Static analysis of PHP applications
|
|
- Tabitha Bennett
- 5 years ago
- Views:
Transcription
1 Static analysis of PHP applications Ondřej Šerý DISTRIBUTED SYSTEMS RESEARCH GROUP CHARLES UNIVERSITY PRAGUE Faculty of Mathematics and Physics
2 References G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of 30 th International Conference on Software Engineering (ICSE 08). G. Wassermann, Z. Su: Sound and Precise Analysis of Web Applications for Injection Vulnerabilities, Proceedings of Programming Language Design and Implementation (PLDI 07). 2
3 PHP application vulnerability example <?php $user = $_GET["user"]; $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes</h1>"; $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note #$i</b>$text<br>"; }?> 3
4 PHP application vulnerability example <?php $user = $_GET["user"]; $user = str_replace("'","''", $user); $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes</h1>"; $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note #$i</b>$text<br>"; }?> 4
5 PHP application vulnerability example <?php $user = $_GET["user"]; $user = addslashes($user); $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes</h1>"; $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note #$i</b>$text<br>"; }?> 5
6 PHP application vulnerability example <?php $user = $_GET["user"]; $user = mysql_real_escape_string($user); $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes:</h1>"; $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note $i</b>$text<br/>"; }?> 6
7 PHP application vulnerability example <?php $user = $_GET["user"]; $user = mysql_real_escape_string($user); $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes:</h1>"; }?> $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note $i</b>$text<br/>"; <script> document.location=' +document.cookie </script> 7
8 PHP application vulnerability example <?php $user = $_GET["user"]; $user = mysql_real_escape_string($user); $query = "SELECT text FROM notes WHERE user_id = '$user'"; $result = mysql_query($query); $num = mysql_numrows($result); echo "<h1>your notes:</h1>"; $i = 0; while ($i < $num) { $text = mysql_result($result, $i++, "text"); echo "<b>note $i</b>$text<br/>"; }?> <a href="javascript:document.location= ' </a> 8
9 Web application errors (SQLI, XSS) Considered the most dangerous bugs e.g. CWE ( 1) Cross-site scripting (XSS) 2) SQL Injection (SQLI) 3) Buffer overflow Exposition Large attack surface 24/7 exposition to an attacker 9
10 Motivation PHP is very popular Over domains 3 rd most popular language (March 2010) Based on Extremely easy to: Start Tons of tutorials Available on almost all web hostings Do it wrong! Prone to attacks SQLI, XSS Confusion addslashes() vs. pg_escape_string() Too many crappy information sources 10
11 Motivation Try google PHP Tutorial First 4 results that even get to DB access Not a single one shows SQLI protection right 1 downright wrong 2 at least mentioned the risk Inappropriate solution e.g., str_replace("'","''", $payload); 1 does not pass user input to the query No WHERE clause used XSS not mentioned like ever 11
12 Specifics and challenges? Dynamic nature Loss of semantics (and compiler checks) eval $meta_code_for_fun; Different levels of execution Server, DB Server, Client Little data and code separation The NX bit all over again Focus on strings Very precise information is necessary 12
13 Approaches (1) Client-side Crawling the website Pass invalid data to cause error / indicate XSS weakness For a list specific to XSS see, e.g., Concolic testing Find input to increase coverage Not specific to XSS In-browser protection BrowserShield Filters JavaScript to known vulnerabilities From a central server Not specific to XSS Beep (Browser-Enforced Embedded Policies) Browser asks the server to authorize trusted scripts Hard to deploy Both servers and clients have to be adapted 13
14 Approaches (2) Server-side Taint analysis Dataflow graph Sources, sanitizers, sinks How to find them? User classification Statistical guess Merlin Source: $data = _GET[ data ] $data = strtoupper ($data) Sanitizer: $safe = addslashes($data) Sink: mysql_query($query) Tainted $query = SELECT... $safe ; 14
15 Approaches (3) Server-side Static string analysis Symbolically represent possible string values More fine-grained that pure taint analysis 15
16 Static Detection of XSS Vulnerabilities Key idea: Set of string values Context-free grammar (CFG) String operations (e.g., stripslashes) Finite State Transducer (FST) A = \{ } B = \{ \} Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 Note: Image of CFG over FST CFG 16
