NET 311 INFORMATION SECURITY
|
|
- Shana Henderson
- 5 years ago
- Views:
Transcription
1 NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities
2 lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS) SQL Injection
3 Buffer Overflow
4 Buffer overflow Some functions do not check the size of their input Examples are gets() scanf() strcpy() strcat()
5 Buffer Overflow A buffer overflow attack occurs when the attacker intentionally enters more data than a program was written to handle The extra data overwrites on top on another portion of memory that was meant to hold something else, like part of the program's instructions This allows an attacker to overwrite data that controls the program and can takeover control of the program to execute the attacker's code instead of the program
6 Buffer Overflow Perfect for remote access attacks because they give the attacker a great opportunity to launch and execute their attack code on the target computer As a user, the best thing to do is to take away the ability for the vulnerability to be exploited by knowing what programs are in use and keeping patches up to date
7 Buffer overflow Example It is a program where more data can be put into a buffer (e.g. an array) than is safe, for example in C this could be: #include <stdio.h> int main(int argc, char* argv[]) { // allocate a buffer of a fixed length char buffer[512]; // copy the first command line argument into buffer strcpy(buffer,argv[1]); printf("%s\n",buffer); }
8 Buffer overflow Example The example program takes the first command line argument passed to it, copies it into buffer and then prints it out. This program works fine for most short input strings (less then 511 chars.) but as no bounds checking is done in the strcpy() function, if more than 511 characters are passed in arg[1] strange things may happen.
9 Buffer overflow The most important type of buffer overflow is the stack overflow The best paper on buffer overflow: The cause of the problem is that the return address and the space for local variables (which potentially can contain user s data) are placed in the areas of memory which are next to each other. thus, the string passed to program will: contain the exploit code, be slightly larger than the vulnerable buffer, and the extra bytes will have the address of the exploit code instead of the original function return address
10 Cross-Site Scripting (XSS)
11 Top web site vulnerabilities XSS Cross-site scripting Bad web site sends innocent victim a script that steals information from an honest web site Injects malicious script into trusted context SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query
12 What is XSS? An XSS vulnerability is present when an attacker can inject scripting code into pages generated by a web application. Methods for injecting malicious code: Reflected XSS ( type 1 ) the attack script is reflected back to the user as part of a page from the victim site Stored XSS ( type 2 ) the attacker stores the malicious code in a resource managed by the web application, such as a database Others, such as DOM-based attacks
13 Basic scenario: reflected XSS attack version 1 Attack Server 2 5 User Victim Server Victim
14 2006 Example Vulnerability Attackers contacted users via and fooled them into accessing a particular URL hosted on the legitimate PayPal website. Injected code redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were then redirected to a phishing site and prompted to enter sensitive financial data. Source:
15 Adobe PDF viewer feature PDF documents execute JavaScript code (version <= 7.9) =javascript:code_here The code will be executed in the context of the domain where the PDF files is hosted This could be used against PDF files hosted on the local filesystem
16 Here s how the attack works: Attacker locates a PDF file hosted on website.com Attacker creates a URL pointing to the PDF, with JavaScript Malware in the fragment portion xss );) Attacker entices a victim to click on the link If the victim has Adobe Acrobat Reader Plugin 7.0.x or less, confirmed in Firefox and Internet Explorer, the JavaScript Malware executes
17 And if that doesn t bother you... PDF files on the local filesystem: file:///c:/program%20files/adobe/acrobat%207. 0/Resource/ENUtxt.pdf#blah=javascript:alert("XSS") ; JavaScript Malware now runs in local context with the ability to read local files...
18 Reflected XSS attack Attack Server 5 User Victim Send bad stuff Server Victim Reflect it back
19 Stored XSS Attack Server 1 Store bad stuff User Victim Inject malicious script Server Victim Download it
20 Stored XSS using images Suppose pic.jpg on web server contains HTML! request for results in: HTTP/ OK Content-Type: image/jpeg <html> fooled ya </html> IE will render this as HTML (despite Content-Type) Consider photo sharing sites that support image uploads What if attacker uploads an image that is a script?
