DID WE LOSE THE BATTLE FOR A SECURE WEB?

Size: px

Start display at page:

Download "DID WE LOSE THE BATTLE FOR A SECURE WEB?"

Godfrey Hawkins
6 years ago
Views:

1 DID WE LOSE THE BATTLE FOR A SECURE WEB? Philippe De Ryck Guest lecture Capita Selecta, UCLL, December 14 th

ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications In-house

(KU Leuven) Talks at various developer conferences Slides, videos and blog posts on

be I have a broad security expertise, with a focus on Web Security PhD in client-side

2 ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications In-house training programs at various companies Hosted web security training courses at DistriNet (KU Leuven) Talks at various developer conferences Slides, videos and blog posts on I have a broad security expertise, with a focus on Web Security PhD in client-side web security Main author of the Primer on client-side web security Part of the organizing committee of SecAppDev.org Week-long course focused on practical security 2

3 3

4 THE WEB STARTED OUT AS SERVER-CENTRIC 4

5 DATA BREACHES ARE SOPHISTICATED ATTACKS 5

6 COMMAND INJECTION IN

7 THE S IN IOT STANDS FOR SECURITY 7

8 THE S IN IOT STANDS FOR SECURITY root xc3511 root vizxv root admin admin admin root root xmhdipc root default root juantech root root support support root (none) admin password root root root user user admin (none) root pass admin admin1234 root 1111 admin smcadmin admin 1111 root root password root 1234 root klv123 Administrator admin service service supervisor supervisor guest guest guest guest admin1 password Administrator ubnt ubnt root klv1234 root Zte521 root hi3518 root jvbzd root anko root zlxx. root 7ujMko0vizxv root 7ujMko0admin root system root ikwb root dreambox root user root realtek root admin admin 1234 admin

9 THE S IN IOT STANDS FOR SECURITY 9

10 TRADITIONAL SERVER-SIDE SECURITY PROBLEMS REMAIN 10

11 TRADITIONAL SERVER-SIDE SECURITY PROBLEMS REMAIN 11

DATA BREACHES HAVE BECOME EXTREMELY COMMON http://www.

12 DATA BREACHES HAVE BECOME EXTREMELY COMMON 12

ACCOUNT COMPROMISE THROUGH PASSWORD REUSE java -jar shard-1.5.jar -u philippe.deryck@cs.kuleuven.

715 [+] Running 12 modules 10:16:31.103 [+] philippe.deryck@cs.kuleuven.

13 ACCOUNT COMPROMISE THROUGH PASSWORD REUSE java -jar shard-1.5.jar -u -p test :16: [+] Selected single-user single-password mode 10:16: [+] Running 12 modules 10:16: [+] - BitBucket 13

14 NUMEROUS SERVICES GET CREDENTIAL STORAGE WRONG 14

15 NUMEROUS SERVICES GET CREDENTIAL STORAGE WRONG 15

16 NUMEROUS SERVICES GET CREDENTIAL STORAGE WRONG 16

17 NUMEROUS SERVICES GET CREDENTIAL STORAGE WRONG 17

MEET SAGITTA BRUTALIS GTX 1080 MD5 SHA1 SHA256 200

second 23 012 million hashes / second https://gist.

18 MEET SAGITTA BRUTALIS GTX 1080 MD5 SHA1 SHA million hashes / second million hashes / second million hashes / second 18

19 IMAGINE WHAT SECURITY IS LIKE IN THE CLIENT-CENTRIC WEB 19

20 HIJACKING VNC SERVERS WITH WEBSOCKETS 20

21 TOTALLY OWNING A BROWSER WITH XSS 21

22 READING S USING XSS VULNERABILITIES 22

23 EXTRACTING MALWARE FROM IMAGES USING JS 23

24 W T F?

25 HOW DO YOU KNOW IF YOU RE COMPROMISED? 25

26 HOW DO YOU KNOW IF YOU RE COMPROMISED? 26

27 GETTING CREDENTIAL STORAGE RIGHT Old common practices no longer suffice It used to be recommended to use a salt and a hashing algorithm But hashing algorithms are designed to be fast Password Test1234 Salt s1l1gqbpvlksiffovmvqwu SHA1 946e48b8c174c730e5111c9e7b5f4261b8f81b9a Modern approaches use password-based key derivation functions Their original goal is to create a key from a password for cryptographic use These functions are slow and resource-hungry, and well suited for credential storage Examples are bcrypt, scrypt and PBKDF2 8x NVIDIA GTX million MD5 / second million SHA1 / second 100 thousand BCRYPT / second 27

28 STORING CREDENTIALS IN NODEJS WITH BCRYPT var pass = "Supahs3cr3t"; var bcrypt = require('bcrypt'); bcrypt.gensalt(10, function(err, salt) { bcrypt.hash(pass, salt, function(err, hash) { // Store hash in your password DB. }); }); // Load hash from DB bcrypt.compare('nots3cr3t', hash, function(err, res) { // res == false }); $2a$10$s1L1GQbpvlksIfFOVmVQwuHyDxAwBk6DFYzTpJpYd4HytXKL3WA/2 Algorithm 28

29 STORING CREDENTIALS IN NODEJS WITH BCRYPT var pass = "Supahs3cr3t"; var bcrypt = require('bcrypt'); bcrypt.gensalt(10, function(err, salt) { bcrypt.hash(pass, salt, function(err, hash) { // Store hash in your password DB. }); }); // Load hash from DB bcrypt.compare('nots3cr3t', hash, function(err, res) { // res == false }); $2a$10$s1L1GQbpvlksIfFOVmVQwuHyDxAwBk6DFYzTpJpYd4HytXKL3WA/2 Cost parameter 29

30 STORING CREDENTIALS IN NODEJS WITH BCRYPT var pass = "Supahs3cr3t"; var bcrypt = require('bcrypt'); bcrypt.gensalt(10, function(err, salt) { bcrypt.hash(pass, salt, function(err, hash) { // Store hash in your password DB. }); }); // Load hash from DB bcrypt.compare('nots3cr3t', hash, function(err, res) { // res == false }); $2a$10$s1L1GQbpvlksIfFOVmVQwuHyDxAwBk6DFYzTpJpYd4HytXKL3WA/2 Salt 30

31 STORING CREDENTIALS IN NODEJS WITH BCRYPT var pass = "Supahs3cr3t"; var bcrypt = require('bcrypt'); bcrypt.gensalt(10, function(err, salt) { bcrypt.hash(pass, salt, function(err, hash) { // Store hash in your password DB. }); }); // Load hash from DB bcrypt.compare('nots3cr3t', hash, function(err, res) { // res == false }); $2a$10$s1L1GQbpvlksIfFOVmVQwuHyDxAwBk6DFYzTpJpYd4HytXKL3WA/2 Hash 31

PASSWORD MANAGERS ARE GAME CHANGERS Password

for every application avoids password re-use

32 PASSWORD MANAGERS ARE GAME CHANGERS Password managers address the most important problems with passwords They allow you to generate long and random passwords A unique password for every application avoids password re-use Autofill features help protect against phishing 32

33 A LOOK UNDER THE HOOD OF A PASSWORD MANAGER Sync encrypted file Provide master password Generate key from master password ThereCanBeOnlyOne secret123 pazzword GuessmeJ Decrypt database on device 33

34 BUT MULTI-FACTOR AUTHENTICATION IS EVEN BETTER 34

35 FORTUNATELY, BROWSERS ARE TAKING SECURITY SERIOUSLY Since HTML5, new features are designed with security in mind New features should not create vulnerabilities for legacy applications Security takes precedence over functionality, to build towards a secure web Browsers try to make a security stance By starting to reject or block insecure behavior This is a slow process, with large grace periods to avoid too much breakage Since the Snowden revelations, companies are pushing for security as well Many initiatives backed by large technology companies Trying to convince users to take security seriously as well 35

