CIT 380: Securing Computer Systems
|
|
- Abner Shaw
- 5 years ago
- Views:
Transcription
1 CIT 380: Securing Computer Systems Secure Programming Slide #1
2 Topics 1. The nature of trust 2. Input validation 3. Input entry points 4. Integer overflows 5. Format string attacks Slide #2
3 Trust Relationships Relationship between multiple entities. Assumptions that certain properties are true. example: input has a certain format Assumptions that other properties are false. example: input never longer than X bytes Trustworthy entities satisfy assumptions. Slide #3
4 Who do you trust? Client users example: encryption key embedded in client Operating system example: dynamicly loaded libraries Calling program example: environment variables Vendor example: Borland Interbase backdoor , only discovered when program made open source Slide #4
5 Trust is Transitive If you call another program, locally or across the network, you are trusting the entities that it trusts. Processes you spawn run with your privileges. Did you run the program you think you did? PATH and IFS environment variables What input format does it use? Shell escapes in editors and mailers What output does it send you? Slide #5
6 Validate All Input Never trust input. Assume dangerous until proven safe. Prefer rejecting data to filtering data. Difficult to filter out all dangerous input Every component should validate data. Trust is transitive. Don t trust calling component. Don t trust called component: shell, SQL Slide #6
7 Validation Techniques Indirect Selection Allow user to supply index into a list of legitimate values. Application never directly uses user input. Whitelist List of valid patterns or strings. Input rejected unless it matches list. Blacklist List of invalid patterns or strings. Input reject if it matches list. Slide #7
8 Validation Actions Sanitize Attempt to fix input by removing dangerous parts. Reject Refuse to use invalid input. Reject with Explanation Explain problems with input to user. Refuse to use invalid input. Log Record invalid input in log file. Alert Send an alert to an administrator about input. Slide #8
9 Usability Validation Security Validation Usability Validation helps legitimate users Catch common errors. Provide easy to understand feedback. Client-side feedback is helpful for speed. Security Validation mitigates vulnerabilities Catches potential attacks, including unusual, unfriendly types of input. Provide little to no feedback on reasons for blocking input. Cannot trust client. Always server side. Slide #9
10 Check Input Length Long input can result in buffer overflows. Can also cause DoS due to low memory. Truncation vulnerabilities 8-character long username column in DB. User tries to enter admin x as username. DB returns no match since name is 9 chars. App inserts data into DB, which truncates. Later SQL queries will return both names, since MySQL ignores trailing spaces on string comparisons. Slide #10
11 Check Input Type Is input the type you expect? Integer Temperature (integer within specified range) Money value (fixed point) Name (alphabetic string allowing, -, spaces) If not, reject input. Slide #11
12 Python: Input Type Check Example def readinteger(): while True: try: return int(raw_input()) except ValueError: pass Slide #12
13 Check Input Syntax Is input in correct format? Phone number (xxx-xxx-xxxx format) International phone number (more options) Credit card number (format, Luhn checksum) URL address If not, reject input. Slide #13
14 Python: Input Syntax Check import re def readphonenumber(): while True: phone = raw_input() if re.match(r ^[0-9]{3}-[0-9]{4}$', phone): return phone print('invalid phone number. Try again:') Slide #14
15 Regular Expression Validation Beginnings and Endings 1. Begin with ^ to match beginning of input. 2. End with $ to match end of input. 3. Use both to ensure re matches entire input. Optional Components with ()? Syntax ^\d{5}(-\d{4})?$ will match 5- and 9-digit zip codes. Limitations Cannot match complex types of input, such as programming languages or markup languages, or subsets of them, like XML or JSON. Slide #15
16 Input Entry Points 1. Command line arguments 2. Environment variables 3. Paths 4. Shell input 5. Database input 6. Other input types Slide #16
17 Command Line Arguments Scripts access in different ways Python: argv, getopt.getopt class Ruby: ARGV, OptionParser class Shell: $1, $2,, getopt function Check carefully, since there may be an 1. Unlimited number of arguments. 2. Unlimited length of any argument. 3. Argument lengths can even be 0. Slide #17
