security analysis with WALA Omer Tripp IBM TJ Watson
|
|
|
- Irma Banks
- 6 years ago
- Views:
Transcription
1 security analysis with WALA Omer Tripp IBM TJ Watson Workshop on WALA (WoW), 13 June 2015
2 collaborators Marco Pistoia Patrick Cousot Radhia Cousot Julian Dolby Manu Sridharan Pietro Ferrrara Steve Fink Sal Guarnieri Takaaki Tateishi Omri Weisman Steve Teilhet Ryan Berg Shay Artzi Lotem Guy Roee Hay
3 motivation
4 threat evolution Program installation only by experts Program sharing Program downloading Mobile code Web applications Mobile applications
5 threats: XSS Attacker s evil script <SCRIPT>...</SCRIPT> Web Application Attacker s evil script executed using victim s credentials Attacker Victim
6 threats: SQLi String query = SELECT * FROM users WHERE name= + username + AND pwd= + pwd + ; SELECT * FROM users WHERE name='jsmith' AND pwd='demo1234' Ouch! SELECT * FROM users WHERE name='foo';drop table custid;--' AND pwd=''
7 threats: info leakage
8 threats: JS 15% of Fortune 500 websites have exploitable security issues in JavaScript. According to an IBM study performed in 2010 DOM-based XSS document.write(document.url.substring( pos,document.url.length)); Open Redirect var pos = document.location.href.indexof("name="); var val = document.location.href.substring(pos); document.location.href = " + val;
9 threats: mobile *
10 owasp top ten 1. Cross-site scripting (XSS) 2. Injection flaws 3. Malicious file executions 4. Insecure direct object reference 5. Cross site request forgery (CSRF) 6. Information leakage and improper error handling 7. Broken authentication and improper session management 8. Unsecure cryptographic storage 9. Unsecure communications 10. Failure to restrict URL accesses
11 outline of our work
12 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
13 the high-level progression TAJ PISA F4F Andromeda JSA
14 server-side security verification
15 TAJ (PLDI 09): Java taint analysis st i l i Store statement Load statement Hybrid SDG st 1 computed based on preliminary pointer analysis st 2 l 2 sk i c i r i s i Sink-dispatch statement Call statement Return statement Other statement l 1 st 3 l 2 st 4 computed using graph reachability over a noheap SDG Slice in the no-heap SDG c 1 c 5 r 5 c 4 r 4 c 2 s 1 s 2 c 3 r 3 r 7 Store-to-load direct edge l 3 l 4 l 5 r 1 r 2 r 8 Load-to-store or load- to-sink summary edge st 4 No-heap SDG edge sk 1 st 5 sk 2
16 TAJ: design choices pointer analysis: variant of Andersen s analysis custom context-sensitivity policy: unlimited-depth object sensitivity for Java collections (up to recursion) one level of call-string context for factory methods one level of call-string context for taint APIs one-level receiver-object context sensitivity as default field sensitivity flow insensitive, though intraprocedurally flow sensitive thanks to SSA
17 TAJ: WALA support pointer analysis / context sensitivity field sensitivity synthetic IR for taint APIs SSA representation IFDS enhancements [contributed to WALA] ICFGSupergraph [contributed to WALA].NET support [contributed to WALA] IBM AppScan Developer Edition
18 Andromeda (FASE 13): demand-driven taint analysis
19 Andromeda: WALA support PA-free CG construction algs for Java (CHA, RTA, ) efficient infrastructure for fixpoint iteration IBM AppScan Source Edition
20 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
21 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
22 framework modeling
23 F4F (OOPSLA 13): modeling Java web frameworks
24 effect of modeling
25 F4F: WALA support synthetic IR for call-graph methods customization of call-graph target resolution (CustomContextSelector) various knobs to tweak in pointer analysis IBM AppScan Source Edition
26 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
27 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
28 sanitizer verification
29 PISA (ISSTA 11, TOSEM 13): encoding into M2L
30 PISA: sanitizers from the wild
