Bug-Alcoholic Untamed World of Web Vulnerabilities. OWASP AppSec 2010, University of California Irvine, CA, USA September 10, 2010
|
|
- Felicia Flynn
- 6 years ago
- Views:
Transcription
1 Bug-Alcoholic Untamed World of Web Vulnerabilities OWASP AppSec 2010, University of California Irvine, CA, USA September 10, 2010 Aditya K Sood SecNiche Security Labs Sr. Security Practitioner, Armorize adi_ks [at] secniche.org Copyright The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP Foundation
2 Disclaimer All contents of this presentation represent my own beliefs and views and do not, unless explicitly stated otherwise, represent the beliefs of my current, or any of my previous in that effect, employers. Dependency Web penetration testing plays a critical role in assessing the applied security. Vulnerabilities in deployed products matter a lot. Testing output depends on exploitation of existing issues and discovering flaws. Attack classification remains same but modus operandi of attack varies Testing requires creation of attack surface. OWASP 2
3 About Me Founder, SECNICHE Security Labs. PhD Candidate at Michigan State University. Senior Security Practitioner, Armorize Worked previously for COSEINC as Senior Security Researcher and Security Consultant for KPMG Author for HITB E-Zine, Hakin9,ELSEVIER, USENIX Journals. Likes to do Bug Hunting and Malware dissection. Released Advisories to Forefront Companies. Active Speaker at Security Conferences including RSA etc. Blog: OWASP 3
4 Notification All the vulnerabilities discussed in this talk are in the process of patching. This discussion is all about understanding the attack methods and using them further in a real time environment. All for learning and education purposes. OWASP 4
5 Agenda Web 2.0 Walkthrough Web 2.0 The real world Web 2.0 trends ( vulnerability classification, browsers state) Web 2.0 Exploitation shift Web Application Security is not a separate component! Web Vulnerability Hunting(Exemplary) Conclusion Cross Interface Attacks (CIA) / attacking backend login consoles / SQLXSSI Fusion { XSS, SQL } / XSS payload in SQL parameters / Document rendering attacks / exploiting content transformation / Web widgets interface flaws / testing mini web play ground/ Persistent redirection attacks /exploiting logout modules/ Declarative security manipulation / tampering browsers/ Insecure Content inclusion / exploitation by behavior / OWASP 5
6 Web 2.0 The Present World Components in real world OWASP 6
7 Web Trends Incidents Classification Top Web incidents/trends of 2009 /predictions for 2010 stats by Breach OWASP 7
8 Web Trends Vulnerability Classes Web vulnerability classification website stats by Cenzic OWASP 8
9 Web Trends Exploited Browsers Web vulnerability classification stats by Cenzic OWASP 9
10 Web 2.0 Exploitation Shift Why? System vulnerabilities are getting harder to exploit Web 2.0 service platforms Client side exploitation easy control through browsers Origin of Web as a service standard Increased business dependency on web 2.0 Centralized platform for content sharing from different resources Online social networking Wider window of exploitation through web Information gathering about targets is easy on web OWASP 10
11 Web Application Security Is Not Separate! Robust Web Application Design Development Privacy Reliability Security OWASP 11
12 Web Application Vulnerability Hunting Pillars Design and Development Attack and Exploitation Patching and Rebuilding OWASP 12
13 Cross Interface Attacks (CIA) Hardware devices using admin interfaces. Admin interfaces : { Web, FTP, Telnet} Do we require all admin interfaces? If web admin is allowed, so what about backend consoles! Is URL restriction a good practice? Is it advantageous to have backend consoles? Does access control serves well? CIA targets FTP/Telnet admin consoles. Step by step developing an attack surface. Hardware devices firewalls, disk stations, management systems etc OWASP 13
14 Cross Interface Attacks (CIA) Attack base and considerations Presence of FTP/Telnet admin login console Hardware appliances have default error logging mechanism Log interfaces are served in HTML without filtering A bad design practice from security point of view Protocol such as FTP/Telnet default nature helps in information gathering FTP Truth Collective username and password authentication Followed to avoid enumeration of user accounts No check on login attempts. No check on characters. Usually, accessible widely. Do you think access control is required? OWASP 14
15 Cross Interface Attacks (CIA) Attacking and testing Gathering information about allowed characters No aim to get authenticated FTP 530 Login Incorrect is what we require. Malicious payloads are used as username and password Injections / Scripts / Iframes / DOM Calls / Persistent Payloads Inject what ever you want! Good point for triggering CSRF attacks Of-course, Authentication failure. Error gets logged. Payloads become persistent. It can be reflective. Bad design practice Unencoded / Unfiltered HTML rendering Inappropriate web logging mechanism Viola! Something happens. OWASP 15