17 Running example Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 17
18 Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 18
19 SSA form Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 19
20 Resulting CFG Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 20
21 Policy check Policies Set of violation patterns Represented as FSM Based on norms + Gecko code review Browsers are permissive more attack vectors Check Symbolic string value violation pattern i.e., CFG FSM 21
22 Results Taken from: G. Wassermann, Z. Su: Static Detection of Cross-Site Scripting Vulnerabilities, Proceedings of ICSE 08 22
23 Thank you for your attention! Try it yourself on the WebGoat tutorial Ask us for the url and credentials! 23
Finding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationSecurity Analyses For The Lazy Superhero
#1 Security Analyses For The Lazy Superhero #2 One-Slide Summary We can statically detect buffer overruns in programs by modeling the space allocated for a buffer and the space used for a buffer. We cannot
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationPreventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE)
IBM Zurich Research Laboratory Preventing Injection Vulnerabilities through Context-Sensitive String Evaluation (CSSE) Tadeusz Pietraszek Chris Vanden Berghe RAID
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationCRAXweb: Web Testing and Attacks through QEMU in S2E. Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan
CRAXweb: Web Testing and Attacks through QEMU in S2E Shih-Kun Huang National Chiao Tung University Hsinchu, Taiwan skhuang@cs.nctu.edu.tw Motivation Symbolic Execution is effective to crash applications
More informationVulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder
Vulnerabilities, exploits, and the secure design principles of Saltzer and Schroeder What is a vulnerability? Management information stored in-band with regular information? Programming the weird machine?
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationIronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More informationCode-Injection Attacks in Browsers Supporting Policies. Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS
Code-Injection Attacks in Browsers Supporting Policies Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS What is all about? New code-injection attacks or return-to-libc attacks
More informationIS 2150 / TEL 2810 Introduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 15 April 20, 2016 SQL Injection Cross-Site Scripting 1 Goals Overview SQL Injection Attacks Cross-Site Scripting Attacks Some
More informationPHP Security. Kevin Schroeder Zend Technologies. Copyright 2007, Zend Technologies Inc.
PHP Security Kevin Schroeder Zend Technologies Copyright 2007, Zend Technologies Inc. Disclaimer Do not use anything you learn here for nefarious purposes Why Program Securely? Your job/reputation depends
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationsottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Federico Reghenzani
Titolo presentazione Piattaforme Software per la Rete sottotitolo System Security Introduction Milano, XX mese 20XX A.A. 2016/17 Outline 1) Introduction to System Security 2) Basic Exploits 3) Network
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationWe will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries
We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries PoCs included Content Security Policy WAFs whitelists nonces
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationGenerating String Attack Inputs Using Constrained Symbolic Execution. presented by Kinga Dobolyi
Generating String Attack Inputs Using Constrained Symbolic Execution presented by Kinga Dobolyi What is a String Attack? Web applications are 3 tiered Vulnerabilities in the application layer Buffer overruns,
More informationPHP is a scripting language that can be embedded into HTML. Estimated 20 million PHP websites as of 2007
Anthony Corch PHP is a scripting language that can be embedded into HTML Estimated 20 million PHP websites as of 2007 Extremely simple for a newcomer, but offers many advanced features for a professional
More informationHAMPI A Solver for String Theories
HAMPI A Solver for String Theories Vijay Ganesh MIT (With Adam Kiezun, Philip Guo, Pieter Hooimeijer and Mike Ernst) Dagstuhl, 2010 Motivation for String Theories String-manipulating programs ü String
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationWeb Applications (Part 2) The Hackers New Target
