Symlink attacks. Do not assume that symlinks are trustworthy: Example 1

Similar documents
Secure Programming Techniques

"Charting the Course to Your Success!" Securing.Net Web Applications Lifecycle Course Summary

Advanced Systems Security: Ordinary Operating Systems

SAP Security. BIZEC APP/11 Version 2.0 BIZEC TEC/11 Version 2.0

3/7/18. Secure Coding. CYSE 411/AIT681 Secure Software Engineering. Race Conditions. Concurrency

Attacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Advanced Systems Security: Ordinary Operating Systems

CIS 700/002 : Special Topics : OWASP ZED (ZAP)

Inline Reference Monitoring Techniques

CYSE 411/AIT681 Secure Software Engineering Topic #13. Secure Coding: Race Conditions

Certified Secure Web Application Engineer

COPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51

Secure Coding, some simple steps help. OWASP EU Tour 2013

CSWAE Certified Secure Web Application Engineer

Secure Architecture Principles

CSE543 - Introduction to Computer and Network Security

Dataflow Anomaly Detection

OWASP Top 10 The Ten Most Critical Web Application Security Risks

Students should have an understanding and a working knowledge in the following topics, or attend these courses as a pre-requisite:

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

Kishin Fatnani. Founder & Director K-Secure. Workshop : Application Security: Latest Trends by Cert-In, 30 th Jan, 2009

CS 356 Operating System Security. Fall 2013

Secure Architecture Principles

Ranking Vulnerability for Web Application based on Severity Ratings Analysis

Survey of Cyber Moving Targets. Presented By Sharani Sankaran

DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I

C1: Define Security Requirements

C and C++ Secure Coding 4-day course. Syllabus

Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks

Secure Architecture Principles

Ethical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities

Unit Level Secure by Design Approach

W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s

Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any

Securing Apache Tomcat. AppSec DC November The OWASP Foundation

CIS 5373 Systems Security

Advanced System Security: Vulnerabilities

Computer Security 3e. Dieter Gollmann. Chapter 18: 1

Application Security Introduction. Tara Gu IBM Product Security Incident Response Team

18-642: Security Mitigation & Validation

Programming Language Vulnerabilities within the ISO/IEC Standardization Community

Threat Modeling. Bart De Win Secure Application Development Course, Credits to

Chrome Extension Security Architecture

Computer Security. 04r. Pre-exam 1 Concept Review. Paul Krzyzanowski. Rutgers University. Spring 2018

Copyright

Web Application Vulnerabilities: OWASP Top 10 Revisited

Course 834 EC-Council Certified Secure Programmer Java (ECSP)

IEEE Sec Dev Conference

Combating Common Web App Authentication Threats

Protect Your Application with Secure Coding Practices. Barrie Dempster & Jason Foy JAM306 February 6, 2013

OWASP TOP 10. By: Ilia

Attacks Against Websites. Tom Chothia Computer Security, Lecture 11

Operating Systems Security

CMSC 414 Computer and Network Security

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

The Android security jungle: pitfalls, threats and survival tips. Scott

Secure Architecture Principles

HP 2012 Cyber Security Risk Report Overview

RiskSense Attack Surface Validation for Web Applications

Firewalls Network Security: Firewalls and Virtual Private Networks CS 239 Computer Software March 3, 2003

Module: Program Vulnerabilities. Professor Trent Jaeger. CSE543 - Introduction to Computer and Network Security

Fundamentals of Computer Security

David Rook. Agnitio Security code review swiss army knife. Hack in Paris, Paris

Engineering Your Software For Attack

1 About Web Security. What is application security? So what can happen? see [?]

CIS Operating Systems File Systems Security. Professor Qiang Zeng Fall 2017

Q Web Attack Analysis Report

Kenna Platform Security. A technical overview of the comprehensive security measures Kenna uses to protect your data

(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection

Outline. Security as an economic good. Risk budgeting with ALE. Failure: Risk compensation. Failure: Displacement activity

Drone /12/2018. Threat Model. Description. Threats. Threat Source Risk Status Date Created

CS 161 Computer Security

STING: Finding Name Resolution Vulnerabilities in Programs

SECURE CODING PART 1 MAGDA LILIA CHELLY ENTREPRENEUR CISO ADVISOR CYBERFEMINIST PEERLYST BRAND AMBASSADOR TOP 50 CYBER CYBER

SECURE CODING ESSENTIALS

VULNERABILITIES IN 2017 CODE ANALYSIS WEB APPLICATION AUTOMATED

Your Turn to Hack the OWASP Top 10!

Security Architecture

CSE 565 Computer Security Fall 2018

SysSec. Aurélien Francillon

Argus Vulnerability Assessment *1

Data Security and Privacy. Unix Discretionary Access Control

NSTB Assessments Summary Report: Common Industrial Control System Cyber Security Weaknesses

Department of Electrical Engineering and Computer Science MASSACHUSETTS INSTITUTE OF TECHNOLOGY Fall Quiz I Solutions

Mobile Malfeasance. Exploring Dangerous Mobile Code. Jason Haddix, Director of Penetration Testing

COMP9321 Web Application Engineering

90% of data breaches are caused by software vulnerabilities.