31 PISA: WALA support uniform IR: JS, Java, pointer analysis: aliasing SSA IBM AppScan Source Edition
32 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
33 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
34 client-side security verification
35 Actarus (ISSTA 11): JS taint analysis NY times WordPress
36 Actarus: handling aliases
37 Actarus: WALA support JS IR, including property accesses arguments array lexical scoping function pointers novel CG construction algs for JS [contributed to WALA] IBM AppScan Source Edition
38 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
39 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
40 handling dynamic aspects of JS
41 JSA (ISSTA 14): HTML/JavaScript, concrete URLs, DOM modeling reduce scope black-box scanner taint analysis find issues string analysis eliminate false positives issues
42 JSA (ISSTA 14): specialized string analysis using dynamic pieces of information (e.g., concrete URL) " var str = document.url; var url_check = str.indexof('login.html'); if (url_check > -1) { result = str.substring(0,url_check); result = result + 'login.jsp' + str.substring((url_check+search_term.length), str.length); document.url = result; } part controlled by attacker is unknown, but known prefix modeled precisely URL as Source NOT CONTROLLED BY ATTACKER CONTROLLED BY ATTACKER
43 JSA: WALA support call-graph construction IFDS / RHS (proved general enough!) ability to leverage domain knowledge CallNoneToReturnFlow as a means to plug in models IBM AppScan Standard Edition
44 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
45 the high-level pieces dynamically loaded client-side code statically loaded client-side code server-side code security defenses: sanitizers and validators libraries and frameworks
46 nowadays
47 PL / ML
48 PL / ML
49 PL / ML
50 PL / ML
51 PL / ML
52 thoughts into the future
53 query-based analyses more WALA support around IFDS / IDE (already underway!!) integration with machine-learning engines like WEKA integration with dynamic analyses
54 thank you!
Andromeda: XSS Accurate and Scalable Security Analysis of Web Applications. OWASP* Top Ten Security Vulnerabilities. SQL Injection.
Andromeda: XSS Accurate and Scalable Security Analysis of Web Applications Attacker s evil script ... Omer Tripp Marco Pistoia Tel Aviv University & IBM IBM T. J. Watson Research Center
ISSTA : Software Testing and Analysis TAJ: Effective Taint Analysis of Web Applications, PLDI 2009
Slide 1 Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation Omer Tripp, Pietro Ferrara, Marco Pistoia IBM Watson Research Center ISSTA 2014 ISSTA : Software Testing and Analysis
hybrid security analysis of web JavaScript code via dynamic partial evaluation
hybrid security analysis of web JavaScript code via dynamic partial evaluation Omer Tripp Pietro Ferrara Marco Pistoia! IBM Research, NY 1 Work published at the ACM SIGSOFT International Symposium on Software
F4F: Taint Analysis of Framework-based Web Applications
F4F: Taint Analysis of Framework-based Web Applications Manu Sridharan 1 Shay Artzi 1 Marco Pistoia 1 Sal Guarnieri 2 Omer Tripp 2,3 Ryan Berg 2 1 IBM Research 2 IBM Software Group 3 Tel-Aviv University
Web Application Threats and Remediation. Terry Labach, IST Security Team
Web Application Threats and Remediation Terry Labach, IST Security Team IST Security Team The problem While we use frewalls and other means to prevent attackers from access to our networks, we encourage
Finding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
Web Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
Chrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
Perslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
Application Security Approach
Technical Approach Page 1 CONTENTS Section Page No. 1. Introduction 3 2. What is Application Security 7 3. Typical Approaches 9 4. Methodology 11 Page 2 1. INTRODUCTION Page 3 It is a Unsafe Cyber world..