36 AND IT S WORKING 36

37 WE HAVE BETTER SECURITY TOOLS THAN EVER New technologies give us more defensive capabilities We can finally get rid of XSS once and for all We can defend against attacks which used to be impossible Mainly available as server-driven browser-enforced policies Specified by the server, customized to the application at hand Delivered to the browser, typically in an HTTP header Enforced by the browser, on the client-side context Backwards compatible with older browsers Unknown headers are simply ignored 37

38 SERVER-DRIVEN BROWSER-ENFORCED SECURITY POLICIES First example are cookie security flags Set by the server, enforced by the browser Numerous of these policies have been added to the browser recently HTTP Strict Transport Security HTTP Public Key Pinning X-XSS-Protection Content Security Policy Subresource Integrity Cross-Origin Resource Sharing 38

39 GETTING WEB SECURITY RIGHT The developer s security toolbox is better than ever Browsers are taking security seriously, and so should you Most attacks can be countered with currently available technologies Building secure web applications requires knowledge Knowledge about common threats against web applications Knowledge about countermeasures, how they work and how to use them It is time to take Web Security seriously Protect your applications using the latest technologies Set an example on how to do it right Share your experiences, help others advance as well 39

40 BREAK

41 SECURING THE COMMUNICATION CHANNEL

42 3 VARYING LEVELS OF HTTPS (a) Visit website, browse public pages Login with username and password Consult private information (b) Visit website, browse public pages Login with username and password Consult private information (c) Visit website, browse public pages Login with username and password Consult private information 42

43 WE HEAVILY DEPEND ON (INSECURE) WIFI 43

AND THIS HAPPENS TO THE BEST OF US http://colesec.

44 AND THIS HAPPENS TO THE BEST OF US 44

45 EAVESDROPPING IS CHILD S PLAY 45

46 THE COMMUNICATION CHANNEL IS INSECURE But we use HTTPS for sensitive data Sufficient to counter passive eavesdropping attacks But what about active network attacks? Man in the Middle Man on the Side 46

47 3 VARYING LEVELS OF HTTPS (a) Visit website, browse public pages Login with username and password Consult private information (b) Visit website, browse public pages Login with username and password Consult private information (c) Visit website, browse public pages Login with username and password Consult private information 47

48 PREVENTING THE TRANSITION FROM HTTP TO HTTPS 48

49 PREVENTING THE TRANSITION FROM HTTP TO HTTPS Visit Visit Welcome, please log in Login as Philippe Welcome Philippe Rewrite HTTPS to HTTP Login as Philippe Welcome Philippe some-shop.com 49

TIME TO MOVE TOWARDS HTTPS Visit http://some-shop.com Visit https://some-shop.

50 TIME TO MOVE TOWARDS HTTPS Visit Visit Welcome, please log in Login as Philippe Welcome Philippe Login as Philippe Welcome Philippe some-shop.com 50

51 HTTP WEAKENS HTTPS SITES 51

52 SNEAKY SSL STRIPPING ATTACKS PREVENT THE USE OF HTTPS 52

SNEAKY SSL STRIPPING ATTACKS PREVENT THE USE OF HTTPS www.websec.

53 SNEAKY SSL STRIPPING ATTACKS PREVENT THE USE OF HTTPS GET GET Moved 200 OK <html> </html> Rewrite HTTPS URLS to HTTP GET OK POST OK <html> </html> Rewrite HTTPS URLS to HTTP POST OK 53

54 STRICT TRANSPORT SECURITY AGAINST SSL STRIPPING Strict Transport Security converts all HTTP requests to HTTPS GET OK <html> </html> Modern browsers support HTTP Strict Transport Security (HSTS) HTTP response header to enable Strict Transport Security When enabled, the browser will not send an HTTP request anymore From version

55 HSTS CAN BE ENABLED WITH A SIMPLE ONE-LINER The policy is controlled by the Strict-Transport-Security header max-age specifies how long the policy should be enforced in seconds Make sure this is long enough to cover two subsequent visits If necessary, the policy can be disabled by setting max-age to 0 Strict-Transport-Security: max-age= The policy can be extended to automatically include subdomains This behavior is controlled by the includesubdomains flag Before enabling this, carefully analyze the services you are running on your domain Strict-Transport-Security: max-age= ; includesubdomains 55

56 HSTS IN ACTION GET OK Strict-Transport-Security: maxage= ; includesubdomains websec.be GET OK Strict-Transport-Security: maxage= ; includesubdomains GET OK Strict-Transport-Security: maxage= ; includesubdomains 56

57 POLICY DETAILS OF HSTS HSTS does not care about TCP ports Policy matches are determined based on the hostname only Port 80 is translated to port 443, but other ports are preserved HSTS policies can only be set over a secure connection The certificate used must be valid HSTS policies set on insecure connections are ignored Disabling HSTS must be done by explicitly setting max-age to 0 Omitting a HSTS header from a HSTS-enabled host does nothing 57

ENABLING HSTS IN PRACTICE The step-by-step guide towards enabling HSTS Setup HTTPS correctly Send the Strict-Transport-Security header with a short

58 ENABLING HSTS IN PRACTICE The step-by-step guide towards enabling HSTS Setup HTTPS correctly Send the Strict-Transport-Security header with a short max-age Test your configuration Increase max-age after successful testing Chrome s net-internals allow inspection dynamic_sts is the HSTS mechanism 58

59 FUN FACT: CHROME HANDLES HSTS AS A REDIRECT 59

60 TIME TO GET ON THE HSTS TRAIN 60

61 BUT HOW DO YOU MAKE THE FIRST CONNECTION OVER HTTPS? GET OK Strict-Transport-Security: maxage= ; includesubdomains websec.be GET OK Strict-Transport-Security: maxage= ; includesubdomains GET OK Strict-Transport-Security: maxage= ; includesubdomains 61

62 HSTS == TOFU 62

63 PRELOADING HSTS INTO THE BROWSER Strict-Transport-Security: max-age= ; includesubdomains; preload 63

64 PRELOADING IS ON THE RISE 64

65 AWESOME SERVICES HELP IMPROVE HTTPS DEPLOYMENTS

66 COMMON MISCONCEPTIONS ABOUT HTTPS HTTPS is bad for performance 66

67 COMMON MISCONCEPTIONS ABOUT HTTPS HTTPS is complex and expensive 67

COMMON MISCONCEPTIONS ABOUT HTTPS You can only run one HTTPS site per IP address http://www.

68 COMMON MISCONCEPTIONS ABOUT HTTPS You can only run one HTTPS site per IP address 68

ALL INTERACTIONS SHOULD HAPPEN OVER HTTPS There is a big push for HTTPS on the Web Google uses HTTPS as a ranking signal Active mixed content is blocked in modern desktop browsers The Secure Contexts

69 ALL INTERACTIONS SHOULD HAPPEN OVER HTTPS There is a big push for HTTPS on the Web Google uses HTTPS as a ranking signal Active mixed content is blocked in modern desktop browsers The Secure Contexts specification limits use of sensitive features There is plenty of support for easily enabling HTTPS Rate your deployment with the SSL Server Test Get free, automated certificates from Let s Encrypt Improve your HTTPS deployment Enable HTTP Strict Transport Security

70 KNOWLEDGE IS THE KEY TO BUILDING SECURE APPLICATIONS The use of HTTPS and HSTS is only the tip of the iceberg Numerous new security policies have been added in the last 5 years These new technologies require explicit knowledge and action Developers need to know why and how to use them We offer specialized training covering the Web security landscape Hosted training courses and customizable in-house trainings Broad spectrum of topics, such as HTTPS, authentication, authorization, XSS Various Web technologies, including modern MVC frameworks (AngularJS, ) Effective combination of lectures and hands-on sessions 70

71 NOW IT S UP TO YOU Follow Secure Share philippe.deryck@cs.kuleuven.be /in/philippederyck

MODERN WEB APPLICATION DEFENSES

MODERN WEB APPLICATION DEFENSES AGAINST DANGEROUS NETWORK ATTACKS Philippe De Ryck SecAppDev 2017 https://www.websec.be SETUP OF THE HANDS-ON SESSION I have prepared a minimal amount of slides Explain