Case Studies in Access Control

Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West

McAfee Certified Assessment Specialist Network

Secure Software Programming and Vulnerability Analysis


COMPUTER NETWORK SECURITY

Security and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web

GUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.

Zero Trust on the Endpoint. Extending the Zero Trust Model from Network to Endpoint with Advanced Endpoint Protection

10 Active Directory Misconfigurations That Lead to Total Compromise Austin, TX 201 W 5th St.

Developing Secure Systems. Associate Professor

Transcription:

Symlink attacks Do not assume that symlinks are trustworthy: Example 1 Application A creates a file for writing in /tmp. It assumes that since the file name is unusual, or because it encodes A's name or pid, there is no need to check if the file is already present Attacker creates a symlink with same name that points to an important file F. When root runs A, F will be overwritten. Example 2 User A runs an application that creates a file in /tmp/x and then later updates it. User B attacks this application by removing /tmp/x and then creating a symlink named /tmp/x that points to an important file F. Hard links and file/directory renames can also be used to carry out some of these attacks, but they are difficult because there are more restrictions on them.

Race conditions Time-of-check-to-time-of-use (TOCTTOU) attacks Often arise when an application tries to protect itself against name-based attacks Example A setuid application permits a non-root user to specify the name of an output file, say, for logging It checks if the real user has permission to write this file, usually using the access system call Attacker modifies the file between access and open Checks OK, but the attack succeeds!

access/open Race condition examples chmod/chown Directory renames Root invokes rm -r on /tmp/* to clean up /tmp Attacker creates a directory /tmp/a and then another directory /tmp/a/b rm may (1) cd into /tmp/a/b, remove all files in it, (2) cd into.., (3) continue to remove files in /tmp/a, (4) cd.. and (5) continue to remove files in /tmp Attacker moves /tmp/a/b to /tmp between (1) and (3), causing files in / to be removed in step (5).

Succeeding in Races... It may seem that it would be hard for the attacker to succeed, but he can mount algorithmic complexity attacks Make a normally fast operation take very long Example: Instead of creating a file /tmp/a, make it point to a symlink which in turn points to a symlink and so on. Access operation, which needs to resolve this sequence of symlinks will take very long. Can further slow it down by creating deep directory trees. As a result, races can succeed with near 100% probability!

Common Software Vulnerabilities CWE (Common Weakness Enumeration) is an excellent source on currently prevalent software vulnerabilities CWE Top-25 is a good point to start You are expected to be familiar with the vulnerabilities in this list read the list and understand what each vulnerability means

Common Software Weaknesses Input validation Injection vulnerabilities Cross-site scripting, SQL/command injection, code/script injection, format-string, path-traversal, open redirect,... Buffer overflows integer overflows, incorrect buffer size or bounds calculation Many other application-specific effects of untrusted input Failure to recognize or enforce trust boundaries Calling function that trust their inputs with untrusted data Including code without understanding its dependencies Relying on form data or cookies in a web application Missing security operation Authentication: missing, weak, or using hard-coded credentials Authorization: missing checks Cross-site request forgery Failure to encrypt, hash, use salt,

Common Software Weaknesses Use of weak security primitives Weak random numbers, encryption, hash algorithms, Information leakage Error messages that reveal too much information Software version, source code fragments, database table names or errors, Timing channels Execution with unnecessary privileges Executing code with admin privileges Incorrect (or missing) permission settings Error/exception-handling code Failure to check error codes, e.g., open, malloc, Failure to test error/exception-handling code Race conditions

CWE -1000: Research View of CWEs Top 25 is useful to understand current trends, but the descriptions can often be uninformative CWE-1000 organization has a much better structure and organization You don t necessarily get a sense of completeness from these, but reading them will still significantly broaden your understanding of software vulnerabilities and more secure coding practices.

Secure Coding Practices The goal of this course is to expose you to a range of vulnerabilities and exploits, so you can learn how to build secure systems and develop secure code But we don t necessarily provide a cook book The hope is that you will learn more from understanding the examples in depth than reading a long laundry list Nevertheless, several good sources are available on the Internet that discuss secure coding practices CERT top 10 secure coding practices CERT Secure coding standards for C, C++, and Java OWASP Secure coding principles

Vulnerabilities Vs Malicious Code These two pose very different threats With vulnerable code, you have a relatively weak adversary: one that is constrained to exploiting an existing vulnerability, but has no way of controlling it. So, relatively weak defenses such as randomization can work. With malicious code, you have a strong adversary Can modify code to evade specific defenses You cannot make assumptions such as the absence of intentionally introduced errors, obfuscation, etc.

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback