🚀 Join our AI Wargame at Black Hat Asia and our Workshop + Wargame at NDC Sydney .

Typosquatting

Typosquatting happens when a user mistypes an input (e.g. URL, email, dependency package, etc.) and does not visually verify if it is correct. As a result, the user is directed to an adversary-controlled destination or may include a malicious dependency in their code. There are many varieties of typosquatting and a program should prevent them or warn the user.

Remediation:

  • Input Validation Strategy: Assume all input is malicious and use an "accept known good" input validation strategy. Reject any input that does not conform to specifications
  • When performing input validation, consider all potentially relevant properties including length, type, range of acceptable value, missing or extra inputs, syntax etc.
  • Inputs should be decoded and canonicalized to the application's current internal representation before being validated (link:CWE-180)
  • Make sure that the application does not decode the same input twice (link:CWE-174). Such errors could be used to bypass allow list validation schemes by introducing dangerous inputs after they have been checked.

Metadata

  • Severity: medium
  • Slug: typosquatting

CWEs

  • 176: Improper Handling of Unicode Encoding
  • 1007: Insufficient Visual Distinction of Homoglyphs Presented to User

Available Labs

Open Csharp labs in SecDim Play for this vulnerability.

Try it yourself

Find, Hack and Fix Your First Vulnerability

Reading about security bugs is one thing — fixing one is how the skill sticks. Play a free challenge from the wargame, no setup required.