Exploits: XSS, SQLI, Buffer Overflow

Size: px
Start display at page:

Download "Exploits: XSS, SQLI, Buffer Overflow"

Transcription

1 Exploits: XSS, SQLI, Buffer Overflow These vulnerabilities continue to result in many active exploits. XSS Cross Site Scripting, comparable to XSRF, Cross Site Request Forgery. These vulnerabilities are found in many web applications. SQLI Structured Query Language Injection exploits weaknesses in the web application controller to data model interface. Buffer Overflows are caused by providing more data to an input variable than the amount of space allocated, overwriting memory elsewhere in the application to modify the application.

2 Origin and Copyright These notes are partly derived from Wikipedia entries, so as a derived work it is licenced under the GNU Free Documentation License. For further details see:

3 Cross Site Scripting XSS A Cross Site Scripting (XSS) exploit concerns the ability of a website to run scripts within the web browser, using the JavaScript language. Obviously the browser will be designed to sandbox the script, so this has restricted access to the computer running the browser. But the browser can only have low level information to limit what the script can do, e.g. the script won't be allowed access to files on the host. So if the attack is at a higher conceptual level of abstraction e.g. to do with what the user of the webpage thinks about the origin of the information being presented, the lower level of logic at which the browser sandboxes website scripts will not be effective.

4 XSS Example 1

5 How it was done contained the following HTML source code which included some Javascript. (Extra line breaks added for readability, but in reality the URL is all on one line.) From now on the citizens of the USA can feel safe for the National Information Security is in young but good hands" <a href="http://www.bbc.co.uk/bbcone/listings/index.shtml? service_id=4223&day=today%22%3e%3cscript %20src=http://www.securitylab.ru/test/sc.js%3E%3C/script%3E %3C! ">reports</a> BBC.

6 XSS E.G.2 Boarding the MPAA

7 How Pirate Bay boarded the MPAA <form name="form" action="http://www.mpaa.org/thank_you.asp" method="post"> <! here we inject an iframe and an image from > <input name="txtfavoritemovie" type="hidden" size="18" maxlength="1175" value="<img src='http://static.thepiratebay.org/img/tpb.jpg'><br><br><iframe width='100%' height='600px' src='http://thepiratebay.org/browse/200'>"> <input type="hidden" name="name" value="1"> <input type="submit"> </form>

8 XSS EG3 Mr Bean for Spanish President

9 Type 0: local or DOM based XSS vulnerability This occurs where an attacker writes HTML including scripts into a context that the web browser treats as of local origin, allowing for unprivileged access to local objects e.g. a file on the local system.

10 XSS type 0 example 1. Mallory sends a URL to Alice (via or another mechanism) of a maliciously constructed web page. 2. Alice clicks on the link. 3. The malicious web page's JavaScript opens a vulnerable HTML page installed locally on Alice's computer. 4. The vulnerable HTML page is tricked into executing JavaScript in the computer's local zone. 5. Mallory's malicious script now may run commands with the privileges Alice holds on her own computer.

11 Type 1: non persistent or reflected XSS vulnerability This arises when an attacker (Mallory) succeeds in getting a victim (Alice) to click on a supplied URL which is then submitted to another (e.g. Bob's) website. This can occur through a URL in an to Alice sent by Mallory, to a site owned by Bob and accepting HTML input.

12 XSS type 1 example slide 1 1. Alice often visits a particular website, which is hosted by Bob. Bob's website allows Alice to log in with a username/password pair and store sensitive information, such as billing information. 2. Mallory observes that Bob's website contains a reflected XSS vulnerability. 3. Mallory crafts a URL to exploit the vulnerability, and sends Alice an , making it look as if it came from Bob (ie. the is spoofed).

13 XSS type 1 example slide 2 4. Alice visits the URL provided by Mallory while logged into Bob's website. 5. The malicious script embedded in the URL executes in Alice's browser, as if it came directly from Bob's server. The script steals sensitive information (authentication credentials, billing info, etc) and sends this to Mallory's web server without Alice's knowledge.

14 Type 2: persistent XSS vulnerability Here Mallory inserts the HTML including script directly into Bob's website, which allows users to include HTML, e.g. where social networking sites enable users to include an HTML profile. Alice, when looking at Mallory's profile or HTML message, will run the script in her web browser within the domain context of Bob, so Alice's system will treat Mallory's script as if it were from Bob.

15 XSS type 2 example slide 1 1. Bob hosts a web site which allows users to post messages and other content to the site for later viewing by other members. 2. Mallory notices that Bob's website is vulnerable to a type 2 XSS attack. 3. Mallory posts a message, controversial in nature, which may encourage many other users of the site to view it.

16 XSS type 2 example slide 2 4. Upon merely viewing the posted message, site users' session cookies or other credentials could be taken and sent to Mallory's webserver without their knowledge. 5. Later, Mallory logs in as other site users and posts messages on their behalf...

17 XSRF Cross Site Request Forgery Cross site request forgery, also known as one click attack or session riding and abbreviated as CSRF or XSRF, is a kind of malicious exploit of websites. Although similarsounding in name to cross site scripting (XSS), it is a different and almost opposite form of attack. Whereas cross site scripting exploits the trust a user has in a website, a cross site request forgery exploits the trust a Web site has in a user by forging a request from a trusted user. These attacks are often less popular (so there are fewer resources available), more difficult to defend against than XSS attacks, and, therefore, more dangerous.

18 XSRF attack example slide 1 The attack works by including a link or script in a page that accesses a site to which the user is known to have authenticated. For example, one user, Alice, might be browsing a chat forum where another user, Mallory, has posted a message with an image that links to Alice's bank. Suppose that, as the URL for the image tag, Mallory has crafted a URL that submits a withdrawal form on Alice's bank's website. If Alice's bank keeps her authentication information in a cookie, and if the cookie hasn't expired, then Alice's browser's attempt to load the image will submit the withdrawal form with her cookie, thus authorizing a transaction without Alice's approval.

19 XSRF attack example slide 2 <IMG src="http://bigbank.com/transfer_money.cgi? ac=alice&pay=mallory&amount=100000" &description=completion_ac2157> Here BigBank trusts Alice's cookie because Alice is already logged in. It therefore assumes that the URL that comes from Alice's web browser containing Alice's cookie is authorised to transfer a large sum from Alice's to Mallory's account. Data is frequently sent from browsers to websites as part of the URL, and many websites treat the GET data entry request identically to the FORM data entry request.

20 XSRF Common Characteristics Involve sites that rely on a user's identity Exploit the site's trust in that identity Trick the user's browser into sending HTTP requests to a target site Involve HTTP requests that have side effects At risk are web applications that perform actions based on input from trusted and authenticated users without requiring the user to authorize the specific action. A user that is authenticated by a cookie saved in his web browser could unknowingly send an HTTP request to a site that trusts him and thereby cause an unwanted action.

21 SQL Injection source Exploits of a mum

22 SQL Injection Attacks SQL injection is a security vulnerability that occurs in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed. This is an instance of a more general class of vulnerabilities that can occur whenever one programming or scripting language is embedded inside another.

23 Incorrectly filtered escape characters 1 This form of SQL injection occurs when user input is not filtered for escape characters and is then passed into a SQL statement. This results in the potential manipulation of the statements performed on the database by the end user of the application. The following line of code illustrates this vulnerability: statement := "SELECT * FROM users WHERE name = '" + username + "';" If the "username" variable is crafted in a specific way by a malicious user, the SQL statement may do more than the code author intended.

24 Incorrectly filtered escape characters 2 For example, setting the "username" variable as a' or 't'='t renders this SQL statement by the parent language: SELECT * FROM users WHERE name = 'a' or 't'='t'; If this code were to be used in an authentication procedure then this example could be used to force the selection of a valid username because the evaluation of 't'='t' is always true.

25 Incorrectly filtered escape characters 3 Theoretically any valid SQL command may be injected via this method, including the execution of multiple statements. The following value of "username" in the above statement would cause the deletion of the "users" table as well as the selection of all data from the "data" table: a';drop TABLE users; SELECT * FROM data WHERE name LIKE '% This input renders the final SQL statement as follows: SELECT * FROM users WHERE name = 'a';drop TABLE users; SELECT * FROM data WHERE name LIKE '%';

26 Incorrect type handling 1 This form of SQL injection occurs when a user supplied field is not strongly typed or is not checked for type constraints. This could take place when a numeric field is to be used in a SQL statement, but the programmer makes no checks to validate that the user supplied input is numeric. For example: statement := "SELECT * FROM data WHERE id = " + a_variable + ";" It is clear from this statement that the author intended a_variable to be a number correlating to the "id" field.

27 Incorrect type handling 2 However, if it is in fact a string then the end user may manipulate the statement as they choose, thereby bypassing the need for escape characters. For example, setting a_variable to 1;DROP TABLE users will delete the "users" table from the database as the rendered SQL would be rendered as follows: SELECT * FROM data WHERE id = 1;DROP TABLE users;

28 Buffer Overflow Exploits A buffer overflow occurs when more data is input into a program data storage area than the space allocated or planned for it. Everyone who has learned how to program in 'C' will have encountered buffer overflows as a common programming bug. Crackers have learned how to exploit this kind of bug in many situations where hostile data is input to an insecure program which worked correctly in test cases previously known to the developer.

29 Stack Buffer Overflow Exploitation 1 Programs are vulnerable to this exploit where: 1. The function return jump address on the program stack occurs in the memory segment soon after the exploitable buffer and nothing causing program failure if overwritten occurs between 2. The attacker can provide arbitrary input which overruns an exploitable buffer. 3. The attacker can calculate an alternate jump address to insert in place of the return jump address, so that the alternate jump address goes to program instructions which the attacker has inserted as part of the buffer overrun. (Use of a "landing pad" area of goto next program instructions prior to the inserted exploit code for the jump inserted by the attacker allows extra flexibility.

30 Stack Buffer Overflow Exploitation 2 4. The attacker can execute inserted exploit code by this means which can, with the privileges and context of the compromised program, cause actions to occur which furthers the attackers agenda, or which result in some other system security compromise. Obviously the potential system compromise will be greater when a setuid to root program, or a program running as root is exploited in this manner than if a less privileged program is exploited.

31 Heap Buffer Overflow Exploitation A buffer overflow occurring in the heap data area is referred to as a heap overflow and is exploitable in a different manner to that of stack based overflows. Memory on the heap is dynamically allocated by the application at run time and typically contains program data. Exploitation is performed by corrupting this data in specific ways to cause the application to overwrite internal structures such as linked list pointers. The canonical heap overflow technique overwrites dynamic memory allocation linkage (such as malloc meta data) and uses the resulting pointer exchange to overwrite a program function pointer.

32 Further Recommended Reading XSS, XSRF html CERT Advisory CA Malicious HTML Tags Embedded in Client Web Requests faq.shtml Cross Site Scripting FAQ. Good summary for non technical users. SQL Injection injection.html SQL Injection Attacks By Example Buffer Overflows overflow/smash stack.html Smashing The Stack For Fun And Profit (Aleph One)

Web Application Security

Web Application Security Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching

More information

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2

Advanced Web Technology 10) XSS, CSRF and SQL Injection 2 Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation

More information

Security Testing with Selenium

Security Testing with Selenium with Selenium Vidar Kongsli Montréal, October 25th, 2007 Versjon 1.0 Page 1 whois 127.0.0.1? Vidar Kongsli System architect & developer Head of security group Bekk Consulting Technology and Management

More information

Project OWASP and two most frequent vulnerabilities in web applications

Project OWASP and two most frequent vulnerabilities in web applications Project OWASP and two most frequent vulnerabilities in web applications Filip Šebesta, Wilson Tuladhar 2010 Abstract With the rapid use of the Internet, there has been a rapid growth in websites and web

More information

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

FINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that

More information

Web Application Security Considerations

Web Application Security Considerations Web Application Security Considerations Eric Peele, Kevin Gainey International Field Directors & Technology Conference 2006 May 21 24, 2006 RTI International is a trade name of Research Triangle Institute

More information

Application Security Testing. Indian Computer Emergency Response Team (CERT-In)

Application Security Testing. Indian Computer Emergency Response Team (CERT-In) Application Security Testing Indian Computer Emergency Response Team (CERT-In) OWASP Top 10 Place to start for learning about application security risks. Periodically updated What is OWASP? Open Web Application

More information

Check list for web developers

Check list for web developers Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation

More information

Magento Security and Vulnerabilities. Roman Stepanov

Magento Security and Vulnerabilities. Roman Stepanov Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection

More information

Where every interaction matters.

