Context-Sensitive Program Analysis as Database Queries
|
|
- Tracy Eaton
- 6 years ago
- Views:
Transcription
1 Context-Sensitive Program Analysis as Database Queries Monica Lam Stanford University Team: John Whaley, Ben Livshits, Michael Martin, Dzintars Avots, Michael Carbin, Chris Unkel
2 Emacs Grep State-of-the-Art Programming Tools IDE: integrated program development environment (e.g. Eclipse) Smarter syntactic searches What programmers want: Information about dynamic behavior Compiler (data-flow) analysis
3 PQL: Program Query Language User: Queries on dynamic behavior of programs PQL: Resolve with static (and dynamic) analyses Important problems Database security Easy queries PQL (declarative) Datalog Deep analyses A deductive database Accurate answers Sound:all errors, few false warn.
4 Hard Important Problems
5 Web Applications Hacker Browser Web App Database Evil Input Confidential information leak
6 Web Application Vulnerabilities 48% of all vulnerabilities Q3-Q4, 24 Up from 39% Q-Q2, 4 [Symantec May 2, 25] 5% databases had a security breach [22 Computer crime & security survey]
7 Top Ten Security Flaws in Web Applications [OWASP]. Unvalidated Input 2. Broken Access Control 3. Broken Authentication and Session Management 4. Cross Site Scripting (XSS) Flaws 5. Buffer Overflows 6. Injection Flaws 7. Improper Error Handling 8. Insecure Storage 9. Denial of Service. Insecure Configuration Management
8 Vulnerability Alerts SecurityFocus.com, on May 6, 25
9 25-5-6: JGS-Portal Multiple Cross-Site Scripting and SQL Injection Vulnerabilities : WoltLab Burning Board Verify_ Function SQL Injection Vulnerability : Version Cue Local Privilege Escalation Vulnerability : NPDS THOLD Parameter SQL Injection Vulnerability : DotNetNuke User Registration Information HTML Injection Vulnerability : Pserv completedpath Remote Buffer Overflow Vulnerability : DotNetNuke User-Agent String Application Logs HTML Injection Vulnerability : DotNetNuke Failed Logon Username Application Logs HTML Injection Vulnerability : Mozilla Source Suite And Firefox DOM Property of vulnerabilities Overrides Code Execution Vulnerability : Sigma ISP Manager Sigmaweb.DLL SQL Injection Vulnerability : Mozilla Suite And Firefox Multiple Script Manager Security Bypass Vulnerabilities : PServ Remote Source Code Disclosure Vulnerability : PServ Symbolic Link Information Disclosure Vulnerability : Pserv Directory Traversal Vulnerability : MetaCart E-Shop ProductsByCategory.ASP Cross-Site Scripting Vulnerability : WebAPP Apage.CGI Input Remote Command validation: Execution Vulnerability 62% : OpenBB Multiple Validation Vulnerabilities : PostNuke Blocks Module Directory Traversal Vulnerability : MetaCart E-Shop SQL V-8 IntProdID injection: Parameter Remote SQL Injection 26% Vulnerability : MetaCart2 StrSubCatalogID Parameter Remote SQL Injection Vulnerability : Shop-Script ProductID SQL Injection Vulnerability : Shop-Script CategoryID SQL Injection Vulnerability : SWSoft Confixx Change User SQL Injection Vulnerability : PGN2WEB Buffer Overflow Vulnerability : Apache HTDigest Realm Command Line Argument Buffer Overflow Vulnerability : Squid Proxy Unspecified DNS Spoofing Vulnerability : Linux Kernel ELF Core Dump Local Buffer Overflow Vulnerability : Gaim Jabber File Request Remote Denial Of Service Vulnerability : Gaim IRC Protocol Plug-in Markup Language Injection Vulnerability : Gaim Gaim_Markup_Strip_HTML Remote Denial Of Service Vulnerability : GDK-Pixbuf BMP Image Processing Double Free Remote Denial of Service Vulnerability : Mozilla Firefox Install Method Remote Arbitrary Code Execution Vulnerability : Multiple Vendor FTP Client Side File Overwriting Vulnerability : PostgreSQL TSearch2 Design Error Vulnerability : PostgreSQL Character Set Conversion Privilege Escalation Vulnerability
10 SQL Injection Errors Hacker Browser Web App Database Give me Bob s credit card # Delete all records
11 Happy-go-lucky SQL Query User supplies: name, password Java program: String query = SELECT UserID, Creditcard FROM CCRec WHERE Name = + name + AND PW = + password
12 Fun with SQL : the rest are comments in Oracle SQL SELECT UserID, CreditCard FROM CCRec WHERE: Name = bob AND PW = foo Name = bob AND PW = x Name = bob or = AND PW = x Name = bob; DROP CCRec AND PW = x
13 A Simple SQL Injection o = req.getparameter ( ); stmt.executequery ( o );