21 How to Protect Yourself (OWASP) The best way to protect against XSS attacks: Ensure that your app validates all headers, cookies, query strings, form fields, and hidden fields (i.e., all parameters) against a rigorous specification of what should be allowed. Do not attempt to identify active content and remove, filter, or sanitize it. There are too many types of active content and too many ways of encoding it to get around filters for such content. We strongly recommend a positive security policy that specifies what is allowed. Negative or attack signature based policies are difficult to maintain and are likely to be incomplete.
22 SQL injection
23 Database queries with PHP (the wrong way) Sample PHP $recipient = $_POST[ recipient ]; $sql = "SELECT PersonID FROM People WHERE Username='$recipient' "; $rs = $db->executequery($sql); Problem: Untrusted user input recipient is embedded directly into SQL command
24 Basic picture: SQL Injection Victim Server 1 2 Attacker 3 receive valuable data unintended SQL query Victim SQL DB
25 CardSystems Attack CardSystems credit card payment processing company SQL injection attack in June 2005 put out of business The Attack 263,000 credit card #s stolen from database credit card #s stored unencrypted 43 million credit card #s exposed
26 Example: buggy login page (ASP) set ok = execute( "SELECT * FROM Users WHERE user=' " & form( user ) & " ' AND pwd=' " & form( pwd ) & ' ); if not ok.eof login success else fail; Is this exploitable?
27 Web Browser (Client) Enter Username & Password Web Server SELECT * FROM Users WHERE user='me' AND pwd='1234' DB Normal Query
28 Bad input Suppose user = ' or 1=1 -- (URL encoded) Then scripts does: ok = execute( SELECT WHERE user= ' ' or 1=1 -- ) The -- causes rest of line to be ignored. Now ok.eof is always false and login succeeds. The bad news: easy login to many sites this way.
29 Even worse Suppose user = ; DROP TABLE Users -- Then script does: ok = execute( SELECT ) WHERE user= ; DROP TABLE Users Deletes user table Similarly: attacker can add users, reset pwds, etc.
30
31 Getting private info
32 Getting private info SQL Query SELECT pizza, toppings, quantity, date FROM orders WHERE userid=. $userid. AND order_month=. _GET[ month ] What if: month = 0 AND 1=0 UNION SELECT name, CC_num, exp_mon, exp_year FROM creditcards
33 Results Credit Card Info Compromised
34 References Lecture slides done by: Dan Boneh, sql injection, 2009 Lecture slides done by John Mitchell, XSS Attacks and Defenses,2009, available at:
SQL Injection. EECS Introduction to Database Management Systems
SQL Injection EECS3421 - Introduction to Database Management Systems Credit "Foundations of Security: What Every Programmer Needs To Know" (Chapter 8) by Neil Daswani, Christoph Kern, and Anita Kesavan
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationCode Injection Attacks
Code Injection Attacks Mendel Rosenblum Consider adding HTML comments to our Photo App Easy change: Rather than {{model.comment}} do div.innerhtml = model.comment; What happens if someone inputs a comment
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationWeb Application Security
CS 155 Spring 2016 Web Application Security 47,350,400 John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University.
More informationWeb Security: XSS; Sessions
Web Security: XSS; Sessions CS 161: Computer Security Prof. Raluca Ada Popa Mar 22, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh SQL Injection
More informationWeb Application Security
CS 155 Spring 2013 Web Application Security John Mitchell Three top web site vulnerabilites SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query CSRF Cross-site
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationWeb Applica+on Security
Web Applica+on Security Raluca Ada Popa Feb 25, 2013 6.857: Computer and Network Security See last slide for credits Outline Web basics: HTTP Web security: Authen+ca+on: passwords, cookies Security amacks
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationWeb Security Part 2. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationSQL Injection SPRING 2018: GANG WANG
SQL Injection SPRING 2018: GANG WANG SQL Injection Another reason to validate user input data Slides credit to Neil Daswani and Adam Doupé 2 3 http://xkcd.com/327/ Produce More Secure Code Operating system
More informationSQL Injection: From Basics To Botnet-Based Attack Automation
SQL Injection: From Basics To Botnet-Based Attack Automation http://y Neil Daswani June 2008 Is the sky falling? ( 2007 TJX (March owns TJ Maxx, Marshalls, and other dept stores attacks exploited WEP used
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationWeb Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson)
Web Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson) Web Server Threats What can happen? Compromise Defacement Gateway to attacking clients Disclosure (not mutually exclusive) And what
More informationWeb Security Part 2. Professor Ristenpart h9p:// rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More informationWeb Security Computer Security Peter Reiher December 9, 2014
Web Security Computer Security Peter Reiher December 9, 2014 Page 1 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow around
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More information1. PASSWORD ATTACK 2. APPLICATION ATTACK
1. PASSWORD ATTACK 2. APPLICATION ATTACK References: 1. Bruce Schneier, Applied Cryptography 2. CEH v7 Tutorial 2 21/03/2017 Authentication Authentication using One-Way Functions Authentication using Public-Key
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationCNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More information2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationCSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the server-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Threat model In these scenarios: The server is benign The client is malicious The client
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 22, 2011 Announcements See Still confused
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Web Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationIS 2150 / TEL 2810 Introduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 15 April 20, 2016 SQL Injection Cross-Site Scripting 1 Goals Overview SQL Injection Attacks Cross-Site Scripting Attacks Some
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationSecurity Analyses For The Lazy Superhero
#1 Security Analyses For The Lazy Superhero #2 One-Slide Summary We can statically detect buffer overruns in programs by modeling the space allocated for a buffer and the space used for a buffer. We cannot
More informationNetwork Security - ISA 656 Web Security
Network Security - ISA 656 Angelos Stavrou October 30, 2007 Crypto () Client security Server security 2 / 45 Trusting The Server s Client How Did That Happen? SET The Failure of SET Aside: The SET Root
More informationCS 161 Computer Security
Popa & Wagner Spring 2016 CS 161 Computer Security Homework 2 Due: Monday, February 22nd, at 11:59pm Instructions. This homework is due Monday, February 22nd, at 11:59pm. It must be submitted electronically
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationOWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things. OWASP Wednesday 25 th May The OWASP Foundation
ANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things Christian Frichot / David Taylor (Some of) Perth OWASP s Chapter Leads OWASP Wednesday 25 th May 2011 Copyright The OWASP
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationWebGoat Lab session overview
WebGoat Lab session overview Initial Setup Virtual Machine Tamper Data Web Goat Basics HTTP Basics Sniffing Web server attacks SQL Injection XSS INITIAL SETUP Tamper Data Hold alt to reveal the menu in
More informationOnline Intensive Ethical Hacking Training
Online Intensive Ethical Hacking Training Feel the heat of Security and Learn something out of the box 0 About the Course This is a 7 Days Intensive Training Program on Ethical Hacking & Cyber Security.
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationWeb Application Security. * Original slides were prepared by John Mitchell
Web Application Security * Original slides were prepared by John Mitchell OWASP Top Ten (2013) A-1 Injection Untrusted data is sent to an interpreter as part of a command or query. A-2 Authentication and
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Solution of Exercise Sheet 5 1 SQL Injection Consider a website foo.com
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationAguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationAdon'tbe an Adobe victim
Adon'tbe an Adobe victim An overview of how recent Adobe-related flaws affect your web application Joshua Stabiner EY Agenda Introductions Background Cross-site scripting (PDF) Overview Exploit Mitigation
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 6 March 2, 2011 Question 1 Cross-Site Scripting (XSS) (10 min) As part of your daily routine, you are browsing through the news and status updates
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationFinding Vulnerabilities in Source Code
Finding Vulnerabilities in Source Code Jason Miller CSCE 813 Fall 2012 Outline Approaches to code review Signatures of common vulnerabilities Language-independent considerations Tools for code browsing
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationRobust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More information