Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Similar documents

Live Hacking. Threats & Countermeasures in Action (SEC411) Ofer Maor CTO Hacktics Ltd.

The Top Web Application Attacks: Are you vulnerable?

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

MatriXay WEB Application Vulnerability Scanner V Overview. (DAS- WEBScan ) The best WEB application assessment tool

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

Application Security Testing

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Where every interaction matters.

Check list for web developers

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

(WAPT) Web Application Penetration Testing

Web Application Penetration Testing

Application Security Testing. Erez Metula (CISSP), Founder Application Security Expert

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

ASL IT Security Advanced Web Exploitation Kung Fu V2.0

Web Application Security 101

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Course Content: Session 1. Ethics & Hacking

Hack Proof Your Webapps

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

10 Things Every Web Application Firewall Should Provide Share this ebook

Securing Your Web Application against security vulnerabilities. Ong Khai Wei, IT Specialist, Development Tools (Rational) IBM Software Group

Attack and Penetration Testing 101

OWASP Top Ten Tools and Tactics

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Web Application Security

ETHICAL HACKING APPLICATIO WIRELESS110 00NETWORK APPLICATION MOBILE MOBILE0001

Application Denial of Service Is it Really That Easy?

Web Applications The Hacker s New Target

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

Web Application Security

WEB APPLICATION FIREWALLS: DO WE NEED THEM?

Security Awareness For Server Administrators. State of Illinois Central Management Services Security and Compliance Solutions

Web Application Security

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Web App Security Audit Services

Guidelines for Web applications protection with dedicated Web Application Firewall

Ethical Hacking as a Professional Penetration Testing Technique

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Adobe Systems Incorporated

Application security testing: Protecting your application and data

CS 558 Internet Systems and Technologies

Magento Security and Vulnerabilities. Roman Stepanov

Integrating Security Testing into Quality Control

Finding and Preventing Cross- Site Request Forgery. Tom Gallagher Security Test Lead, Microsoft

Passing PCI Compliance How to Address the Application Security Mandates

STOPPING LAYER 7 ATTACKS with F5 ASM. Sven Müller Security Solution Architect

Rational AppScan & Ounce Products

Secure Web Application Coding Team Introductory Meeting December 1, :00 2:00PM Bits & Pieces Room, Sansom West Room 306 Agenda

Cross Site Scripting in Joomla Acajoom Component

IJMIE Volume 2, Issue 9 ISSN:

Cross-Site Scripting

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

Reducing Application Vulnerabilities by Security Engineering

Application Security Best Practices. Wally LEE Principal Consultant

How To Protect A Web Application From Attack From A Trusted Environment

Ethical Hacking Penetrating Web 2.0 Security

ASL IT SECURITY BEGINNERS WEB HACKING AND EXPLOITATION

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Secure Web Development Teaching Modules 1. Threat Assessment

Penetration Testing Service. By Comsec Information Security Consulting

What is Web Security? Motivation

Web application testing

Strategic Information Security. Attacking and Defending Web Services

Ethical Hacking & Cyber Security Workshop

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Out of the Fire - Adding Layers of Protection When Deploying Oracle EBS to the Internet

Information Supplement: Requirement 6.6 Code Reviews and Application Firewalls Clarified

External Network & Web Application Assessment. For The XXX Group LLC October 2012

Web Application Threats and Vulnerabilities Web Server Hacking and Web Application Vulnerability

What Next Gen Firewalls Miss: 6 Requirements to Protect Web Applications

Application Code Development Standards

[state of the internet] / SEO Attacks. Threat Advisory: Continuous Uptick in SEO Attacks

HP WebInspect Tutorial

Acunetix Web Vulnerability Scanner. Getting Started. By Acunetix Ltd.

Web Application Vulnerability Testing with Nessus

Thick Client Application Security

Common Criteria Web Application Security Scoring CCWAPSS

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Barracuda Web Application Firewall vs. Intrusion Prevention Systems (IPS) Whitepaper

Advanced Web Security, Lab

OWASP AND APPLICATION SECURITY

ArcGIS Server Security Threats & Best Practices David Cordes Michael Young

Web Application Report

Secure Web Applications. The front line defense

THE SMARTEST WAY TO PROTECT WEBSITES AND WEB APPS FROM ATTACKS

Penetration Testing in Romania

Common Security Vulnerabilities in Online Payment Systems

Information Technology Policy

How to start a software security initiative within your organization: a maturity based and metrics driven approach OWASP

3. Broken Account and Session Management. 4. Cross-Site Scripting (XSS) Flaws. Web browsers execute code sent from websites. Account Management

Transcription:

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

Agenda Introduction to Application Hacking Demonstration of Attack Tool Common Web Application Attacks Live Bank Hacking Demonstration Questions & Answers 2 of 20

Introduction to Application Hacking

Overview Today, most organizations create, use and externalize distributed applications implementing business processes. The increasing numbers of such applications combined with the improved security in the infrastructure layer drives hackers to turn to application attacks. According to Gartner, over 75% of attacks today take place in the application layer. 4 of 20

What Is Application Hacking? Taking advantage of application-level vulnerabilities to attack the site Attacks relate to the semantics and meaning of application messages, such as HTTP requests, SQL Queries or proprietary requests. Differs from infrastructure attacks focusing on identifying unauthorized services (port scanning) and abusing known vulnerabilities. 5 of 20

Application vs. Infrastructure Not easily replicated (no script kiddies!), though still easily exploitable Target the organization s core business operations rather than technology Allows launching direct attacks rather than needing to break several circles of defense Used by attackers with specific agenda (criminals, industrial espionage, etc.). 6 of 20

Application Vulnerabilities Mitigation No prepared patch to easily deploy Fixing the vulnerability requires recoding, turning it into a costly procedure Design Mistake Fix Cost Increase (Gartner): 1x During Design 6.5x During Development 15x During Testing 100x After Deployment 7 of 20

Technical vs. Logical Technical flaws relate to the specific technical implementation of the application Logical flaws relate to the way business processes were developed, unrelated to the development infrastructure New security features added to development infrastructure help decrease the number of technical flaws, whereas logical flaws are stil a prominent problem 8 of 20

Web Application Penetration Tool

Application Hacking Techniques Applications expect the client to behave in a certain predefined manner (only user controlled data is validated) The client, however, can be easily controlled by the malicious user (attacker) Easily done using friendly GUI based tools Interactive Interception Proxies Browser Plug-ins Etc. 10 of 20

Interception Proxy Demo 11 of 20

Common Web Application Attacks (With Live Demo!)

Passive Reconnaissance Understanding the Application Requests Monitoring Structure & Flow Mapping Searching Code for Comments Identifying Development Infrastructure Retrieving Internet Resources Google Hacking 13 of 20

Active (Malicious) Reconnaissance Generate Exceptions & Errors Unreferenced URLs Default Components Administrative Interfaces Configuration/Log Files Source Code Disclosure Known Vulnerabilities Backup/Old Files File Access Components 14 of 20

Parameter Tampering Basic, most simple form of application attack Directly targeting the business logic Does not require deep technical knowledge Takes advantage of developer assuming parameters retain their predefined values in Links Hidden Fields Fixed Values Etc. 15 of 20

Scripts Injection/Cross Site Scripting Most common web application vulnerability Used to bypass browser security in order to launch malicious scripts in the right context Performs an HTML injection of a JavaScript or VBScript on returning data Allows attacker to steal cookie information, steal data, execute operations on behalf of user, perform advanced phishing, etc. 16 of 20

Cross Site Scripting (XSS) The script, sent by the attacked client to the server was then received again by the client, now with the proper security context, and was able to send the cookie to the attacker 17 of 20

Flow Bypassing (Forceful Browsing) Common Logical Attack Useful against step-based applications such as wizards or redirection-based applications Allows attackers to overcome specific authentication or authorization mechanisms 18 of 20

SQL Injection Most powerful web application attack targeting the data itself Takes advantage of common usage of Dynamic SQL Queries Allows an attacker to maliciously modify the query sent by the application to the server Using this attack it is possible to bypass authentication, access sensitive data, modify data, cause DoS or takeover the server. 19 of 20

Thank You Q & A www.hacktics.com