SOA, Strong Authentication, Standard Authorization - Cool Solution
• Authentication Hub

Comments

• Anonymous
  July 24, 2008
  PingBack from http://blog.a-foton.ru/2008/07/security-code-review-%e2%80%93-string-search-patterns-for-authorization-vulnerabilities/