Web Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
CIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
Securing Your Web Application against security vulnerabilities. Alvin Wong, Brand Manager IBM Rational Software
Securing Your Web Application against security vulnerabilities Alvin Wong, Brand Manager IBM Rational Software Agenda Security Landscape Vulnerability Analysis Automated Vulnerability Analysis IBM Rational
DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
COMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
OWASP Review. Amherst Security Group June 14, 2017 Robert Hurlbut.
OWASP Review Amherst Security Group June 14, 2017 Robert Hurlbut RobertHurlbut.com @RobertHurlbut Robert Hurlbut Software Security Consultant, Architect, and Trainer Owner / President of Robert Hurlbut
Application Security. Doug Ashbaugh CISSP, CISA, CSSLP. Solving the Software Quality Puzzle
Application Security Doug Ashbaugh CISSP, CISA, CSSLP Page 1 It security Page 2 Page 3 Percent of Breaches Page 4 Hacking 5% 15% 39% Page 5 Common Attack Pathways Page 6 V u ln e ra b ilitie s / We a k
OWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
Aguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary
Course Summary Description Securing.Net Web Applications - Lifecycle is a lab-intensive, hands-on.net security training course, essential for experienced enterprise developers who need to produce secure.net-based
OWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
Attacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
OWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
Solutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
CS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
Client Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
Defend Your Web Applications Against the OWASP Top 10 Security Risks. Speaker Name, Job Title
Defend Your Web Applications Against the OWASP Top 10 Security Risks Speaker Name, Job Title Application Security Is Business Continuity Maintain and grow revenue Identify industry threats Protect assets
OWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
Application Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
Secure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
RBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
Penetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
Top 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
C1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
RiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
ANDROMEDA: Accurate and Scalable Security Analysis of Web Applications
ANDROMEDA: Accurate and Scalable Security Analysis of Web Applications Omer Tripp 1, Marco Pistoia 2, Patrick Cousot 3, Radhia Cousot 4, and Salvatore Guarnieri 5 1 Tel Aviv University and IBM Software
Computer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
Web security: an introduction to attack techniques and defense methods
Web security: an introduction to attack techniques and defense methods Mauro Gentile Web Application Security (Elective in Computer Networks) F. d'amore Dept. of Computer, Control, and Management Engineering
Certified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
CSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
Identification and Defense Mechanisms for XSS Attack
Identification and Defense Mechanisms for XSS Attack Nency Patel Department of Computer Engineering D.J.Sanghavi College of engineering Mumbai, India Narendra Shekokar Department of Computer Engineering
OWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
John Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton
Dynamic Detection of Inter- Application Communication Vulnerabilities in Android Daniel Barton Authors/Paper Metadata Roee Hay IBM Security Omer Tripp IBM T.J. Watson Research Center Marco Pistoia IBM
gfuzz: An instrumented Web application fuzzing environment Ezequiel D. Gutesman Corelabs Core Security Technologies
gfuzz: An instrumented Web application fuzzing environment Ezequiel D. Gutesman Corelabs Core Security Technologies Objectives Present a working tool (prototype-poc) to test the security of a given web
CSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
An analysis of security in a web application development process
An analysis of security in a web application development process Florent Gontharet Ethical Hacking University of Abertay Dundee MSc Ethical Hacking 2015 Table of Contents Abstract...2 Introduction...3
EasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
Your Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
IronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
Refinement-Based Context-Sensitive Points-To Analysis for Java
Refinement-Based Context-Sensitive Points-To Analysis for Java Manu Sridharan, Rastislav Bodík UC Berkeley PLDI 2006 1 What Does Refinement Buy You? Increased scalability: enable new clients Memory: orders
Sichere Webanwendungen mit Java
Sichere Webanwendungen mit Java Karlsruher IT- Sicherheitsinitiative 16.07.2015 Dominik Schadow bridgingit Patch fast Unsafe platform unsafe web application Now lets have a look at the developers OWASP
Applications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
Outline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
A hybrid analysis framework for detecting web application vulnerabilities
Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali Dipartimento di Informatica e Comunicazione A hybrid analysis framework for detecting web application vulnerabilities
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
Fortify Software Security Content 2017 Update 4 December 15, 2017
Software Security Research Release Announcement Micro Focus Security Fortify Software Security Content 2017 Update 4 December 15, 2017 About Micro Focus Security Fortify SSR The Software Security Research
Malicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
Web basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises
Integrated Web Application Firewall (WAF) & Distributed Denial Of Service (DDoS) Mitigation For Today s Enterprises AI-driven website & network protection service that secures online businesses from today's
Web Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
CS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED
AUTOMATED CODE ANALYSIS WEB APPLICATION VULNERABILITIES IN 2017 CONTENTS Introduction...3 Testing methods and classification...3 1. Executive summary...4 2. How PT AI works...4 2.1. Verifying vulnerabilities...5
Exploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
Web Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
Bank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
Security. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation
Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation Omer Tripp IBM Watson Research Center Yorktown Heights, NY, USA otripp@us.ibm.com Pietro Ferrara IBM Watson Research Center
Advanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
Web Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
Application. Security. on line training. Academy. by Appsec Labs
Application Security on line training Academy by Appsec Labs APPSEC LABS ACADEMY APPLICATION SECURITY & SECURE CODING ON LINE TRAINING PROGRAM AppSec Labs is an expert application security company serving
Development*Process*for*Secure* So2ware
Development*Process*for*Secure* So2ware Development Processes (Lecture outline) Emphasis on building secure software as opposed to building security software Major methodologies Microsoft's Security Development
(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
Preventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE)
IBM Zurich Research Laboratory Preventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE) Tadeusz Pietraszek Chris Vanden Berghe RAID
Web Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com October 16, 2015 Lecture 16: 1/ 14 Outline Browser Security Principles: 1 Cross Site Scripting (XSS) 2 Types of XSS 3 Lecture 16: 2/ 14
Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia
Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia XSS vulnerabilities account for 25% of web vulnerabilities url.com/page#">attack
Developing Secure Systems. Associate Professor
Developing Secure Systems Introduction Aug 27, 2014 James Joshi, Associate Professor Contact t James Joshi 706A, IS Building Phone: 412-624-9982 E-mail: jjoshi@mail.sis.pitt.edu Web: http://www.sis.pitt.edu/~jjoshi/courses/is2620/fall14/
NET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
Securing Cloud Applications with a Distributed Web Application Firewall Riverbed Technology
Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS
SECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
COMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2016 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2445 1 Assignment
Application Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
Web basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
Secure Coding, some simple steps help. OWASP EU Tour 2013
Secure Coding, some simple steps help. OWASP EU Tour 2013 About Me Steven van der Baan - Dutch - 7Safe, part of PA Consulting Group - Developer - Pentester - Consultant - CISSP, OSCP It's amazing how
Lecture Notes on Safety and Information Flow on the Web: II
15-316: Software Foundations of Security and Privacy Lecture Notes on Safety and Information Flow on the Web: II Matt Fredrikson Carnegie Mellon University Lecture 18 1 Introduction In the previous lecture
Protect your apps and your customers against application layer attacks
Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web
OWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
ShiftLeft. Real-World Runtime Protection Benchmarking
ShiftLeft Real-World Runtime Protection Benchmarking Table of Contents Executive Summary... 02 Testing Approach... 02 ShiftLeft Technology... 04 Test Application... 06 Results... 07 SQL injection exploits
Sichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
Managed Application Security trends and best practices in application security
Managed Application Security trends and best practices in application security Adrian Locusteanu, B2B Delivery Director, Telekom Romania adrian.locusteanu@telekom.ro About Me Adrian Locusteanu is the B2B
Tabular Presentation of the Application Software Extended Package for Web Browsers
Tabular Presentation of the Application Software Extended Package for Web Browsers Version: 2.0 2015-06-16 National Information Assurance Partnership Revision History Version Date Comment v 2.0 2015-06-16
Copyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
OWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB