DEV Community

Cover image for Web Vulnerabilities: Romantic Conversations of a Vulnerable Application Part 1
femolacaster
femolacaster

Posted on • Edited on

Web Vulnerabilities: Romantic Conversations of a Vulnerable Application Part 1

This article is a collection of conversations between two lovers – Mr. Hacksaw and Miss App which unfortunately can be used to explain the concept of web vulnerabilities.

So, the background of the story.

Mr. Hacksaw is a handsome man. A player who has mastered the art of seduction and finds joy in breaking into women’s hearts and leaving them devastated.

On the other hand, Miss App is a young lady, short in length 😊 who takes her job seriously. Miss App is robust in bodily features with a portable structure. Her job is to render high software support services and her customers are always happy because she is always available and never under-performing. Miss App is said to be a highly functional individual and can be trusted even when non-functional.

Because of this, Miss App had a lot of clients doing business with her which included Mr. Hacksaw. Over time, Mr. Hacksaw got to bond deeply with Miss App and she threw caution to the winds, becoming vulnerable gradually. The evolution of these vulnerabilities can be found in some conversations they had as seen below.

Active Session Hijacking- Day 3

Miss App: So much traffic today, business is moving fast. (sees Mr. Hacksaw) Oh! Mr. Hacksaw, you are here again. Do you want anything?

Mr. Hacksaw: Nothing really. I just want to borrow some of your time.

Miss App: Oh! Many clients need my services now, Hacksaw. But I can stop communicating with this particular client for a minute to hear what you have to say. You have the floor, Hacksaw.

Mr. Hacksaw: (Hacksaw steals client’s session and uses it to steal sensitive client information as App’s attention is divided) Would you be available for a date tomorrow?

Miss App: Hmm... Yes. But you know I am always working and anything can come up at any time. I hope you don’t mind if I come with the client files for the date.

Mr. Hacksaw: Sure. No problems.

Cross-Site Request Forgery- Day 4

Miss App: Oh! I like this site you picked for the date. It’s a break from my domain. Gosh! I have worked too much this week.

Mr. Hacksaw: I know right. So, tell me, how do you structure yourself to handle the client’s enormous problems? Also, in any case, a client needs to change his or her personal details, what is the process?

(Miss App spills her internal structure while Mr. Hacksaw excuses himself for a while and comes back to slip wrong information with the exact structure explained into the client’s file as App's attention was fixed in Hacksaw's handsome face)

Miss App: It was a beautiful time with you, Hacksaw. I really enjoyed myself. Sorry, I had to bring these files along. I would be taking them now back to my domain for immediate processing. I would miss you, baby.

Mr. Hacksaw: Same here, cupcake. Bye.

The next series reveals more conversations between Miss App and Mr. Hacksaw.

Top comments (0)

Some comments have been hidden by the post's author - find out more