Secure Programming and! Common Errors! PART II"
|
|
- Kevin Wade
- 5 years ago
- Views:
Transcription
1 Secure Programming and! Common Errors! PART II" brought to you by Michele AntiSnatchOr Orrù and Integrating Web LTD! Computer System Security course lead by Prof. Ozalp Babaoglu! 9 December 2009! Who am I?"!!Director and CSO of Integrating Web LTD!!!Bachelor Degree in Internet Sciences!!!Independent Security Researcher!!!Owner of security advisory blog!!!jee developer" Who am I?!!" 2 of 25! Seminar outline (part II)" What we will discuss:"!!discuss other important attack vectors, not limited to Web Applications!!!Practical screen-casts that show how attackers exploit common flows!!!understand the impact of these threats on your privacy, data and identity! Seminar outline (part II)!!!CWE-22: Path Traversal + screen-cast!!!cwe-89: Failure to Preserve SQL Query Structure (SQL injection) + screen-cast!!!cwe-79: Failure to Preserve Web Page Structure (XSS) + 2 screen-cast!!!appendix: do you think HTTPS is secure? Not completely true! What we will discuss! 3 of 25! 4 of 25!
2 CWE-22: Path Traversal "!! Many applications read from or write to a file system parsing user supplied parameters that specify the file or the operation!!! If these user supplied parameters are not validated (and the application is not chrooted/ jailed), then an attacker can manipulate them to read/write sensitive information/files on the OS.! CWE-22: Path Traversal! CWE-22: Example! Path traversal vulnerability on ONERROR parameter!!! The HTML file requested as a value of ONERROR, can be manipulated to retrieve non-iis owned files! CWE-22: 5 of 25! 6 of 25! CWE-22: Good books:!!!#$%&''((()05074+)34)89':-2;<%%=*3014+;>039-/6;>0+?2449;@*634a-/*+.'?%' BCDB!DBDDE'/-FG6/H!H!I*-GJKLEM6G24496MN*?G!OPBOPCQDDM6/GE;!"!!#$%&''((()05074+)345':-2;R-38/*,S;K-61+.;T ;RS6,-5013'?%' BUQPU!CEVO'/-FG6/H!HVI*-GJKLEM6G24496MN*?G!OPBOE!UCDM6/GE;V""!! SANS/MITRE: #$%&''3(-)5*,/-)4/.'?0,0'?-W+*14+6'OO)#,5="!! OWASP: #$%&''((()4(06%)4/.'*+?-X)%#%'Y0,#HK/0A-/60="!! Good hacker: #$%&''9870UU)2=4.6%4,)345'OBBE'BD'3449*-;%0,#;,/0A-/60=)#,5="!! PHP security guru: #$%&''((()686%-9,)4/.'OBBE'!O'BU'%#%;UOD; 0+?;7*%0/3#*A--X,/03$4'"" CWE-22: Links! 7 of 25! 8 of 25!
3 CWE-89:! SQL Injection"!! If attackers can influence the SQL that you use to communicate with your database, then they can do nasty things for fun and profit!!! Thanks to Bernardo for SQLmap!!! Open source, written in python!!! Full database manipulation with MySQL, Oracle, PostgreSQL and Microsoft SQL Server!!! Metasploit plugin to exploit MS (M. SQL Server 2000/2005 heap based buffer overflow)! CWE-89: SQL Injection! CWE-89:Example! Confirmed unescaped numeric injection on GET parameter anno (patched from many months)!!! We were able to obtain details about the application stack: Apache 2.2.3, PHP 5.2.0, MySQL >= 5.0!!! For demonstration we retrieved the exact name of the database name to which the web app is bounded: dipartimento! CWE-89: 9 of 25! 10 of 25! CWE-89: Good books:!!!#$%&''((()05074+)34)89':-2;<%%=*3014+;>039-/6;>0+?2449;@*634a-/*+.'?%' BCDB!DBDDE'/-FG6/H!H!I*-GJKLEM6G24496MN*?G!OPBOPCQDDM6/GE;!"!!#$%&''((()05074+)345'@0,0206-;>039-/6;>0+?2449;@-F-+?*+.;R-/A-/6'?%' BDPCUDEB!C'/-FG6/H!HOI*-GJKLEM6G24496MN*?G!OPBOE!UCDM6/GE;O"!!#$%&''((()05074+)345':-2;R-38/*,S;K-61+.;T ;RS6,-5013'?%' BUQPU!CEVO'/-FG6/H!HVI*-GJKLEM6G24496MN*?G!OPBOE!UCDM6/GE;V""!! SQLmap author:!!!#$%&''((()6=*?-6#0/-)+-,'*+n8*6'6n=;*+z-314+;+4,;4+=s;0+?;!!" CWE-89: Links! 11 of 25! 12 of 25!
4 CWE-79: Cross Site Scripting"!! When a page with our malicious code is accessed by other users, their browsers will execute our scripts on their contexts!!! Really difficult to create a powerful anti-xss filter:!!! Multiple data encoding handling!!! Data truncation handling!!! New vectors (CSS, JSON, XUL)! CWE-79: The Plague of Cross Site Scripting! 13 of 25! CWE-79: Example! 1. KonaKart"!! KonaKart is a free Java based web application to manage e-commerce websites ( Stored XSS has been found and verified in the backend!!! More info here: #$%&''0+16+0,3#4/)345'OBBE'!O'OO'94+090/,;OOPB;/-6%4+6*2=-;?*63=468/-'""!! Let see how we can exploit them! CWE-79: KonaKart! 14 of 25! CWE-79: Examples! 2. WMSmonitor" KonaKart" CWE-79: KonaKart! 15 of 25!!! Internal Penetration Test at INFN (National Institute of Nuclear Physics)!!! Workload Management System (distribute job execution between multiple Computing Elements on a Grid infrastructure) monitor!!! Some serious flows have been identified!!! Unsecure handling of X.509 client certificates!!! Reflected XSS!!! TRACE method enabled!!! Let see how can we take full control of the victim browser! CWE-79: WMSmonitor! 16 of 25!
5 !! Wade Alcorn s works:!!! BeEF: #$%&''((()2*+?6#-==)+-,',44=6'!""#'"" WMSmonitor" CWE-79: WMSmonitor!!! Inter-Protocol Exploitation: #$%&''((()2*+?6#-==)+-,'%0%-/6'*%-"!! The Advanced Cross-Site Scripting Virus: #$%&'' ((()2*+?6#-==)+-,'%0%-/6'0X66A"!! Rsnake works:!!! XSS cheat sheet: #$%&''#0)39-/6)4/.'X66)#,5="!! XSS worm context: #$%&''#0)39-/6)4/.'2=4.'OBBEB!BP'?*5*+81A-; X66;(4/5;34+,-6,;?/050;0+?;6,0,86;8%?0,-'"""!! AntiSnatcOr works research:!!! Advisories on SecurityFocus: #$%&''0+16+0,3#4/)345'OBBQ'!B'!C'W+0==S;4+;28.,/0N'" CWE-79: Links! 17 of 25! 18 of 25!!! Good books:!!!#$%&''((()05074+)34)89':-2;<%%=*3014+;>039-/6;>0+?2449;@*634a-/*+.'?%' BCDB!DBDDE'/-FG6/H!H!I*-GJKLEM6G24496MN*?G!OPBOPCQDDM6/GE;!""!!#$%&''((()05074+)345'[RR;<$0396;R3/*%1+.;\X%=4*,6;@-F-+6-'?%'!UQDCQ!UCV' /-FG6/H!HCI*-GJKLEM6G24496MN*?G!OPBOE!UCDM6/GE;C"!!#$%&''((()05074+)345':-2;R-38/*,S;K-61+.;T ;RS6,-5013'?%' BUQPU!CEVO'/-FG6/H!HVI*-GJKLEM6G24496MN*?G!OPBOE!UCDM6/GE;V""" CWE-79: Links! 19 of 25! Appendix: do you think HTTPS is secure?"!! SSL/TLS are cryptographically secure (RSA/DSA/ Symmetric Encryption)!!! But they have well known limitations and security flows!!! They all suffer from MITM attacks and network protocol manipulation!!! Some aspects such as OSCP and different implementations (OpenSSL, Mozilla NSS) are flowed! 20 of 25!