Web Applications (Part 2) The Hackers New Target AppScan Source Edition Terence Chow Advisory Technical Consultant An IBM Rational IBM Software Proof of Technology Hacking 102: Integrating Web Application
More informationRuby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
More informationSoftware Security. Erik Poll. Digital Security group Radboud University Nijmegen
Tackling Software Security problems Erik Poll Digital Security group Radboud University Nijmegen 1 Erik Poll Recall: input attacks malicious input application a bug! malicious input application (abuse
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationRiding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia
Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia XSS vulnerabilities account for 25% of web vulnerabilities url.com/page#">attack
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationA hybrid analysis framework for detecting web application vulnerabilities
Università degli Studi di Milano Facoltà di Scienze Matematiche, Fisiche e Naturali Dipartimento di Informatica e Comunicazione A hybrid analysis framework for detecting web application vulnerabilities
More informationRanking Vulnerability for Web Application based on Severity Ratings Analysis
Ranking Vulnerability for Web Application based on Severity Ratings Analysis Nitish Kumar #1, Kumar Rajnish #2 Anil Kumar #3 1,2,3 Department of Computer Science & Engineering, Birla Institute of Technology,
More informationNemesis: Preventing Web Authentication & Access Control Vulnerabilities. Michael Dalton, Christos Kozyrakis Stanford University
Nemesis: Preventing Web Authentication & Access Control Vulnerabilities Michael Dalton, Christos Kozyrakis Stanford University Nickolai Zeldovich Massachusetts Institute of Technology Web Application Overview
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
More informationSecurity Engineering by Ross Andersson Chapter 18. API Security. Presented by: Uri Ariel Nepomniashchy 31/05/2016
Security Engineering by Ross Andersson Chapter 18 API Security Presented by: Uri Ariel Nepomniashchy 31/5/216 Content What is API API developing risks Attacks on APIs Summary What is API? Interface for
More informationISSTA : Software Testing and Analysis TAJ: Effective Taint Analysis of Web Applications, PLDI 2009
Slide 1 Hybrid Security Analysis of Web JavaScript Code via Dynamic Partial Evaluation Omer Tripp, Pietro Ferrara, Marco Pistoia IBM Watson Research Center ISSTA 2014 ISSTA : Software Testing and Analysis
More informationBen Livshits and Úlfar Erlingsson. Microsoft Research
Ben Livshits and Úlfar Erlingsson Microsoft Research Web application vulnerabilities more common than ever before The usual suspects: code injection vulnerabilities SQL injection Cross site scripting (XSS)
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationUnderstanding Basic SQL Injection
Understanding Basic SQL Injection SQL injection (also known as SQLI) is a code injection technique that occurs if the user-defined input data is not correctly filtered or sanitized of the string literal
More informationSymbolic String Verification: Combining String Analysis and Size Analysis
Symbolic String Verification: Combining String Analysis and Size Analysis Fang Yu Tevfik Bultan Oscar H. Ibarra Deptartment of Computer Science University of California Santa Barbara, USA {yuf, bultan,
More informationSecure Programming Techniques
Secure Programming Techniques Meelis ROOS mroos@ut.ee Institute of Computer Science Tartu University spring 2014 Course outline Introduction General principles Code auditing C/C++ Web SQL Injection PHP
More informationMobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing
Mobile Malfeasance Exploring Dangerous Mobile Code Jason Haddix, Director of Penetration Testing Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject to
More informationDon't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild
Don't Trust The Locals: Exploiting Persistent Client-Side Cross-Site Scripting in the Wild Marius Steffens German OWASP Day 2018 joint work with Christian Rossow, Martin Johns and Ben Stock Dimensions
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationWeb Application Threats and Remediation. Terry Labach, IST Security Team
Web Application Threats and Remediation Terry Labach, IST Security Team IST Security Team The problem While we use frewalls and other means to prevent attackers from access to our networks, we encourage
More informationjava -jar Xmx2048mb /Applications/burpsuite_pro_v1.5.jar
Training: An Introduction to Burp Suite Part One By Mike Sheward Burp suite provides a solid platform for launching a web application security assessment. In this guide we re going to introduce the features
More informationOWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB
More informationAttack Vectors in Computer Security
Attack Vectors in Computer Security Who Am I @WillGoard My first proper hacksoc talk I speak fluent greek Sell more pizzas have more fun Why attack vectors? Didn t know what to do for my dissertation Started
More informationPrevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side
www.ijcsi.org 650 Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side S.SHALINI 1, S.USHA 2 1 Department of Computer and Communication, Sri Sairam Engineering College,
More informationThe Most Dangerous Code in the Browser. Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan
The Most Dangerous Code in the Browser Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Modern web experience Modern web experience Modern web experience Web apps Extensions NYTimes Chase AdBlock
More informationNAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications
NAVEX: Precise and Scalable Exploit Generation for Dynamic Web Applications Abeer Alhuzali, Rigel Gjomemo, Birhanu Eshete, and V.N. Venkatakrishnan University of Illinois at Chicago 1 Web Applications
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More informationOutline STRANGER. Background
Outline Malicious Code Analysis II : An Automata-based String Analysis Tool for PHP 1 Mitchell Adair 2 November 28 th, 2011 Outline 1 2 Credit: [: An Automata-based String Analysis Tool for PHP] Background
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationVulnerability & Attack Injection for Web Applications
Vulnerability & Attack Injection for Web Applications José Fonseca Marco Vieira Henrique Madeira DSN, Estoril, Portugal, 30/06/2009 University of Coimbra, Portugal Presentation Outline Research problem
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationUnderstanding and Automatically Preventing Injection Attacks on Node.js
Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU Darmstadt Joint work with Cristian Staicu (TU Darmstadt) and Ben Livshits (Microsoft Research, Redmond) 1 Why JavaScript?
More informationMalicious Code Analysis II
Malicious Code Analysis II STRANGER: An Automata-based String Analysis Tool for PHP Mitchell Adair November 28 th, 2011 Outline 1 STRANGER 2 Outline 1 STRANGER 2 STRANGER Credit: [STRANGER: An Automata-based
More informationSECURE CODING ESSENTIALS
SECURE CODING ESSENTIALS DEFENDING YOUR WEB APPLICATION AGAINST CYBER ATTACKS ROB AUGUSTINUS 30 MARCH 2017 AGENDA Intro - A.S. Watson and Me Why this Presentation? Security Architecture Secure Code Design
More informationSecure Coding and Code Review. Berlin : 2012
Secure Coding and Code Review Berlin : 2012 Outline Overview of top vulnerabilities Code review practice Secure design / writing secure code Write some secure code Review a volunteer's code Top Problems
More informationAn Empirical Study of PHP Feature Usage: A Static Analysis Perspective
An Empirical Study of PHP Feature Usage: A Static Analysis Perspective Mark Hills, Paul Klint, and Jurgen J. Vinju CWI, Software Analysis and Transformation (SWAT) ISSTA 2013 Lugano, Switzerland July 16-18,
More informationThe OWASP Foundation
Application Bug Chaining July 2009 Mark Piper User Catalyst IT Ltd. markp@catalyst.net.nz Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationROSAEC Survey Workshop SELab. Soohyun Baik
ROSAEC Survey Workshop SELab. Soohyun Baik Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel,
More informationBen Livshits and Úlfar Erlingsson. Microsoft Research
Ben Livshits and Úlfar Erlingsson Microsoft Research Web application vulnerabilities more widespread than ever The usual suspects from Web 1.0 SQL injection Cross site scripting (XSS) Cross site request
More informationUnder the hood testing - Code Reviews - - Harshvardhan Parmar
Under the hood testing - Code Reviews - - Harshvardhan Parmar In the news September 2011 A leading bank s Database hacked (SQLi) June 2011 Sony hack exposes consumer passwords (SQLi) April 2011 Sony sites
More informationSimple Overflow. #include <stdio.h> int main(void){ unsigned int num = 0xffffffff;
Simple Overflow 1 #include int main(void){ unsigned int num = 0xffffffff; printf("num is %d bits long\n", sizeof(num) * 8); printf("num = 0x%x\n", num); printf("num + 1 = 0x%x\n", num + 1); }
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationSta$c Analysis Dataflow Analysis
Sta$c Analysis Dataflow Analysis Roadmap Overview. Four Analysis Examples. Analysis Framework Soot. Theore>cal Abstrac>on of Dataflow Analysis. Inter- procedure Analysis. Taint Analysis. Overview Sta>c