16 Cross Interface Attacks (CIA) Scrutinizing default buffer To determine the number of characters that are allowed Supplying excess of buffer in FTP_USER_NAME input FTP_PASS_WORD reflects the allowed FTP_USER_NAME Injection points {FTP_USER_NAME, FTP_PASS_WORD} OWASP 16
17 Cross Interface Attacks (CIA) Injecting payloads Supplying payloads as credentials Input points {FTP_USER_NAME, FTP_PASS_WORD} OWASP 17
18 Cross Interface Attacks (CIA) What else? Anything Irrespective of user s environment { OS /Browser etc } OWASP 18
19 SQLXSSI: Fusion {XSS, SQLI} Differential attack surface How far we can go in using the standard vulnerabilities? How many different ways of exploitation can be developed? Why not fusing one vulnerability into another? Its all about game of payloads Triggering XSS through SQL Injection All types of XSS possibilities Verbose SQLI vulnerability is the base Errors with truncated SQL queries with parameters XSS payloads injected in SQL parameters Obfuscating payloads Basically, an XSS injection using database semantics Reflective in nature OWASP 19
20 SQLXSSI: Fusion {XSS, SQLI} Generalized pattern <script>alert(document.cookie)</script> = 0x3c e616c f63756d656e742e636f6f6b c2f e e616c f f293c2f e,floor(rand(0)*2)) x from table-name groupby x)a) <script src=" />= 3c d a2f2f e6d616c f75732 e6f72672f65782e6a f3e 3c d a2f2f e6d616c f75732e6f72672f 65782e6a f3e,floor(rand(0)*2)) x from table-name groupby x)a) OWASP 20
21 SQLXSSI: Fusion {XSS, SQLI} Example (1) Error gets rendered in browser OWASP 21
22 SQLXSSI: Fusion {XSS, SQLI} Example (2) Injected XSS Payload in SQL parameter OWASP 22
23 SQLXSSI: Fusion {XSS, SQLI} Example (3) Injected payload starts downloading malicious XLS file OWASP 23
24 SQLXSSI: Fusion {XSS, SQLI} Example (4) Image with malicious request is injected OWASP 24
25 SQLXSSI: Fusion {XSS, SQLI} Real world! Websites are getting more susceptible to these issues Vulnerability ratio exceeds to 1:2 Thanks to RB (1337) ( for initiating this type of attack surface So what! One vulnerability can lead to another. Testing is inadvertent. SQLI can be used in a differential manner Advanced step in conducting XSS through SQLI Database design matters OWASP 25
26 Document Rendering Attacks Concept Inability of existing filters used for content transformation Inappropriate design of web applications Mistake using browser as editors for content rendering Do you want to upload you resume in MSWord? Attack vector Setting payloads as inline URL links in the Office documents Document is required to be viewed. Preview properties. Persistent in nature primarily. User interaction is required. MSWord, PowerPoint etc all work well depending on the web application Bypassing XSS filters through Office documents OWASP 26
27 Document Rendering Attacks Payload is injected as Hyperlink OWASP 27
28 Document Rendering Attacks The document is edited in the enterprise web application OWASP 28
29 Document Rendering Attacks Exploited OWASP 29
30 Document Rendering Attacks Case Study XML based authoring flaws Vulnerability reported in SCRIBD platform in 2009 Reported and patched Scribd failed to implement a filter on payload set in protocol handlers Links directly injected and converted to XML Lastly, compiled and displayed in flash player IPaper Platform XML based Link Authoring Flaw Scribd nside_ipaper_framework.pdf OWASP 30
31 XML Authoring Flaw Case Study XML working model OWASP 31
32 XML Authoring Flaw Case Study (Example) OWASP 32
33 Web Widget Interface Flaws What lies beneath? Web widget A snippet of HTML code embedded in the website. You can "copy" that code and "embed" in your web page Gadget is proprietary where as widget is freely available Diverse functionalities advertisements, traffic analysis, news, feeds, etc Web widget code snippets JavaScript Adobe Flash plugins Code for embedding Windows Media player Silverlight plugins OWASP 33
34 Web Widget Interface Flaws Insecurities Code specification issues A widget or gadget can be designed insecurely HTTP parameters play a crucial role in working Arbitrary code execution in OS Scripting interface Unsanitized, unfiltered, unverified data acceptability Interface with websites and triggering vulnerabilities Understanding the design of widget Widget interface with the primary website and how it works Registered widget and domain names in database can cause security problems in the base website OWASP 34
35 Web Widget Interface Flaws Web widget working layout The model looks simplistic in nature. OWASP 35
36 Web Widget Interface Flaws Case Study Real time issue in one of most recognized vendor The website is a leading service provider for news and advertisements The widget is allowed to install on any custom blog or user website after the registration process. The widget code is changed based on the platform such as blogger, MySpace etc Once the registration is done, the widget snippet is provided to the user or customer for inclusion in his/her website Now the content provider has a URL which redirects traffic from the primary website to the registered blog. A very bad design practice. OWASP 36
37 Web Widget Interface Flaws Attack scenario Details» Attacker registers his malicious blog with that content provider» Once it is registered, the widget is allowed to be included in the attacker controlled website» Attacker starts using the content provider link to redirect traffic to his blog and making victims vulnerable. OWASP 37
38 Persistent Redirection Attacks HTTP Redirection Automated redirection What If attacker controls More effective if persistent OWASP 38
39 Persistent Redirect Attacks Manipulating Logout Module Details OWASP 2010 A9» Enterprise application inbuilt functionality to provide a pre login parameter for inline redirection back to application home page while logging out of the application» Careful analysis and design scrutinization helps tester to find parameters which provide a persistent state to set your value» The application does not verifies the value provided in the redirect variable while logging into the application» Another variation of login redirection attacks, this one is logout redirection attacks HackintheBox (HITB) EZine Open Redirect Wreck Off Paper OWASP 39
40 Persistent Redirection Attacks Manipulating Logout Module Layout Vulnerability at disclosed to one of the biggest vendor Successfully exploited and triggered in a large number of applications &_pi=1800&kk_home_url= When a above stated URL is used to login into application, the value of kk_home_url variable becomes persisted. OWASP 40
41 Declarative Security Manipulation Concept Operation - Idea The declarative model provides an extensible set of security parameters in the HTTP responses Browsers can respond with a requested security mechanism Declared by the developer as part of the web server or application running on the server. In this way, declarative security can provide both a portable and flexible security defense Why declarative security in http response headers ClickJacking attacks XSS filtering issues File downloading security HTML content rendering OWASP 41
42 Declarative Security Manipulation HTTP response headers Clickjacking X-FRAME-OPTIONS {SAMEORIGIN / DENY}» Don t allow the website to be framed» Browser automatically escape the framing X-XSS-PROTECTION { 0 Disable 1- Enable}» Triggers inbuilt IE XSS protection» Nothing much to say about its insecurity X-CONTENT-TYPE-OPERATIONS{ NOSNIFF}» Preventing script execution through images» Secure MIME interpretation X-DOWNLOAD-OPTIONS{ NOOPEN}» Disallowing opening of files on internet Applied as HTTP response headers HTTP response splitting attacks work appropriately ( %0d%0a) OWASP 42
43 Declarative Security - Study Generic attack styles %0d%0a%0d%0a<html><body><script>alert( 0wned')</script></body></html> %0d%0a%0d%0a<html><body><script>alert( 0wned')</script></body></html> [No value] %0d%0a%0d%0a<html><body><script>alert( 0wned')</script></body></html> Options:[no Value] %0d%0a%0d%0a<html><body><script>alert( 0wned')</script></body></html> Provide any falisfied value to bedazzle the real working of security component in a browser. OWASP 43
44 Declarative Security - Study Feasibility study Implementation of DS in real world To understand the scenario To understand the adaptability To estimate the risk to websites Paper released at Usenix CollSec (Collaborative Methods of Security and Privacy ) : OWASP 44
45 Declarative Security - Study Feasibility study Alex top 1000 website responses Google s GWS implements the most Paper released at Usenix CollSec (Collaborative Methods of Security and Privacy ) : OWASP 45
46 Content Delivery Networks Stringency Content from third party Online advertisements Video streaming content Windows Media files (MP4, MP3) /Quick time Embedded Flash files Inline frames used for rendering contents EMBED / OBJECT/ FRAME HTML/DOM supporting elements OWASP 46
47 Content Delivery Networks Stringency Web 2.0 requirement OWASP 47
48 Content Delivery Networks Stringency Example A malicious media player file can infect victims with malware once included from third party content network Easy to bypass filter Setting the Payload Payload bypasses XSS filter and starts downloading XLS file OWASP 48
49 WWW Vulnerabilities - Circle Testing and Strengthening Evolving complex Technology Efficient Hacks Complex Flaws OWASP 49
50 Conclusion Attacks on web infrastructure are increasing More complexity more problems Security is a process and not a one time shot Design according to requirement Test appropriately OWASP 50
51 Questions and Knowledge Sharing OWASP 51
52 Demonstrations - Available If Required Shared on Individual Front. OWASP 52
53 Thanks OWASP ( ) SecNiche Security ( ) OWASP 53
Design Inaccuracy Cross Link Authoring Flaw - ipaper Platform
COSEINC Design Inaccuracy Cross Link Authoring Flaw - ipaper Platform Aditya K Sood, - Sr. Security Researcher, Vulnerability Research Labs, COSEINC Email: Aditya [at] research.coseinc.com Website: http://www.coseinc.com
More informationFeature. Persistent Cross-interface Attacks
Feature Aditya K. Sood is a security researcher and doctoral candidate at Michigan State University (USA) and has worked in the security domain for Armorize, COSEINC and KPMG. Sood is a founder of SecNiche
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationKishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009
Securing Web Applications: Defense Mechanisms Kishin Fatnani Founder & Director K-Secure Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009 1 Agenda Current scenario in Web Application
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationApplication security : going quicker
Application security : going quicker The web application firewall example Agenda Agenda o Intro o Application security o The dev team approach o The infra team approach o Impact of the agility o The WAF
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationThe OWASP Foundation
Application Bug Chaining July 2009 Mark Piper User Catalyst IT Ltd. markp@catalyst.net.nz Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA March 19, 2008 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationSECURITY TESTING. Towards a safer web world
SECURITY TESTING Towards a safer web world AGENDA 1. 3 W S OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS ate: 2013-14 Few Security Breaches September
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More information10 FOCUS AREAS FOR BREACH PREVENTION
10 FOCUS AREAS FOR BREACH PREVENTION Keith Turpin Chief Information Security Officer Universal Weather and Aviation Why It Matters Loss of Personally Identifiable Information (PII) Loss of Intellectual
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationANATOMY OF AN ATTACK!
ANATOMY OF AN ATTACK! Are Your Crown Jewels Safe? Dom Kapac, Security Evangelist WHAT DO WE MEAN BY CROWN JEWELS? Crown jewels for most organizations are critical infrastructure and data Data is a valuable
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationEmbedded Management Interfaces
Stanford Computer Security Lab Embedded Management Interfaces Emerging Massive Insecurity Stanford Computer Security Lab What this talk is about? What this talk is about? Massively deployed devices What
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationIBM emessage Version 9 Release 1 February 13, User's Guide
IBM emessage Version 9 Release 1 February 13, 2015 User's Guide Note Before using this information and the product it supports, read the information in Notices on page 471. This edition applies to version
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationBrowser Design Flaws Hacking by Breaking in Architectures. TROOPERS 09, Munich Germany. Aditya K Sood Founder, SecNiche Security
Browser Design Flaws Hacking by Breaking in Architectures TROOPERS 09, Munich Germany Aditya K Sood Founder, SecNiche Security Something About Me Research Front: Founder, SECNICHE Security. Independent
More informationDreamFactory Security Guide
DreamFactory Security Guide This white paper is designed to provide security information about DreamFactory. The sections below discuss the inherently secure characteristics of the platform and the explicit
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationSo Many Ways to Slap a YoHo: Hacking Facebook & YoVille
Tom Stracener Strace, Contract Engineer MITRE EvilAdamSmith, Sr. Security Consultant Sean Barnum, Cybersecurity Principal MITRE So Many Ways to Slap a YoHo: Hacking Facebook & YoVille Misclaneous Disclaimers
More informationHTTP Security Headers Explained
HTTP Security Headers Explained Scott Sauber Slides at scottsauber.com scottsauber Audience Anyone with a website Agenda What are HTTP Security Headers? Why do they matter? HSTS, XFO, XSS, CSP, CTO, RH,
More informationIntegrity attacks (from data to code): Cross-site Scripting - XSS
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Cross-site Scripting - XSS Igino Corona igino.corona (at) diee.unica.it Computer Security April 12, 2018 Department of Electrical
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationThe Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else
The Ultimate Windows 10 Hardening Guide: What to Do to Make Hackers Pick Someone Else Paula Januszkiewicz CQURE: CEO, Penetration Tester CQURE Offices: New York, Dubai, Warsaw MVP: Enterprise Security,
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More information01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED
01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments
More informationSecurity in a Mainframe Emulator. Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren
Security in a Mainframe Emulator Chaining Security Vulnerabilities Until Disaster Strikes (twice) Author Tim Thurlings & Meiyer Goren October 25, 2017 Table of Contents Introduction... 2 About this paper...
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security No part of this publication, in whole or in part, may
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationDon t blink or how to create secure software. Bozhidar Bozhanov, LogSentinel
Don t blink or how to create secure software Bozhidar Bozhanov, CEO @ LogSentinel About me Senior software engineer and architect Founder & CEO @ LogSentinel Former IT and e-gov advisor to the deputy prime
More informationAdon'tbe an Adobe victim
Adon'tbe an Adobe victim An overview of how recent Adobe-related flaws affect your web application Joshua Stabiner EY Agenda Introductions Background Cross-site scripting (PDF) Overview Exploit Mitigation
More informationSecuring Cloud Applications with a Distributed Web Application Firewall Riverbed Technology
Securing Cloud Applications with a Distributed Web Application Firewall www.riverbed.com 2013 Riverbed Technology Primary Target of Attack Shifting from Networks and Infrastructure to Applications NETWORKS
More informationProject 2: Web Security
EECS 388 September 30, 2016 Intro to Computer Security Project 2: Web Security Project 2: Web Security This project is due on Thursday, October 13 at 6 p.m. and counts for 8% of your course grade. Late
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationHunting Security Bugs
Microsoft Hunting Security Bugs * Tom Gallagher Bryan Jeffries Lawrence Landauer Contents at a Glance 1 General Approach to Security Testing 1 2 Using Threat Models for Security Testing 11 3 Finding Entry
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationTest Harness for Web Application Attacks
IJSRD National Conference on Advances in Computer Science Engineering & Technology May 2017 ISSN: 2321-0613 Test Harness for Web Application Attacks Kishan Chudasama 1 Mr. Girish Khilari 2 Mr. Suresh Sikka
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationVULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED
AUTOMATED CODE ANALYSIS WEB APPLICATION VULNERABILITIES IN 2017 CONTENTS Introduction...3 Testing methods and classification...3 1. Executive summary...4 2. How PT AI works...4 2.1. Verifying vulnerabilities...5
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationChat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev
Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration testers @Digital Security Speakers Bug Hunters 2
More informationMinds.com Platform Full Disclosure
18/06/15 security@voidsec.com Minds.com Platform Full Disclosure Performers: Paolo Stagno ( aka voidsec voidsec@voidsec.com ) Luca Poletti ( aka kalup kalup@voidsec.com ) 1 18/06/15 security@voidsec.com
More informationClient Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Web Application: Testing Security Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 10) Web Application: Testing Security 1 Table of
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationHP 2012 Cyber Security Risk Report Overview
HP 2012 Cyber Security Risk Report Overview September 2013 Paras Shah Software Security Assurance - Canada Copyright 2012 Hewlett-Packard Development Company, L.P. The information contained herein is subject
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationEthical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters
Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters - Durkee Consulting, Inc. Background Founder of Durkee Consulting since 1996 Founder of Rochester
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things. OWASP Wednesday 25 th May The OWASP Foundation
ANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things Christian Frichot / David Taylor (Some of) Perth OWASP s Chapter Leads OWASP Wednesday 25 th May 2011 Copyright The OWASP
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationRiskSense Attack Surface Validation for Web Applications
RiskSense Attack Surface Validation for Web Applications 2018 RiskSense, Inc. Keeping Pace with Digital Business No Excuses for Not Finding Risk Exposure We needed a faster way of getting a risk assessment
More informationWEB VULNERABILITIES. Network Security Report Mohamed Nabil
WEB VULNERABILITIES Network Security Report Mohamed Nabil - 2104 1 Web vulnerabilities Contents Introduction... 2 Types of web vulnerabilities... 2 Remote code execution... 2 Exploiting register_globals
More informationCare & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers. Sunny Wear OWASP Tampa Chapter December
Care & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers Sunny Wear OWASP Tampa Chapter December Mee@ng 1 About the Speaker Informa@on Security Architect Areas of exper@se: Applica@on,
More informationAn analysis of security in a web application development process
An analysis of security in a web application development process Florent Gontharet Ethical Hacking University of Abertay Dundee MSc Ethical Hacking 2015 Table of Contents Abstract...2 Introduction...3
More informationAdvanced Ethical Hacking & Penetration Testing. Ethical Hacking
Summer Training Internship Program 2017 (STIP - 2017) is a practical oriented & industrial level training program for all students who have aspiration to work in the core technical industry domain. This
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationOWASP Top David Caissy OWASP Los Angeles Chapter July 2017
OWASP Top 10-2017 David Caissy OWASP Los Angeles Chapter July 2017 About Me David Caissy Web App Penetration Tester Former Java Application Architect IT Security Trainer: Developers Penetration Testers
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationCross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web
More information