6 Appendix: do you think HTTPS is secure?"!! Latest research of Moxie Marlinspike ( Sslstrip: It transparently hijack HTTP traffic on a network, watch for HTTPS links and redirects, then map those links into either look-alike HTTP links or homograph-similar HTTPS links.!!! We can use as the old certificate injection method: ARP-spoofing + traffic redirection + sniffing!!! Eventually altering BGP routing tables on routers, for remote sniffing! 21 of 25! Appendix: do you think HTTPS is secure?"!! Old exploit method (still useful)!!! MITM and fake certificate injection!!! ARP spoofing!!! IP forwarding!!! Sniffing!!! webmitm!!! Cons: the victim will see that the certificate is not valid (BTW, almost all of you don t take care to Firefox s alerts on certificates problems)!!! Press OK " That s FINE! 22 of 25! Fake certificate injection"!! Vimeo screencasts:!!!#$%&''((()a*5-4)345'p!cq!!q"!!#$%&''(((),#48.#,3/*5-)4/.'64](0/-'66=6,/*%'a*?-4'66=6,/*%)54a""!! Papers:!!!OCSP: #$%&''(((),#48.#,3/*5-)4/.'%0%-/6'436%;0$039)%?F"!!Null-byte: #$%&''(((),#48.#,3/*5-)4/.'%0%-/6'+8==;%/-WX;0$0396)%?F"!!Fake-cert: #$%&''0+16+0,3#4/)345'(4/96'6+*^+.;66=;,=6; ;,#/48.#;F09-; 3-/1W30,-;*+Z-314+'" Appendix: Links! 23 of 25! 24 of 25!
7 Thanks for your! attention!" Questions?" 25 of 25!
Web insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationCIS 700/002 : Special Topics : OWASP ZED (ZAP)
CIS 700/002 : Special Topics : OWASP ZED (ZAP) Hitali Sheth CIS 700/002: Security of EMBS/CPS/IoT Department of Computer and Information Science School of Engineering and Applied Science University of
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationAdvanced Diploma on Information Security
Course Name: Course Duration: Prerequisites: Course Fee: Advanced Diploma on Information Security 300 Hours; 12 Months (10 Months Training + 2 Months Project Work) Candidate should be HSC Pass & Basic
More informationPHP-security Software lifecycle General Security Webserver security PHP security. Security Summary. Server-Side Web Languages
Security Summary Server-Side Web Languages Uta Priss School of Computing Napier University, Edinburgh, UK Copyright Napier University Security Summary Slide 1/15 Outline PHP-security Software lifecycle
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationEthical Hacking and Prevention
Ethical Hacking and Prevention This course is mapped to the popular Ethical Hacking and Prevention Certification Exam from US-Council. This course is meant for those professionals who are looking for comprehensive
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationWhy bother? Causes of data breaches OWASP. Top ten attacks. Now what? Do it yourself Questions?