Where every interaction matters. Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper

More information

Project 2: Web Security Pitfalls

Project 2: Web Security Pitfalls EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course

More information

Last update: February 23, 2004

Last update: February 23, 2004 Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to

More information

SQL Injection for newbie

SQL Injection for newbie SQL Injection for newbie SQL injection is a security vulnerability that occurs in a database layer of an application. It is technique to inject SQL query/command as an input via web pages. Sometimes we

More information

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com

Integrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration

More information

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh

Web applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP

More information

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not

More information

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO-6013-09 TABLE OF CONTENTS

SECURE APPLICATION DEVELOPMENT CODING POLICY OCIO-6013-09 TABLE OF CONTENTS OFFICE OF THE CHIEF INFORMATION OFFICER OCIO-6013-09 Date of Issuance: May 22, 2009 Effective Date: May 22, 2009 Review Date: TABLE OF CONTENTS Section I. PURPOSE II. AUTHORITY III. SCOPE IV. DEFINITIONS

More information

What is the Internet?

What is the Internet? What is the Internet? Session 6: Internet Security Elena Silenok @silenok Charlie Robbins @nodejitsu Questions? Just Raise Your Hand Topics Ports / Protocols / OS / Packets Types of Threats Worms, viruses

More information

Cross-Site Scripting and Cross-Site Request Forgery attacks

Cross-Site Scripting and Cross-Site Request Forgery attacks Network Security A.A. 2015-2016 Cross-Site Scripting and Cross-Site Request Forgery attacks Final Report of the laboratory activity focused on explaining and crafting vector attacks in order to exploit

More information

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance

More information

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration

More information

Introduction. Buffer Overflow. SQL Injection. Cross-Site Scripting. Software Security I. Overview. Source: SearchsoftwareQuality.techtarget.

Introduction. Buffer Overflow. SQL Injection. Cross-Site Scripting. Software Security I. Overview. Source: SearchsoftwareQuality.techtarget. Overview Introduction Buffer Overflow SQL Injection Cross-Site Scripting Source: SearchsoftwareQuality.techtarget.com Introduction Some of the most common and widely exploited software vulnerabilities

More information

Cross-Site Scripting

Cross-Site Scripting Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some

More information

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top

More information

Criteria for web application security check. Version 2015.1

Criteria for web application security check. Version 2015.1 Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-

More information

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences

More information

Agenda. SQL injection review XSS attacks 1/21

Agenda. SQL injection review XSS attacks 1/21 Agenda SQL injection review XSS attacks 1/21 Excerpt from the Debate - Closely relevant to this class "Mine were words, and his was action." "You would be in jail." "When they go low, we go high." "She

More information

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org

More information

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE

FINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security

More information

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems

More information

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities

More information

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current

More information

Web-Application Security

Web-Application Security Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice

More information

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications 1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won

More information

Introduction. Two levels of security vulnerabilities:

Introduction. Two levels of security vulnerabilities: Introduction Two levels of security vulnerabilities: Project level (cyphers, standard protocols, BAN logic, etc.) Implementation level (bugs, unhandled inputs, misconfigurations, etc.) There are two levels

More information

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework

Detecting and Exploiting XSS with Xenotix XSS Exploit Framework Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.

More information

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com

More information

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso

VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES AUTHOR: Chema Alonso Informática 64. Microsoft MVP Enterprise Security Hello and welcome to Intypedia.

More information

The Top Web Application Attacks: Are you vulnerable?

The Top Web Application Attacks: Are you vulnerable? QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding

More information

1. What is SQL Injection?

1. What is SQL Injection? SQL Injection 1. What is SQL Injection?...2 2. Forms of vulnerability...3 2.1. Incorrectly filtered escape characters...3 2.2. Incorrect type handling...3 2.3. Vulnerabilities inside the database server...4

More information

Common Security Vulnerabilities in Online Payment Systems

Common Security Vulnerabilities in Online Payment Systems Common Security Vulnerabilities in Online Payment Systems Author- Hitesh Malviya(Information Security analyst) Qualifications: C!EH, EC!SA, MCITP, CCNA, MCP Current Position: CEO at HCF Infosec Limited

More information

CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 1

CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 1 CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 1 Attacking Clients Vulnerabilities in browsers May result in session hijacking, unauthorized actions, and disclosure

More information

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young

ArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction

More information

CS 155 Final Exam. CS 155: Spring 2013 June 11, 2013

CS 155 Final Exam. CS 155: Spring 2013 June 11, 2013 CS 155: Spring 2013 June 11, 2013 CS 155 Final Exam This exam is open book and open notes. You may use course notes and documents that you have stored on a laptop, but you may NOT use the network connection

More information

Security features of ZK Framework

Security features of ZK Framework 1 Security features of ZK Framework This document provides a brief overview of security concerns related to JavaScript powered enterprise web application in general and how ZK built-in features secures

More information

Columbia University Web Security Standards and Practices. Objective and Scope

Columbia University Web Security Standards and Practices. Objective and Scope Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements

More information

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory

More information

Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications

Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications Evading Web XSS Filters through Word (Microsoft Office and Open Office) in Enterprise Web Applications Date: 11 March 2009 Aditya K Sood, http://www.secniche.com http://www.secniche.org adi_ks [at] secniche.org

More information

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp. and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available

More information

OWASP Top Ten Tools and Tactics

OWASP Top Ten Tools and Tactics OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),

More information

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security

More information

Web Application Vulnerabilities and Avoiding Application Exposure

Web Application Vulnerabilities and Avoiding Application Exposure Web Application Vulnerabilities and Avoiding Application Exposure The introduction of BIG-IP Application Security Manager (ASM) version 9.4.2 marks a major step forward. BIG-IP ASM now offers more features

More information

Thick Client Application Security

Thick Client Application Security Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two

More information

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked. This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out

More information

CROSS-SITE SCRIPTING (XSS) ATTACKS

CROSS-SITE SCRIPTING (XSS) ATTACKS CROSS-SITE SCRIPTING (XSS) ATTACKS Abu Khleif & Haitham Topics In security, Nov 28, 2016 CONTENTS Overview Types of XSS Vulnerabilities How to Determine If You Are Vulnerable? How to Protect Your Website?

More information

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.

More information

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011 Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing

More information

Cross Site Scripting in Joomla Acajoom Component

Cross Site Scripting in Joomla Acajoom Component Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended

More information

Opening Intranets to attacks by using Internet Explorer

Opening Intranets to attacks by using Internet Explorer Opening Intranets to attacks by using Internet Explorer Author: Cesar Cerrudo (cesar>.at..dot.

More information

Intrusion detection for web applications

Intrusion detection for web applications Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities

More information

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability WWW Based upon HTTP and HTML Runs in TCP s application layer Runs on top of the Internet Used to exchange

More information

Penetration Test Report

Penetration Test Report Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System

More information

Investigation of Defences Against Cross Site Scripting Attacks

Investigation of Defences Against Cross Site Scripting Attacks Investigation of Defences Against Cross Site Scripting Attacks Chris Mills BE Undergraduate, Software Engineering University of Auckland October 26, 2004 Abstract Cross-site scripting attacks are used

More information

Application Design and Development

Application Design and Development C H A P T E R9 Application Design and Development Practice Exercises 9.1 What is the main reason why servlets give better performance than programs that use the common gateway interface (CGI), even though

More information

Web Application Guidelines

Web Application Guidelines Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security

More information

Application security testing: Protecting your application and data

Application security testing: Protecting your application and data E-Book Application security testing: Protecting your application and data Application security testing is critical in ensuring your data and application is safe from security attack. This ebook offers