14 In Practice ParameterParser.java:586 String session.parameterparser.getrawparameter(string name) public String getrawparameter(string name) throws ParameterNotFoundException { String[] values = request.getparametervalues(name); if (values == null) { throw new ParameterNotFoundException(name + " not found"); } else if (values[].length() == ) { throw new ParameterNotFoundException(name + " was empty"); } return (values[]); } ParameterParser.java:57 String session.parameterparser.getrawparameter(string name, String def) public String getrawparameter(string name, String def) { try { return getrawparameter(name); } catch (Exception e) { return def; } }
15 In Practice (II) ChallengeScreen.java:94 Element lessons.challengescreen.dostage2(websession s) String user = s.getparser().getrawparameter( USER, "" ); StringBuffer tmp = new StringBuffer(); tmp.append("select cc_type, cc_number from user_data WHERE userid = ' ); tmp.append(user); tmp.append("' ); query = tmp.tostring(); Vector v = new Vector(); try { ResultSet results = statement3.executequery( query );...
16 PQL Dynamically: o = req.getparameter ( ); stmt.executequery (o); Statically: p = req.getparameter ( ); stmt.executequery (p 2 ); p and p 2 point to same object? Pointer alias analysis
17 SQL Injection in PQL query SQLInjection() returns object Object source, taint; uses object HttpServletRequest req, java.sql.statement stmt; matches { source = req.getparameter (); tainted := derivedstring(source); stmt.execute(tainted); } query derivedstring(object Object x) returns object Object y; uses object Object temp; matches { y := x { temp.append(x); y := derivedstring(temp); } }
18 Vulnerabilities in Web Applications Inject Parameters Hidden fields Headers Cookie poisoning X Exploit SQL injection Cross-site scripting HTTP splitting Path traversal
19 Big Picture Important problems Security Auditing, Debugging Easy queries PQL Deep analyses Accurate answers
20 Top 4 Techniques in PQL Implementation Drawn from 4 different fields Compiler Context-sensitive pointer analysis HW Verification BDD: binary decision diagrams Database Datalog AI Active machine learning
21 Compiler Context-sensitive pointer analysis HW Verification BDD: binary decision diagrams
22 Context-Sensitive Pointer Analysis L: a=malloc(); a=id(a); id(x) id(x) id(x) {return x;} L2: b=malloc( ); b=id(b); context-sensitive a L x context-insensitive b L2 x
23 # of Contexts is exponential!
24 Recursion A A B C D B C D E F E F E F E F G G G G
25 Top 2 Sourceforge Java Apps Number of Clones Number of clones.e+6 6.E+4.E+2 2.E+ 8.E+8.E+6 4.E+4.E+2.E+ Size of program (variable nodes)
26 Costs of Context Sensitivity Typical large program has ~ 4 paths If you need byte to represent a context: 256 terabytes of storage > 2 times size of Library of Congress GB DIMMs: $98.6 million Power: 96.4 kilowatts (28 homes) 3 GB hard disks: 939 x $25 = $234,75 Time to read sequential: 7.8 days
27 Cloning-Based Algorithm Whaley&Lam, PLDI 24 (best paper) Create a clone for every context Apply context-insensitive algorithm to cloned call graph Lots of redundancy in result Exploit redundancy by clever use of BDDs (binary decision diagrams)
28 Performance of BDD Algorithm Direct implementation Does not finish even for small programs > 3 lines of code Requires tuning for about year Easy to make mistakes Mistakes found months later
29 Automatic Analysis Generation PQL Ptr analysis in lines Thousand-lines year tuning Datalog BDD code bddbddb (BDD-based deductive database) with Active Machine Learning
30 Datalog BDD code bddbddb (BDD-based deductive database) with Active Machine Learning
31 Flow-Insensitive Pointer Analysis o : p = new Object(); o 2 : q = new Object(); p.f = q; r = p.f; Input Tuples vpointsto(p,o ) vpointsto(q,o 2 ) Store(p,f,q) Load(p,f,r) p o f q o 2 r New Tuples hpointsto(o,f,o 2 ) vpointsto(r,o 2 )
32 Stores: Inference Rule in Datalog hpointsto(h, f, h 2 ) :- Store(v, f, v 2 ), vpointsto(v, h ), vpointsto(v 2, h 2 ). v.f = v 2 ; v h v 2 h 2 f
33 Inference Rules vpointsto(v, h) :- vpointsto (v, h). vpointsto(v, h ) :- Assign(v, v 2 ), vpointsto(v 2, h ). hpointsto(h, f, h 2 ) :- Store(v, f, v 2 ), vpointsto(v, h ), vpointsto(v 2, h 2 ). vpointsto(v 2, h 2 ) :- Load(v, f, v 2 ), vpointsto(v, h ), hpointsto(h, f, h 2 ).