Jeroen van Beek 1 Why bother? Causes of data breaches OWASP Top ten attacks Now what? Do it yourself Questions? 2 In many cases the web application stores: Credit card details Personal information Passwords
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationAURA ACADEMY Training With Expertised Faculty Call Us On For Free Demo
ETHICAL HACKING (CEH) CURRICULUM Introduction to Ethical Hacking What is Hacking? Who is a Hacker? Skills of a Hacker? Types of Hackers? What are the Ethics and Legality?? Who are at the risk of Hacking
More informationAndrew van der Stock OWASP Foundation
Andrew van der Stock is among the many contributors to the OWASP project over the years. Andrew has presented at many conferences, including BlackHat USA, linux.conf.au, and AusCERT, and is a leading Australian
More informationCyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security. Linux Operating System and Networking: LINUX
Cyber Security & Ethical Hacking Training. Introduction to Cyber Security Introduction to Cyber Security HTML PHP Database Linux Operating System and Networking: LINUX NETWORKING Information Gathering:
More informationOWASP. The OWASP Foundation Shake Hands With BeEF
Shake Hands With BeEF OWASP Christian @xntrik Frichot OWASP Perth Chapter Asterisk Information Security christian.frichot@asteriskinfosec.com.au Copyright 2007 The OWASP Foundation Permission is granted
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationDefeating All Man-in-the-Middle Attacks
Defeating All Man-in-the-Middle Attacks PrecisionAccess Vidder, Inc. Defeating All Man-in-the-Middle Attacks 1 Executive Summary The man-in-the-middle attack is a widely used and highly preferred type
More informationHackveda Training - Ethical Hacking, Networking & Security
Hackveda Training - Ethical Hacking, Networking & Security Day1: Hacking windows 7 / 8 system and security Part1 a.) Windows Login Password Bypass manually without CD / DVD b.) Windows Login Password Bypass
More informationMan-In-The-Browser Attacks. Daniel Tomescu
Man-In-The-Browser Attacks Daniel Tomescu 1 About me Work and education: Pentester @ KPMG Romania Moderator @ Romanian Security Team MSc. Eng. @ University Politehnica of Bucharest OSCP, CREST CRT Interests:
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationIntroduction to Penetration Testing: Part One. Eugene Davis UAH Information Security Club February 21, 2013
Introduction to Penetration Testing: Part One Eugene Davis UAH Information Security Club February 21, 2013 Ethical Considerations: Pen Testing Ethics of penetration testing center on integrity (ISC)² Code
More informationWeb Application Security GVSAGE Theater
Web Application Security GVSAGE Theater B2B Tech Expo Oct 29, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GSEC, GCIH, GGSC Network Security and Software Development
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationHacker Academy Ltd COURSES CATALOGUE. Hacker Academy Ltd. LONDON UK
Hacker Academy Ltd COURSES CATALOGUE Hacker Academy Ltd. LONDON UK TABLE OF CONTENTS Basic Level Courses... 3 1. Information Security Awareness for End Users... 3 2. Information Security Awareness for
More informationOWASP TOP Release. Andy Willingham June 12, 2018 OWASP Cincinnati
OWASP TOP 10 2017 Release Andy Willingham June 12, 2018 OWASP Cincinnati Agenda A quick history lesson The Top 10(s) Web Mobile Privacy Protective Controls Why have a Top 10? Software runs the world (infrastructure,
More informationCNIT 129S: Securing Web Applications. Ch 3: Web Application Technologies
CNIT 129S: Securing Web Applications Ch 3: Web Application Technologies HTTP Hypertext Transfer Protocol (HTTP) Connectionless protocol Client sends an HTTP request to a Web server Gets an HTTP response
More informationEthical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters
Ethical Hacking as a Professional Penetration Testing Technique ISSA Southern Tier & Rochester Chapters - Durkee Consulting, Inc. Background Founder of Durkee Consulting since 1996 Founder of Rochester
More informationSAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0
Welcome BIZEC Roundtable @ IT Defense, Berlin SAP Security BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0 February 1, 2013 Andreas Wiegenstein CTO, Virtual Forge 2 SAP Security SAP security is a complex
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWho s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl
Who s Afraid of SQL Injection?! Mike Kölbl Sonja Klausburg Siegfried Goeschl 1 http://xkcd.com/327/ 2 What Is SQL Injection? Incorrectly validated or nonvalidated string literals are concatenated into
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationWeb Application Attacks
Web Application Attacks What can an attacker do and just how hard is it? By Damon P. Cortesi IOActive, Inc. Comprehensive Computer Security Services www.ioactive.com cortesi:~
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationRanking Vulnerability for Web Application based on Severity Ratings Analysis
Ranking Vulnerability for Web Application based on Severity Ratings Analysis Nitish Kumar #1, Kumar Rajnish #2 Anil Kumar #3 1,2,3 Department of Computer Science & Engineering, Birla Institute of Technology,
More informationAdon'tbe an Adobe victim
Adon'tbe an Adobe victim An overview of how recent Adobe-related flaws affect your web application Joshua Stabiner EY Agenda Introductions Background Cross-site scripting (PDF) Overview Exploit Mitigation
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationSecurity and Authentication
Security and Authentication Authentication and Security A major problem with computer communication Trust Who is sending you those bits What they allow to do in your system 2 Authentication In distributed
More informationPost Connection Attacks
Post Connection Attacks All the attacks we carried out in the previous sections can be done without knowing the key to the AP, ie: without connecting to the target network. We saw how we can control all
More informationHunting Security Bugs
Microsoft Hunting Security Bugs * Tom Gallagher Bryan Jeffries Lawrence Landauer Contents at a Glance 1 General Approach to Security Testing 1 2 Using Threat Models for Security Testing 11 3 Finding Entry
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationEvaluating the Security Risks of Static vs. Dynamic Websites
Evaluating the Security Risks of Static vs. Dynamic Websites Ballard Blair Comp 116: Introduction to Computer Security Professor Ming Chow December 13, 2017 Abstract This research paper aims to outline
More informationEthical Hacking. Content Outline: Session 1
Ethical Hacking Content Outline: Session 1 Ethics & Hacking Hacking history : How it all begin - Why is security needed? - What is ethical hacking? - Ethical Hacker Vs Malicious hacker - Types of Hackers
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationWeb Application Firewall Subscription on Cyberoam UTM appliances
On-Appliance Reporting Web Application Firewall Subscription on Cyberoam UTM appliances Protecting Web Applications from hackers Application Visibility and Control Bandwidth Management Firewall Web Application
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationBank Infrastructure - Video - 1
Bank Infrastructure - 1 05/09/2017 Threats Threat Source Risk Status Date Created Account Footprinting Web Browser Targeted Malware Web Browser Man in the browser Web Browser Identity Spoofing - Impersonation
More informationF5 Application Security. Radovan Gibala Field Systems Engineer
1 F5 Application Security Radovan Gibala Field Systems Engineer r.gibala@f5.com +420 731 137 223 2007 2 Agenda Challenge Websecurity What are the problems? Building blocks of Web Applications Vulnerabilities
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationCISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker. Upcoming Dates. Course Description. Course Outline
CISSP CEH PKI SECURITY + CEHv9: Certified Ethical Hacker Learn to find security vulnerabilities before the bad guys do! The Certified Ethical Hacker (CEH) class immerses students in an interactive environment
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationUnique Phishing Attacks (2008 vs in thousands)
The process of attempting to acquire sensitive information, such as usernames, passwords and credit card details by masquerading as a trustworthy entity in an electronic communication. In the 2 nd half
More informationForeword by Katie Moussouris... Acknowledgments... xvii. Introduction...xix. Chapter 1: The Basics of Networking... 1
Brief Contents Foreword by Katie Moussouris.... xv Acknowledgments... xvii Introduction...xix Chapter 1: The Basics of Networking... 1 Chapter 2: Capturing Application Traffic... 11 Chapter 3: Network
More informationThe OWASP Foundation
Application Bug Chaining July 2009 Mark Piper User Catalyst IT Ltd. markp@catalyst.net.nz Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationSymlink attacks. Do not assume that symlinks are trustworthy: Example 1
Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or
More informationWebGoat Lab session overview
WebGoat Lab session overview Initial Setup Virtual Machine Tamper Data Web Goat Basics HTTP Basics Sniffing Web server attacks SQL Injection XSS INITIAL SETUP Tamper Data Hold alt to reveal the menu in
More informationCan HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit
Can HTTP Strict Transport Security Meaningfully Help Secure the Web? nicolle neulist June 2, 2012 Security B-Sides Detroit 1 2 o hai. 3 Why Think About HTTP Strict Transport Security? Roadmap what is HSTS?
More informationCYBER ATTACKS EXPLAINED: PACKET SPOOFING
CYBER ATTACKS EXPLAINED: PACKET SPOOFING Last month, we started this series to cover the important cyber attacks that impact critical IT infrastructure in organisations. The first was the denial-of-service
More informationTHREAT MODELING IN SOCIAL NETWORKS. Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda
THREAT MODELING IN SOCIAL NETWORKS Molulaqhooa Maoyi Rotondwa Ratshidaho Sanele Macanda INTRODUCTION Social Networks popular web service. 62% adults worldwide use social media 65% of world top companies
More informationFrancisco Amato evilgrade, "You have pending upgrades..."