18 Dangerous Environment Variables PATH Search path for binaries Attacker puts directory with hacked binary first in PATH so his ls used instead of system ls Avoid. as attacker may place hacked binaries in directory program sets CWD to IFS Internal field separator for shell Used to separate command line into arguments Attacker sets to / : /bin/ls becomes bin and ls Slide #18
19 Dangerous Environment Variables LD_PRELOAD Programs loads functions from library specified in LD_PRELOAD before searching for system libraries. Can replace any library function. setuid root programs don t honor this variable. LD_LIBRARY_PATH Specify list of paths to search for shared libs. Store hacked version of library in first directory. Modern libc implementation disallow for setuid/setgid. Slide #19
20 Securing Your Environment Setting a Secure Environment in Shell Create a wrapper script that clears environment #!/bin/bash /usr/bin/env -i /path/to/your/script At the top of your script set needed env variables PATH=/bin:/usr/bin IFS= \t\n Setting a Secure Environment in Ruby ENV = { PATH => /bin:/usr/bin, IFS => \t\n } Slide #20
21 Paths If attacker controls paths used by program Can read files accessible by program. Can write files accessible by program. Vulnerability if access is different than attackers Privileged (SETUID) local programs. Remote server applications, including web. Directory traversal Use../../.. to climb out of application s directory and access files. Slide #21
22 Canonicalization How to make correct access control decisions when there are many names? config./config /etc/program/config../program/config /tmp/../etc/program/config Canonical Name: standard form of a name Generally simplest form. Canonicalize name then apply access control. Use realpath() in C to canonicalize. Slide #22
23 Common Naming Issues. represents current directory.. represents previous directory Case sensitivity Windows allows both / and \ in URLs. Windows 8.3 representation of long names Two names for each file for backwards compat. Trailing dot in DNS names == URL encoding Slide #23
24 Win/Apache Directory Traversal Found in Apache and earlier. To view the file winnt\win.ini, use: 2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.i ni which is the escaped form of Slide #24
25 Command Injection Find program that invokes a subshell command with user input Shell: every command with user input Perl: system(), ``, open() Ruby: system(), ``, %x{}, IO.popen(), etc. Python: os.system(), os.popen(), etc. Attack uses shell meta-characters to insert user-defined code into the command. Slide #25
26 UNIX Shell Metacharacters `command` will execute command ; separates commands creates a pipe between two commands && and logical operators which may execute following command! logical negation reverses truth value of test - could convert filename into an argument * and? glob, matching files, which may be interpreted as args: what if -rf is file? # comments to end of line Slide #26
27 Command Injection in Ruby Vulnerable Code file = gets.chomp system( cat #{file} ) Fixed Code file = gets.chomp system( cat, file) system() argument handling String: send string to bash as command line List: fork and exec first argument w/o bash. Slide #27
28 Unsigned Integers Slide #28
29 Java Factorial Program public static void main(string args[]) { long product = 1; for(int i = 1; i <= 21; i++) { System.out.print(i); System.out.print("! = "); product *= i; System.out.println(product); } } Slide #29
30 Output 1! = 1 2! = 2 3! = 6. 20! = ! = Slide #30
31 Integer Overflows in Voting Broward County 2004 election Amendment 4 vote was reported as tied. Software from ES&S Systems reported a large negative number of votes. Discovery revealed that Amendment 4 had passed by a margin of over 60,000 votes. Slide #31
32 Format Strings Formatted output functions use format lang. Percent(%) symbols in string indicate substitutions. %[flags][width][.precision][length]specifier Example format specifiers %010d, 2009: %4.2f, : 3.14 Example functions printf() scanf() syslog() Slide #32
33 Format String Vulnerabilities User-specified format strings userstring = foo %x ; printf( userstring ); Where can it find arguments to replace %x? The Stack: %x reads 4-bytes higher in stack Solution: Use printf( %s, userstring ) or fputs( userstring ) Slide #33
34 %n format command Number of characters written so far is stored into the integer indicated by the int * pointer argument. char buf[] = " "; int *n; printf( buf=%s%n\n", buf, n); printf("n=%d\n", *n); Output: buf= n=14 Slide #34
35 %n format attack Plan of Attack Find address of variable to overwrite Place address of variable on stack (as part of format string) so %n will write to that address Write # of characters equal to value to insert into variable (use precision, e.g., %.64x) Use %n to write anywhere in memory Address on stack can point to any location Slide #35
36 Key Points 1. All input must be validated, using best technique possible: 1. Indirect Selection 2. Whitelist 3. Blacklist 2. Check input length, type, and syntax. 1. Regular expressions are useful when used with anchors to whitelist input, but cannot validate languages like XML or JSON. 2. To check URL or filesystem paths, programs must canonicalize them first to avoid path manipulation attacks. 3. Vulnerabilities 1. Buffer overflows overwrite process memory, allowing injection and execute of machine code sent by attacker. 2. Integer overflows allow control of integer variable values. 3. Format string attacks allow reading and writing of memory. Slide #36
37 References 1. Brian Chess and Jacob West, Secure Programming with Static Analysis, Addison-Wesley, Goodrich and Tammasia, Introduction to Computer Security, Pearson, John Viega and Gary McGraw, Building Secure Software, Addison-Wesley, David Wheeler, Secure Programming for UNIX and Linux HOWTO, Slide #37
CSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationCIT 380: Securing Computer Systems. Software Security
CIT 380: Securing Computer Systems Software Security Topics 1. The problem of software security 2. System security standards 3. Secure lifecycle 4. Buffer overflows 5. Integer overflows 6. Format string
More informationSecure Programming Lecture 7: Injection
Secure Programming Lecture 7: Injection David Aspinall, Informatics @ Edinburgh 10th February 2017 Outline Ranking vulnerabilities by type Trust assumptions Command injection Meta-characters in shell commands
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationWEB HACKING. Unit43-WebHacking
WEB HACKING Unit43-WebHacking What You Will Find Out About Broad classes of web hacking opportunities Several types of web server vulnerabilities 2 Web Hacking Opportunities Web Server Vulnerabilities
More informationCIT 480: Securing Computer Systems. Software Security
CIT 480: Securing Computer Systems Software Security Topics 1. The problem of software security 2. System security standards 3. Secure lifecycle 4. Buffer overflows 5. Integer overflows 6. Format string
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationThe Most Dangerous Software Errors
What is CWE? What is CWE? Secure Programming Lecture 7: Injection David Aspinall, Informatics @ Edinburgh 5th February 2016 Idea: organise CVEs into categories of problem Use categories to describe scope
More informationWeb Penetration Testing
Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and
More informationSecure Programming Learning objectives. and Best Practices. Windows shells Launches programs, including other shells Provides
2 Learning objectives 1 Secure Programming Shell and Environment Flaws Ahmet Burak Can Hacettepe University Understand how shells interpret commands, launch and provide environments for processes Understand
More informationSecure Programming. Shell and Environment Flaws. Ahmet Burak Can Hacettepe University
Secure Programming Shell and Environment Flaws 1 Ahmet Burak Can Hacettepe University 2 Learning objectives Understand how shells interpret commands, launch and provide environments for processes Understand
More informationSecure Programming. CSC 482/582: Computer Security Slide #1
Secure Programming CSC 482/582: Computer Security Slide #1 Topics 1. Robust and Secure Programming 2. Race Conditions and TOCTOU vulnerabilities 3. Error Handling 4. Securing Secrets in Memory 5. Secure
More informationSecure Programming. Input Validation. Learning objectives Code Injection: Outline. 4 Code Injection
Secure Programming Input Validation 2 Learning objectives Understand the definition of code injection Know how code injection happens Learn how to perform input validation and cleansing 1 Ahmet Burak Can
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationSecure Programming I. Steven M. Bellovin September 28,
Secure Programming I Steven M. Bellovin September 28, 2014 1 If our software is buggy, what does that say about its security? Robert H. Morris Steven M. Bellovin September 28, 2014 2 The Heart of the Problem
More informationInjection. CSC 482/582: Computer Security Slide #1
Injection Slide #1 Topics 1. Injection Attacks 2. SQL Injection 3. Mitigating SQL Injection 4. XML Injection Slide #2 Injection Injection attacks trick an application into including unintended commands
More informationBasic Buffer Overflows
Operating Systems Security Basic Buffer Overflows (Stack Smashing) Computer Security & OS lab. Cho, Seong-je ( 조성제 ) Fall, 2018 sjcho at dankook.ac.kr Chapter 10 Buffer Overflow 2 Contents Virtual Memory
More informationInjection vulnerabilities: command injection and SQL injection
Injection vulnerabilities: command injection and SQL injection Questões de Segurança em Engenharia de Software (QSES) Departamento de Ciência de Computadores Faculdade de Ciências da Universidade do Porto
More informationComputer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 04r. Pre-exam 1 Concept Review Paul Krzyzanowski Rutgers University Spring 2018 February 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Key ideas from the past four lectures February 15, 2018
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationSQL Injection. EECS Introduction to Database Management Systems
SQL Injection EECS3421 - Introduction to Database Management Systems Credit "Foundations of Security: What Every Programmer Needs To Know" (Chapter 8) by Neil Daswani, Christoph Kern, and Anita Kesavan
More informationCYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 Secure Coding String management Pointer Subterfuge
More information2/9/18. CYSE 411/AIT681 Secure Software Engineering. Readings. Secure Coding. This lecture: String management Pointer Subterfuge
CYSE 411/AIT681 Secure Software Engineering Topic #12. Secure Coding: Formatted Output Instructor: Dr. Kun Sun 1 This lecture: [Seacord]: Chapter 6 Readings 2 String management Pointer Subterfuge Secure
More informationUMSSIA LECTURE I: SOFTWARE SECURITY
UMSSIA LECTURE I: SOFTWARE SECURITY THINKING LIKE AN ADVERSARY SECURITY ASSESSMENT Confidentiality? Availability? Dependability? Security by Obscurity: a system that is only secure if the adversary doesn
More informationHomework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08
Homework 3 CS161 Computer Security, Fall 2008 Assigned 10/07/08 Due 10/13/08 For your solutions you should submit a hard copy; either hand written pages stapled together or a print out of a typeset document
More informationBash command shell language interpreter
Principles of Programming Languages Bash command shell language interpreter Advanced seminar topic Louis Sugy & Baptiste Thémine Presentation on December 8th, 2017 Table of contents I. General information
More informationCS390S, Week 6: Shells and Environment
CS390S, Week 6: Shells and Environment Pascal Meunier, Ph.D., M.Sc., CISSP February 13, 2008 Developed thanks to support and contributions from Symantec Corporation, support from the NSF SFS Capacity Building
More informationOutline. Classic races: files in /tmp. Race conditions. TOCTTOU example. TOCTTOU gaps. Vulnerabilities in OS interaction
Outline CSci 5271 Introduction to Computer Security Day 3: Low-level vulnerabilities Stephen McCamant University of Minnesota, Computer Science & Engineering Race conditions Classic races: files in /tmp
More informationSoftware and Web Security 1. Root Cause Analysis. Abstractions Assumptions Trust. sws1 1
Software and Web Security 1 Reflections on using C(++) Root Cause Analysis Abstractions Assumptions Trust sws1 1 There are only two kinds of programming languages: the ones people complain about and the
More informationOutline. Security as an economic good. Risk budgeting with ALE. Failure: Risk compensation. Failure: Displacement activity
CSci 5271 Introduction to Computer Security Day 2: Intro to Software and OS Security Stephen McCamant University of Minnesota, Computer Science & Engineering Security as an economic good Security is a
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 16: Building Secure Software Department of Computer Science and Engineering University at Buffalo 1 Review A large number of software vulnerabilities various
More informationOther array problems. Integer overflow. Outline. Integer overflow example. Signed and unsigned
Other array problems CSci 5271 Introduction to Computer Security Day 4: Low-level attacks Stephen McCamant University of Minnesota, Computer Science & Engineering Missing/wrong bounds check One unsigned
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Homework 1 Due: Wednesday, February 9, at 9:59pm Instructions. Submit your solution by Wednesday, February 9, at 9:59pm, in the drop box labelled CS161 in 283
More informationWindows architecture. user. mode. Env. subsystems. Executive. Device drivers Kernel. kernel. mode HAL. Hardware. Process B. Process C.
Structure Unix architecture users Functions of the System tools (shell, editors, compilers, ) standard library System call Standard library (printf, fork, ) OS kernel: processes, memory management, file
More informationReflections on using C(++) Root Cause Analysis
Hacking in C Reflections on using C(++) Root Cause Analysis Abstractions Complexity Assumptions Trust hic 1 There are only two kinds of programming languages: the ones people complain about and the ones
More informationSample slides and handout
www.securecodingacademy.com Join the Secure Coding Academy group on LinkedIn and stay informed about our courses! [FOOTER] Sample slides and handout 2016 SCADEMY Secure Coding Academy Confidential. These
More informationChapter 1 - Introduction. September 8, 2016
Chapter 1 - Introduction September 8, 2016 Introduction Overview of Linux/Unix Shells Commands: built-in, aliases, program invocations, alternation and iteration Finding more information: man, info Help
More informationBasics. proper programmers write commands
Scripting Languages Basics proper programmers write commands E.g. mkdir john1 rather than clicking on icons If you write a (set of) command more that once you can put them in a file and you do not need
More informationIntroduction Variables Helper commands Control Flow Constructs Basic Plumbing. Bash Scripting. Alessandro Barenghi
Bash Scripting Alessandro Barenghi Dipartimento di Elettronica, Informazione e Bioingegneria Politecnico di Milano alessandro.barenghi - at - polimi.it April 28, 2015 Introduction The bash command shell
More informationCOMP 4/6262: Programming UNIX
COMP 4/6262: Programming UNIX Lecture 12 shells, shell programming: passing arguments, if, debug March 13, 2006 Outline shells shell programming passing arguments (KW Ch.7) exit status if (KW Ch.8) test
More informationReview of Fundamentals
Review of Fundamentals 1 The shell vi General shell review 2 http://teaching.idallen.com/cst8207/14f/notes/120_shell_basics.html The shell is a program that is executed for us automatically when we log
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationShellbased Wargaming
Shellbased Wargaming Abstract Wargaming is a hands-on way to learn about computer security and common programming mistakes. This document is intended for readers new to the subject and who are interested
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More informationModule: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Program Vulnerabilities Professor Trent Jaeger 1 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationECE 471 Embedded Systems Lecture 22
ECE 471 Embedded Systems Lecture 22 Vince Weaver http://www.eece.maine.edu/~vweaver vincent.weaver@maine.edu 31 October 2018 Don t forget HW#7 Announcements 1 Computer Security and why it matters for embedded
More informationbash, part 3 Chris GauthierDickey
bash, part 3 Chris GauthierDickey More redirection As you know, by default we have 3 standard streams: input, output, error How do we redirect more than one stream? This requires an introduction to file
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationUnix Introduction to UNIX
Unix Introduction to UNIX Get Started Introduction The UNIX operating system Set of programs that act as a link between the computer and the user. Developed in 1969 by a group of AT&T employees Various
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password? SAFEBANK Bank of the Safe
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationControl Flow Hijacking Attacks. Prof. Dr. Michael Backes
Control Flow Hijacking Attacks Prof. Dr. Michael Backes Control Flow Hijacking malicious.pdf Contains bug in PDF parser Control of viewer can be hijacked Control Flow Hijacking Principles Normal Control
More informationUNIX System Programming Lecture 3: BASH Programming
UNIX System Programming Outline Filesystems Redirection Shell Programming Reference BLP: Chapter 2 BFAQ: Bash FAQ BMAN: Bash man page BPRI: Bash Programming Introduction BABS: Advanced Bash Scripting Guide
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 2 Question 1 Software Vulnerabilities (15 min) For the following code, assume an attacker can control the value of basket passed into eval basket.
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationATTACKING SYSTEM & WEB Desmond Alexander CISSP / GIAC/ GPEN CEO FORESEC
ATTACKING SYSTEM & WEB Desmond Alexander CISSP / GIAC/ GPEN CEO FORESEC AGENDA VULNERABILITIES OF WEB EXPLOIT METHODS COUNTERMEASURE About Me DIRECTOR OF FORESEC COUNTER TERRORIST ACTION TEAM RESEARCH
More informationA shell can be used in one of two ways:
Shell Scripting 1 A shell can be used in one of two ways: A command interpreter, used interactively A programming language, to write shell scripts (your own custom commands) 2 If we have a set of commands
More informationAdvanced System Security: Vulnerabilities
Advanced System Security: Vulnerabilities Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University CSE544 -Advanced
More informationSQL Injection Attacks and Defense
SQL Injection Attacks and Defense Justin Clarke Lead Author and Technical Editor Rodrigo Marcos Alvarez Dave Hartley Joseph Hemler Alexander Kornbrust Haroon Meer Gary O'Leary-Steele Alberto Revelli Marco
More informationCSE543 - Introduction to Computer and Network Security
CSE543 - Introduction to Computer and Network Security Module: Software Vulnerabilities Professor Trent Jaeger 1 Programming Why do we write programs? Function What functions do we enable via our programs?
More informationProcesses. What s s a process? process? A dynamically executing instance of a program. David Morgan
Processes David Morgan What s s a process? process? A dynamically executing instance of a program 1 Constituents of a process its code data various attributes OS needs to manage it OS keeps track of all
More informationFinding Vulnerabilities in Source Code
Finding Vulnerabilities in Source Code Jason Miller CSCE 813 Fall 2012 Outline Approaches to code review Signatures of common vulnerabilities Language-independent considerations Tools for code browsing
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationOn The Effectiveness of Address-Space Randomization. H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004
On The Effectiveness of Address-Space Randomization H. Shacham, M. Page, B. Pfaff, E.-J. Goh, N. Modadugu, and D. Boneh Stanford University CCS 2004 Code-Injection Attacks Inject malicious executable code
More informationLecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion
IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection
More informationSymlink attacks. Do not assume that symlinks are trustworthy: Example 1
Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or
More informationB a s h s c r i p t i n g
8 Bash Scripting Any self-respecting hacker must be able to write scripts. For that matter, any selfrespecting Linux administrator must be able to script. Hackers often need to automate commands, sometimes
More informationSoftware Security Buffer Overflows more countermeasures. Erik Poll. Digital Security Radboud University Nijmegen
Software Security Buffer Overflows more countermeasures Erik Poll Digital Security Radboud University Nijmegen Recap last week Recurring security problems in C(++) code memory corruption, due to buffer
More informationCS 642 Homework #4. Due Date: 11:59 p.m. on Tuesday, May 1, Warning!
CS 642 Homework #4 Due Date: 11:59 p.m. on Tuesday, May 1, 2007 Warning! In this assignment, you will construct and launch attacks against a vulnerable computer on the CS network. The network administrators
More informationOne-Slide Summary. Lecture Outline. Language Security
Language Security Or: bringing a knife to a gun fight #1 One-Slide Summary A language s design principles and features have a strong influence on the security of programs written in that language. C s
More informationCSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the server-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Threat model In these scenarios: The server is benign The client is malicious The client
More informationInformation Security CS 526
Information Security CS 526 Topic 12-13 Software 1 Readings for This Lecture Wikipedia Privilege escalation Directory traversal Time-of-check-to-time-of-use Buffer overflow Stack buffer overflow Buffer
More informationHW 8 CS681 & CS392 Computer Security Understanding and Experimenting with Memory Corruption Vulnerabilities DUE 12/18/2005
HW 8 CS681 & CS392 Computer Security Understanding and Experimenting with Memory Corruption Vulnerabilities 1 Motivation DUE 12/18/2005 Memory corruption vulnerabilities to change program execution flow
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationI m paranoid, but am I paranoid enough? Steven M. Bellovin February 20,
I m paranoid, but am I paranoid enough? Steven M. Bellovin February 20, 2007 1 Special Techniques for Secure Programs Buffer overflows are bad in any case Some problems are only a risk for secure programs
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?
More informationSecure Software Development: Theory and Practice
Secure Software Development: Theory and Practice Suman Jana MW 2:40-3:55pm 415 Schapiro [SCEP] *Some slides are borrowed from Dan Boneh and John Mitchell Software Security is a major problem! Why writing
More informationBuffer overflow is still one of the most common vulnerabilities being discovered and exploited in commodity software.
Outline Morris Worm (1998) Infamous attacks Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 23rd January 2014 Recap Simple overflow exploit
More informationWho s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl
Who s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl 1 http://xkcd.com/327/ 2 What Is SQL Injection? Incorrectly validated or nonvalidated string literals are concatenated into
More informationComputer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring Topic Notes: C and Unix Overview
Computer Science 2500 Computer Organization Rensselaer Polytechnic Institute Spring 2009 Topic Notes: C and Unix Overview This course is about computer organization, but since most of our programming is
More informationProcesses. Johan Montelius KTH
Processes Johan Montelius KTH 2017 1 / 47 A process What is a process?... a computation a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other
More informationCS 356 Systems Security Spring 2015
CS 356 Systems Security Spring 2015 http://www.cs.colostate.edu/~cs356 Dr. Indrajit Ray http://www.cs.colostate.edu/~indrajit Original slides by Lawrie Brown. Adapted for CS 356 by Indrajit Ray Software
More informationWhy bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions?
Jeroen van Beek 1 Why bother? Default configurations Buffer overflows Authentication mechanisms Reverse engineering Questions? 2 Inadequate OS and application security: Data abuse Stolen information Bandwidth
More informationIs stack overflow still a problem?
Morris Worm (1998) Code Red (2001) Secure Programming Lecture 4: Memory Corruption II (Stack Overflows) David Aspinall, Informatics @ Edinburgh 31st January 2017 Memory corruption Buffer overflow remains
More informationA process. the stack
A process Processes Johan Montelius What is a process?... a computation KTH 2017 a program i.e. a sequence of operations a set of data structures a set of registers means to interact with other processes
More informationLinux shell scripting Getting started *
Linux shell scripting Getting started * David Morgan *based on chapter by the same name in Classic Shell Scripting by Robbins and Beebe What s s a script? text file containing commands executed as a unit
More informationBuffer overflow prevention, and other attacks
Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks
More information20: Exploits and Containment
20: Exploits and Containment Mark Handley Andrea Bittau What is an exploit? Programs contain bugs. These bugs could have security implications (vulnerabilities) An exploit is a tool which exploits a vulnerability
More informationGetting started with Java
Getting started with Java Magic Lines public class MagicLines { public static void main(string[] args) { } } Comments Comments are lines in your code that get ignored during execution. Good for leaving
More informationCreating a Shell or Command Interperter Program CSCI411 Lab
Creating a Shell or Command Interperter Program CSCI411 Lab Adapted from Linux Kernel Projects by Gary Nutt and Operating Systems by Tannenbaum Exercise Goal: You will learn how to write a LINUX shell
More information5/8/2012. Exploring Utilities Chapter 5
Exploring Utilities Chapter 5 Examining the contents of files. Working with the cut and paste feature. Formatting output with the column utility. Searching for lines containing a target string with grep.
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationArchitecture. Steven M. Bellovin October 31,
Architecture Steven M. Bellovin October 31, 2016 1 Web Servers and Security The Web is the most visible part of the net Two web servers Apache (open source) and Microsoft s IIS dominate the market Apache
More information