More informationSecuring Software Applications Using Dynamic Dataflow Analysis. OWASP June 16, The OWASP Foundation
Securing Software Applications Using Dynamic Dataflow Analysis Steve Cook OWASP June 16, 2010 0 Southwest Research Institute scook@swri.org (210) 522-6322 Copyright The OWASP Foundation Permission is granted
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationAnalysis of Hypertext Isolation Techniques for Cross-site Scripting Prevention. Mike Ter Louw Prithvi Bisht V.N. Venkatakrishnan
Analysis of Hypertext Isolation Techniques for Cross-site Scripting Prevention Mike Ter Louw Prithvi Bisht V.N. Venkatakrishnan Outline Motivation Hypertext isolation Design challenges Conclusion Quote
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationIEEE Sec Dev Conference
IEEE Sec Dev Conference #23, Improving Attention to Security in Software Design with Analytics and Cognitive Techniques Jim Whitmore (former) IBM Distinguished Engineer Carlisle, PA jjwhitmore@ieee.org
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationHacking 102 Integrating Web Application Security Testing into Development
Hacking 102 Integrating Web Application Security Testing into Development Greg Pedley - gpedley@au1.ibm.com Brett Wallace - bretwal@au1.ibm.com Denice Wong deniwong@au1.ibm.com An IBM Proof of Technology
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More informationSAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview. Tim Boland NIST May 29,
SAMATE (Software Assurance Metrics And Tool Evaluation) Project Overview Tim Boland NIST May 29, 2012 http://samate.nist.gov t.boland@nist.gov 1 NationaI Institute of Standards and Technology (NIST) NIST,
More informationHonours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui
Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing
More informationSoftware Security problems. Erik Poll. Digital Security group Radboud University Nijmegen
Software Security problems Erik Poll Digital Security group Radboud University Nijmegen Problems with Insecure input handling is the most common security problem aka lack of input validation, but that
More informationSecurity issues. Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith
Security issues Unit 27 Web Server Scripting Extended Diploma in ICT 2016 Lecture: Phil Smith Criteria D3 D3 Recommend ways to improve web security when using web server scripting Clean browser input Don
More informationSecure Programming Lecture 8++: SQL Injection
Secure Programming Lecture 8++: SQL Injection David Aspinall, Informatics @ Edinburgh 9th February 2016 Outline Overview Other past attacks More examples Classification Injection route and motive Forms
More informationSecure coding practices
Secure coding practices www.infosys.com/finacle Universal Banking Solution Systems Integration Consulting Business Process Outsourcing Secure coding practices Writing good code is an art but equally important
More informationA D V I S O R Y S E R V I C E S. Web Application Assessment
A D V I S O R Y S E R V I C E S Web Application Assessment March 2009 Agenda Definitions Landscape of current web applications Required skills Attack surface Scope Methodology Soft skills 2 Definitions
More informationCMPSC 497: Static Analysis
CMPSC 497: Static Analysis Trent Jaeger Systems and Internet Infrastructure Security (SIIS) Lab Computer Science and Engineering Department Pennsylvania State University Page 1 Our Goal In this course,
More informationApplications Security
Applications Security OWASP Top 10 PyCon Argentina 2018 Objectives Generate awareness and visibility on web-apps security Set a baseline of shared knowledge across the company Why are we here / Trigger
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationInternational Journal of Scientific & Engineering Research Volume 8, Issue 5, May ISSN
International Journal of Scientific & Engineering Research Volume 8, Issue 5, May-2017 80 WEB APPLICATION VULNERABILITY PREDICTION USING MACHINE LEARNING 1 Vignesh M, 2 Dr. K. Kumar 1 PG Scholar, 2 Assistant
More informationBOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION
BOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION Philippe De Ryck NG-BE Conference, December 9 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications
More informationMaximizing the speed of time based SQL injection data retrieval
Maximizing the speed of time based SQL injection data retrieval 30c3, Hamburg, 29.12.2013 Arnim' ; DROP TABLE students;-- ) Introduction SQL injection SQLi is #1 of OWASP Top 10 Web vulnerabilities Sample
More information