Francisco Amato evilgrade, "You have pending upgrades..." Introduction Topics Client side explotation Update process Poor implementation of update processes Attack vectors evilgrade framework presentation
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationC and C++ Secure Coding 4-day course. Syllabus
C and C++ Secure Coding 4-day course Syllabus C and C++ Secure Coding 4-Day Course Course description Secure Programming is the last line of defense against attacks targeted toward our systems. This course
More informationCROSS SIIE SCRIPIING EXPlOITS AND DEFENSE
CROSS SIIE SCRIPIING EXPlOITS AND DEFENSE J erma Grossman bert "RSnake" Hansen ko pdp" 0 Petkov on Rager th Fogie Technical Editor and Co-Author Contents Chapter 1 Cross-site Scripting Fundamentals 1 Introduetion
More informationCPET 499/ITC 250 Web Systems Chapter 16 Security. Topics
CPET 499/ITC 250 Web Systems Chapter 16 Security Text Book: * Fundamentals of Web Development, 2015, by Randy Connolly and Ricardo Hoar, published by Pearson Paul I-Hai, Professor http://www.etcs.ipfw.edu/~lin
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationCurso: Ethical Hacking and Countermeasures
Curso: Ethical Hacking and Countermeasures Module 1: Introduction to Ethical Hacking Who is a Hacker? Essential Terminologies Effects of Hacking Effects of Hacking on Business Elements of Information Security
More informationThe Weakest Link: Mitigating Web Application Vulnerabilities. webscurity White Paper. webscurity Inc. Minneapolis, Minnesota USA
The Weakest Link: Mitigating Web Application Vulnerabilities webscurity White Paper webscurity Inc. Minneapolis, Minnesota USA March 19, 2008 Contents Executive Summary...3 Introduction...4 Target Audience...4
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationSecurity: Threats and Countermeasures. Stanley Tan Academic Program Manager Microsoft Singapore
Security: Threats and Countermeasures Stanley Tan Academic Program Manager Microsoft Singapore Session Agenda Types of threats Threats against the application Countermeasures against the threats Types
More informationHacking Oracle APEX. Welcome. About
Hacking Oracle APEX!2 About Me Welcome scott@sumnertech.com @sspendol!3!4 About Sumner Technologies Originally Established 2005 Relaunched in 2015 Focused exclusively on Oracle APEX solutions Provide wide
More informationWeb Applications Penetration Testing
Web Applications Penetration Testing Team Members: Rahul Motwani (2016ME10675) Akshat Khare (2016CS10315) ftarth Chopra (2016TT10829) Supervisor: Prof. Ranjan Bose Before proceeding further, we would like
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationKenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data
Kenna Platform Security A technical overview of the comprehensive security measures Kenna uses to protect your data V3.0, MAY 2017 Multiple Layers of Protection Overview Password Salted-Hash Thank you
More informationFounded the web application security lab
Robert RSnake Hansen - CEO SecTheory LLC Bespoke Boutique Internet Security Web Application/Browser Security Network/OS Security Advisory capacity to VCs/start-ups We solve tough problems. http://www.sectheory.com/
More informationInformation Security. Gabriel Lawrence Director, IT Security UCSD
Information Security Gabriel Lawrence Director, IT Security UCSD Director of IT Security, UCSD Three Startups (2 still around!) Sun Microsystems (Consulting and JavaSoftware) Secure Internet Applications
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationProtect your apps and your customers against application layer attacks
Protect your apps and your customers against application layer attacks Development 1 IT Operations VULNERABILITY DETECTION Bots, hackers, and other bad actors will find and exploit vulnerabilities in web
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationAndrés Riancho sec.com H2HC, 1
Andrés Riancho andres@bonsai-sec.com sec.com H2HC, HC, Brazil - 2009 1 Web Application Security enthusiast Developer (python!) Open Source Evangelist With some knowledge in networking, IPS design and evasion
More informationHow to Render SSL Useless. Render SSL Useless. By Ivan Ristic 1 / 27
How to Render SSL Useless By Ivan Ristic 1 / 27 Who is Ivan Ristic? 1) ModSecurity (open source web application firewall), 2) Apache 2 / 33 Security (O Reilly, 2005), 3) SSL Labs (research and assessment
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More information