34 Pointer Alias Analysis Specified by a few Datalog rules Creation sites Assignments Stores Loads Apply rules until they converge
35 SQL Injection Query PQL: Datalog: SQLInjection: o = req.getparameter ( ); stmt.executequery ( o ); SQLInjection (o) :- calls(c,b,_, getparameter ), ret(b,v ),vpointsto(c, v,o), calls(c 2,b 2,_, executequery ), actual(b 2,,v 2 ),vpointsto(c 2,v 2,o)
36 Program Analyses in Datalog Context-sensitive Java pointer analysis C pointer analysis Escape analysis Type analysis External lock analysis Interprocedural def-use Interprocedural mod-ref Object-sensitive analysis Cartesian product algorithm 35
37 Datalog BDD code bddbddb (BDD-based deductive database) with Active Machine Learning
38 Example: Call Graph Relation Call graph expressed as a relation. Five edges: calls(a,b) calls(a,c) calls(a,d) calls(b,d) calls(c,d) B A D C
39 Call Graph Relation Relation expressed as a binary function. A=, B=, C=, D= x 3 f x 4 x 2 x B D C A
40 Binary Decision Diagrams Graphical encoding of a truth table. x edge edge x 2 x 2 x 3 x 3 x 3 x 3 x 4 x 4 x 4 x 4 x 4 x 4 x 4 x 4
41 Binary Decision Diagrams Collapse redundant nodes. x x 2 x 2 x 3 x 3 x 3 x 3 x 4 x 4 x 4 x 4 x 4 x 4 x 4 x 4
42 Binary Decision Diagrams Collapse redundant nodes. x x 2 x 2 x 3 x 3 x 3 x 3 x 4 x 4 x 4 x 4 x 4 x 4 x 4 x 4
43 Binary Decision Diagrams Collapse redundant nodes. x x 2 x 2 x 3 x 3 x 3 x 3 x 4 x 4 x 4
44 Binary Decision Diagrams Collapse redundant nodes. x x 2 x 2 x 3 x 3 x 3 x 4 x 4 x 4
45 Binary Decision Diagrams Eliminate unnecessary nodes. x x 2 x 2 x 3 x 3 x 3 x 4 x 4 x 4
46 Binary Decision Diagrams Eliminate unnecessary nodes. x x 2 x 2 x 3 x 3 x 4
47 Datalog BDDs Datalog Relations Relation ops:,, select, project Relation at a time Semi-naïve evaluation Fixed-point BDDs Boolean functions Boolean function ops:,,, Function at a time Incrementalization Iterate until stable
48 Binary Decision Diagrams Represent tiny and huge relations compactly Size depends on redundancy Similar contexts have similar numberings Variable ordering in BDDs
49 BDD Variable Order is Important! x x 2 + x 3 x 4 x x x 2 x 3 x 3 x 3 x 2 x 2 x 4 x 4 x <x 2 <x 3 <x 4 x <x 3 <x 2 <x 4
50 Variable Numbering: Active Machine Learning Must be determined dynamically Limit trials with properties of relations Each trial may take a long time Active learning: select trials based on uncertainty Several hours Comparable to exhaustive for small apps
51 Optimizations in bddbddb Algorithmic Clever context numbering to exploit similarities Query optimizations Magic-set transformation semi-naïve evaluation Compiler optimizations Redundancy elimination, liveness analysis BDD optimizations Active machine learning BDD library extensions and turning
52 Top 4 Techniques in PQL Compiler Context-sensitive pointer analysis HW Verification BDD: binary decision diagrams Database Datalog AI Active machine learning
53 Big Picture Important problems Security Easy queries PQL Datalog BDD (bddbddb) Deep analyses Context-sensitive pointers Accurate answers
54 Benchmark Nine large, widely used applications Blogging/bulletin board applications Used at a variety of sites Open-source Java J2EE apps Available from SourceForge.net
55 Vulnerabilities Found SQL injection HTTP splitting Cross-site scripting Path traveral Total Header 6 4 Parameter Cookie Non-Web Total
56 Accuracy 2 2 False Context sensitive Context insensitive 5356 Total 989 roller 889 pebble 867 road2hibernate 653 snipsnap 6 personalblog 428 blojsom 349 webgoat 36 blueblog 264 jboard Classes Benchmark
57 Related Work Program analysis as deductive queries Ullman, Principles of Databsae and Knowledge-Base Systems, 989
