Typosquatting

Typosquatting happens when a user mistypes an input (e.g. URL, email, dependency package, etc.) and does not visually verify if it is correct. As a result, the user is directed to an adversary-controlled destination or may include a malicious dependency in their code. There are many varieties of typosquatting and a program should prevent them or warn the user.

Remediation:

Input Validation Strategy: Assume all input is malicious and use an "accept known good" input validation strategy. Reject any input that does not conform to specifications
When performing input validation, consider all potentially relevant properties including length, type, range of acceptable value, missing or extra inputs, syntax etc.
Inputs should be decoded and canonicalized to the application's current internal representation before being validated (link:CWE-180)
Make sure that the application does not decode the same input twice (link:CWE-174). Such errors could be used to bypass allow list validation schemes by introducing dangerous inputs after they have been checked.

Metadata

Severity: medium
Slug: typosquatting

CWEs

176: Improper Handling of Unicode Encoding
1007: Insufficient Visual Distinction of Homoglyphs Presented to User

Available Labs

Open Python labs in SecDim Play for this vulnerability.

medium

Typosquatting.py

Python Medium Django Signature

Play AppSec WarGames

Want to skill-up in secure coding and AppSec? Try SecDim Wargames to learn how to find, hack and fix security vulnerabilities inspired by real-world incidents.

For Companies Play Now

Got a comment?

Join our secure coding and AppSec community. A discussion board to share and discuss all aspects of secure programming, AppSec, DevSecOps, fuzzing, cloudsec, AIsec code review, and more.