More information

Preparing for the Cross Site Request Forgery Defense

Preparing for the Cross Site Request Forgery Defense Preparing for the Cross Site Request Forgery Defense Chuck Willis chuck.willis@mandiant.com Black Hat DC 2008 February 20, 2008 About Me Principal Consultant with MANDIANT in Alexandria, VA Full spectrum

More information

Jordan University of Science and Technology

Jordan University of Science and Technology Jordan University of Science and Technology Department of Computer Engineering Cryptography and Networks Security Investigation Done By Omar Ibrahim Mohammad Bataineh 20010171035 Aysar Mohammad Rashed

More information

What is Web Security? Motivation

What is Web Security? Motivation brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web

More information

EECS 398 Project 2: Classic Web Vulnerabilities

EECS 398 Project 2: Classic Web Vulnerabilities EECS 398 Project 2: Classic Web Vulnerabilities Revision History 3.0 (October 27, 2009) Revise CSRF attacks 1 and 2 to make them possible to complete within the constraints of the project. Clarify that

More information

Hack Proof Your Webapps

Hack Proof Your Webapps Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University

More information

An Insight into Cookie Security

An Insight into Cookie Security An Insight into Cookie Security Today most websites and web based applications use cookies. Cookies are primarily used by the web server to track an authenticated user or other user specific details. This

More information

HTML5. Eoin Keary CTO BCC Risk Advisory. www.bccriskadvisory.com www.edgescan.com

HTML5. Eoin Keary CTO BCC Risk Advisory. www.bccriskadvisory.com www.edgescan.com HTML5 Eoin Keary CTO BCC Risk Advisory www.bccriskadvisory.com www.edgescan.com Where are we going? WebSockets HTML5 AngularJS HTML5 Sinks WebSockets: Full duplex communications between client or server

More information

elearning for Secure Application Development

elearning for Secure Application Development elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security

More information

Understanding Cross Site Scripting

Understanding Cross Site Scripting Understanding Cross Site Scripting Hardik Shah Understanding cross site scripting attacks Introduction: there are many techniques which a intruder can use to compromise the webapplications. one such techniques

More information

Webapps Vulnerability Report

Webapps Vulnerability Report Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during

More information

Summary of the SEED Labs For Authors and Publishers

Summary of the SEED Labs For Authors and Publishers SEED Document 1 Summary of the SEED Labs For Authors and Publishers Wenliang Du, Syracuse University To help authors reference our SEED labs in their textbooks, we have created this document, which provides

More information

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most

More information

Network Security Exercise #8

Network Security Exercise #8 Computer and Communication Systems Lehrstuhl für Technische Informatik Network Security Exercise #8 Falko Dressler and Christoph Sommer Computer and Communication Systems Institute of Computer Science,

More information

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis

More information

OWASP Top 10: Effectiveness of Web Application Firewalls. David Caissy AppSec Asia 2016 Wuhan, China

OWASP Top 10: Effectiveness of Web Application Firewalls. David Caissy AppSec Asia 2016 Wuhan, China OWASP Top 10: Effectiveness of Web Application Firewalls David Caissy AppSec Asia 2016 Wuhan, China Agenda Commercial vs Open Source Web Application Firewalls (WAF) Bypassing WAF Filtering Effectiveness

More information

Network Security Web Security

Network Security Web Security Network Security Web Security Anna Sperotto, Ramin Sadre Design and Analysis of Communication Systems Group University of Twente, 2012 Cross Site Scripting Cross Side Scripting (XSS) XSS is a case of (HTML)

More information

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com

Hack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com Hack Yourself First Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com We re gonna turn you into lean, mean hacking machines! Because if we don t, these kids are going to hack you Jake Davies, 19 (and

More information

CHAPTER 6. Four Tier Validation System to prevent Session Hijack attacks by defending the Cross Site Scripting attacks

CHAPTER 6. Four Tier Validation System to prevent Session Hijack attacks by defending the Cross Site Scripting attacks CHAPTER 6 Four Tier Validation System to prevent Session Hijack attacks by defending the Cross Site Scripting attacks 6.1 INTRODUCTION Network plays an important role in current scenarios such as online

More information

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business 6 Six Essential Elements of Web Application Security Cost Effective Strategies for Defending Your Business An Introduction to Defending Your Business Against Today s Most Common Cyber Attacks When web

More information

Cross-Site Scripting (XSS)

Cross-Site Scripting (XSS) Lam 1 Cross-Site Scripting (XSS) Christopher Lam December 15, 2008 CMPT-320 Dr. Stefan Robila Final Project Report Lam 2 Abstract As the Internet becomes more and more complex, newly found vulnerabilities

More information

A Survey on Threats and Vulnerabilities of Web Services

A Survey on Threats and Vulnerabilities of Web Services A Survey on Threats and Vulnerabilities of Web Services A Thesis submitted in partial fulfillment of the requirements for the degree of Master of Computer Science and Engineering of Jadavpur University

More information

PHP SECURITY. Prof. Assoc. Lule Ahmedi Course: Internet Programming

PHP SECURITY. Prof. Assoc. Lule Ahmedi Course: Internet Programming PHP SECURITY Prof. Assoc. Lule Ahmedi Course: Internet Programming Best Practices Again Attacks Attacks targeted either by chance or purposefully Opportunistic attacks where a scan of many systems identifies

More information

CTF Web Security Training. Engin Kirda ek@ccs.neu.edu

CTF Web Security Training. Engin Kirda ek@ccs.neu.edu CTF Web Security Training Engin Kirda ek@ccs.neu.edu Web Security Why It is Important Easiest way to compromise hosts, networks and users Widely deployed ( payload No Logs! (POST Request Difficult to defend

More information

Annual Web Application Security Report 2011

Annual Web Application Security Report 2011 Annual Web Application Security Report 2011 An analysis of vulnerabilities found in external Web Application Security tests conducted by NTA Monitor during 2010 Contents 1.0 Introduction... 3 2.0 Summary...

More information

Introduction. Attacks Against Websites 2. Reflected XSS. Cross-site scripting (XSS) Solution for injection: sanitization.

Introduction. Attacks Against Websites 2. Reflected XSS. Cross-site scripting (XSS) Solution for injection: sanitization. Introduction Attacks Against Websites 2 Tom Chothia Computer Security, Lecture 12 More on Web Attacks: Cross site scripting attacks (XSS) Cross-site request forgery (CSRF) OWASP top 10 web attacks. Cross-site

More information

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?

More information

Using Foundstone CookieDigger to Analyze Web Session Management

Using Foundstone CookieDigger to Analyze Web Session Management Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.

More information

OWASP AND APPLICATION SECURITY

OWASP AND APPLICATION SECURITY SECURING THE 3DEXPERIENCE PLATFORM OWASP AND APPLICATION SECURITY Milan Bruchter/Shutterstock.com WHITE PAPER EXECUTIVE SUMMARY As part of Dassault Systèmes efforts to counter threats of hacking, particularly

More information

Using Form Tools (admin)

Using Form Tools (admin) EUROPEAN COMMISSION DIRECTORATE-GENERAL INFORMATICS Directorate A - Corporate IT Solutions & Services Corporate Infrastructure Solutions for Information Systems (LUX) Using Form Tools (admin) Commission

More information

Ethical Hacking Penetrating Web 2.0 Security

Ethical Hacking Penetrating Web 2.0 Security Ethical Hacking Penetrating Web 2.0 Security Contact Sam Bowne Computer Networking and Information Technology City College San Francisco Email: sbowne@ccsf.edu Web: samsclass.info 2 Two Hacking Classes

More information

Complete Cross-site Scripting Walkthrough

Complete Cross-site Scripting Walkthrough Complete Cross-site Scripting Walkthrough Author : Ahmed Elhady Mohamed Email : ahmed.elhady.mohamed@gmail.com website: www.infosec4all.tk blog : www.1nfosec4all.blogspot.com/ [+] Introduction wikipedia

More information

Web Engineering Web Application Security Issues

Web Engineering Web Application Security Issues Security Issues Dec 14 2009 Katharina Siorpaes Copyright 2009 STI - INNSBRUCK www.sti-innsbruck.at It is NOT Network Security It is securing: Custom Code that drives a web application Libraries Backend

More information