58 Reps, 994 bddbddb, 25 Problem data-flow analysis reaching def/slicing Coral Demand Driven Implementation ease magic set xform Slower software security pointer alias analysis Custom BDD based Exhaustive BDD tuning Faster solved open problem < lines of code 8, byte codes
59 References Pointers: Whaley, Lam, PLDI 4 C pointers: Avots, Dalton, Livshits, Lam, ICSE 5 PQL: Martin, Livshits, Lam, OOPSLA 5 Java Security: Livshits, Lam, Usenix security 5
60 Easy Context-Sensitive Analysis PQL Sophisticated Context-sensitive Analysis Datalog BDD code bddbddb (BDD-based deductive database) with Active Machine Learning
cti uln 200 ify il Fu cti ion rma jec ion 200 w V rab lit 200 ogs TML lne lit 200 ern App n L s H cti ner lit 2005 SQL ili abi ipt ner
! " 25-5-16: JGS-Portal Multiple Cross-Site Scripting and SQL Injection Vulnerabilities 25-5-16: WoltLab Burning Board Verify_email Function SQL Injection Vulnerability 25-5-16: Version Cue Local Privilege
More informationA Simple SQL Injection Pattern
Lecture 12 Pointer Analysis 1. Motivation: security analysis 2. Datalog 3. Context-insensitive, flow-insensitive pointer analysis 4. Context sensitivity Readings: Chapter 12 A Simple SQL Injection Pattern
More informationCloning-Based Context-Sensitive Pointer Alias Analysis using BDDs
More Pointer Analysis Last time Flow-Insensitive Pointer Analysis Inclusion-based analysis (Andersen) Today Class projects Context-Sensitive analysis March 3, 2014 Flow-Insensitive Pointer Analysis 1 John
More informationFinding Application Errors and Security Flaws Using PQL: A Program Query Language
Finding Application Errors and Security Flaws Using PQL: A Program Query Language Michael Martin, Benjamin Livshits, Monica S. Lam Stanford University OOPSLA 2005 Modified for CMSC498L, Fall 12 Program
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationProgram Analysis in Datalog
CS 510/08 Program Analysis in Datalog Majority of the slides compiled from John Whaley s Outline Challenges Essential Background Using the Tools Developing Advanced Analyses Challenges Most DF analyses
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationFinding Application Errors Using PQL: a Program Query Language
Finding Application Errors Using PQL: a Program Query Language a Technical Report Michael Martin V. Benjamin Livshits Monica S. Lam Computer Science Department Stanford University {mcmartin,livshits,lam}@cs.stanford.edu
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationWeb Application Security GVSAGE Theater
Web Application Security GVSAGE Theater B2B Tech Expo Oct 29, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GSEC, GCIH, GGSC Network Security and Software Development
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationUsing Datalog with Binary Decision Diagrams for Program Analysis
Using Datalog with Binary Decision Diagrams for Program Analysis John Whaley, Dzintars Avots, Michael Carbin, and Monica S. Lam Computer Science Department Stanford University Stanford, CA 94305, USA {jwhaley,
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationString Analysis for the Detection of Web Application Flaws
String Analysis for the Detection of Web Application Flaws Luca Carettoni l.carettoni@securenetwork.it Claudio Merloni c.merloni@securenetwork.it CONFidence 2007 - May 12-13, Kraków, Poland 04/05/07 1
More informationEngineering Your Software For Attack
Engineering Your Software For Attack Robert A. Martin Senior Principal Engineer Cyber Security Center Center for National Security The MITRE Corporation 2013 The MITRE Corporation. All rights reserved.
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationMCAFEE FOUNDSTONE FSL UPDATE
2018-JAN-15 FSL version 7.5.994 MCAFEE FOUNDSTONE FSL UPDATE To better protect your environment McAfee has created this FSL check update for the Foundstone Product Suite. The following is a detailed summary
More informationResearch Statement. 1 My Approach to Research. John Whaley January 2005
Research Statement John Whaley January 2005 1 My Approach to Research As a child, I was always interested in building things. When I was six years old, I taught myself programming by typing in programs
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationINNOV-09 How to Keep Hackers Out of your Web Application
INNOV-09 How to Keep Hackers Out of your Web Application Michael Solomon, CISSP PMP CISM Solomon Consulting Inc. www.solomonconsulting.com What is a Web Application? Any access to your data via the Internet
More informationBenjamin Livshits. Gates Building, Room 406, Stanford, CA
Benjamin Livshits Gates Building, Room 406, Stanford, CA 94305 livshits@cs.stanford.edu http://www.stanford.edu/~livshits/ Research Interests Programming languages and tools for program analysis Static
More informationImportant Points to Note
Important Points to Note All Participating colleges are requested to mute your telephone lines during the webinar session. Participants are requested to make note of questions / responses to questions,
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Web Application Security Dr. Basem Suleiman Service Oriented Computing Group, CSE, UNSW Australia Semester 1, 2016, Week 8 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2442
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationRBS NetGain Enterprise Manager Web Interface Multiple Vulnerabilities of 9
RBS-2017-003 NetGain Enterprise Manager Web Interface Multiple Vulnerabilities 2018-03-22 1 of 9 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability
More informationPreventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE)
IBM Zurich Research Laboratory Preventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE) Tadeusz Pietraszek Chris Vanden Berghe RAID
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationUsing Datalog and Boolean Equation Systems for Program Analysis
Using Datalog and Boolean Equation Systems for Program Analysis Christophe Joubert Universidad Politécnica de Valencia, DSIC / ELP Joint work with María Alpuente, Marco A. Feliú and Alicia Villanueva FMICS
More informationManaged Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
More informationIntroduction to Ethical Hacking
Introduction to Ethical Hacking Summer University 2017 Seoul, Republic of Korea Alexandre Karlov Today Some tools for web attacks Wireshark How a writeup looks like 0x04 Tools for Web attacks Overview
More informationContext-Sensitive Program Analysis as Database Queries
Context-Sensitive Program Analysis as Dataase Queries Monica S. Lam John Whaley V. Benjamin Livshits Michael C. Martin Dzintars Avots Michael Carin Christopher Unkel Computer Systems Laoratory Stanford
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationFortify Software Security Content 2017 Update 4 December 15, 2017
Software Security Research Release Announcement Micro Focus Security Fortify Software Security Content 2017 Update 4 December 15, 2017 About Micro Focus Security Fortify SSR The Software Security Research
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationIronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More informationCERTIFICATE IN WEB PROGRAMMING
COURSE DURATION: 6 MONTHS CONTENTS : CERTIFICATE IN WEB PROGRAMMING 1. PROGRAMMING IN C and C++ Language 2. HTML/CSS and JavaScript 3. PHP and MySQL 4. Project on Development of Web Application 1. PROGRAMMING
More informationAvoiding Web Application Flaws In Embedded Devices. Jake Edge LWN.net URL for slides:
Avoiding Web Application Flaws In Embedded Devices Jake Edge LWN.net jake@lwn.net URL for slides: http://lwn.net/talks/elce2008 Overview Examples embedded devices gone bad Brief introduction to HTTP Authentication
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More information1. Oracle mod_plsql v in Oracle9i Application Server v1.0.2.x (Oracle9iAS v1.0.2.x)
Oracle Security Alert #28 Dated: 06 Feburary 2002 Updated: 05 July 2002 1. Oracle mod_plsql v3.0.9.8.2 in Oracle9i Application Server (Oracle9iAS ) a) Potential buffer overflow-related security vulnerabilities
More informationCO444H. Ben Livshits. Datalog Pointer analysis
CO444H Ben Livshits Datalog Pointer analysis 1 Call Graphs Class analysis: Given a reference variable x, what are the classes of the objects that x refers to at runtime? We saw CHA and RTA Deal with polymorphic/virtual
More informationUmbra. Embedded Web Security through Application-Layer Firewalls. 1st Workshop on the Security of Cyber-Physical Systems 22 September 2015
Umbra Embedded Web Security through Application-Layer Firewalls Travis Finkenauer J. Alex Halderman 1st Workshop on the Security of Cyber-Physical Systems 22 September 2015 Travis Finkenauer (University
More informationWho am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack
Who am I? Sandro Gauci and EnableSecurity Over 8 years in the security industry Published security research papers Tools - SIPVicious and SurfJack Web Application Firewall Shortcomings The presentation
More informationSecure Coding, some simple steps help. OWASP EU Tour 2013
Secure Coding, some simple steps help. OWASP EU Tour 2013 About Me Steven van der Baan - Dutch - 7Safe, part of PA Consulting Group - Developer - Pentester - Consultant - CISSP, OSCP It's amazing how
More informationFeaturing. and. Göteborg. Ulf Larson Thursday, October 24, 13
Featuring and Göteborg OWASP top ten 2013 Based on risk data from eight firms that specialize in application security, This data spans over 500,000 vulnerabilities across hundreds of organizations and
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationOctober, 2012 Vol 1 Issue 8 ISSN: (Online) Web Security
ISSN: 2278 0211 (Online) Web Security Katkar Anjali S. M.E.(Pursuing) in computer science and engineering walchand institute of technology, Sholapur, India Kulkarni Raj B. PhD in computer science Assistance
More informationSecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities
SecuriFly: Runtime Protection and Recovery from Web Application Vulnerabilities Benjamin Livshits, Michael Martin, and Monica S. Lam Technical Report Stanford University September 22, 2006 Abstract This
More informationCNIT 129S: Securing Web Applications. Ch 4: Mapping the Application
CNIT 129S: Securing Web Applications Ch 4: Mapping the Application Mapping Enumerate application's content and functionality Some is hidden, requiring guesswork and luck to discover Examine every aspect
More informationAguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
More informationWeb Security. Thierry Sans
Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationUnit Level Secure by Design Approach
Unit Level Secure by Design Approach Abstract Authors: Vasantharaju MS & Joshua Cajetan Rebelo Vasantharaju_MS@McAfee.com Joshua.Rebelo@Siemens.com With cyber-attacks on the rise and high-profile breaches
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationHello? It s Me, Your Not So Smart Device. We Need to Talk.
SESSION ID: SBX1-R2 Hello? It s Me, Your Not So Smart Device. We Need to Talk. Alex Jay Balan Chief Security Researcher Bitdefender @jaymzu IoT is not optional 2 IoT is not optional IoT = hardware + OS
More informationVulnerabilities in web applications
Vulnerabilities in web applications Web = Client + Server Client (browser) request HTTP response Server HTTP request contains the URL of the resource and the header HTTP response contains a status code,
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationSECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER
SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER INFLUENCER @RESPONSIBLE CYBER 1 AGENDA 1. Introduction: What is security? How much
More informationMBFuzzer - MITM Fuzzing for Mobile Applications
MBFuzzer - MITM Fuzzing for Mobile Applications Fatih Özavcı Mentor of MBFuzer @ yakindanegitim.org fatih.ozavci at gamasec.net gamasec.net/fozavci Scope Yakindan Egitim Project Security Vulnerabilities
More informationSECURITY DOCUMENT. 550archi
SECURITY DOCUMENT 550archi Documentation for XTM Version 10.3 Published by XTM International Ltd. Copyright XTM International Ltd. All rights reserved. No part of this publication may be reproduced or
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationInternet Security [1] VU
Internet Security [1] VU 184.216 Engin Kirda Christopher Kruegel engin@infosys.tuwien.ac.at chris@auto.tuwien.ac.at Outline Web Application Security, Part II Today, we continue from where we left last
More informationCNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationsecurity analysis with WALA Omer Tripp IBM TJ Watson
security analysis with WALA Omer Tripp IBM TJ Watson Workshop on WALA (WoW), 13 June 2015 collaborators Marco Pistoia Patrick Cousot Radhia Cousot Julian Dolby Manu Sridharan Pietro Ferrrara Steve Fink
More informationAn Introduction to JavaScript & Bootstrap Basic concept used in responsive website development Form Validation Creating templates
PHP Course Contents An Introduction to HTML & CSS Basic Html concept used in website development Creating templates An Introduction to JavaScript & Bootstrap Basic concept used in responsive website development
More informationJAMES BENNETT DJANGOCON EUROPE 3RD JUNE 2015 THE NET IS DARK AND FULL OF TERRORS
JAMES BENNETT DJANGOCON EUROPE 3RD JUNE 2015 THE NET IS DARK AND FULL OF TERRORS WHO I AM Working with Django 9 years, 5 at Lawrence Journal- World Commit bit since 2007 Involved in Django s release and
More informationLECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security
Repetition Lect 7 LECT 8 WEB SECURITY Access control Runtime protection Trusted computing Java as basic model for signed code Trusted Computing Group TPM ARM TrustZone Mobile Network security GSM security
More information