Ethical Hacking: Penetrating Web 2.0 Security

Similar documents
Ethical Hacking Penetrating Web 2.0 Security

Application Denial of Service Is it Really That Easy?

Common Security Vulnerabilities in Online Payment Systems

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

ASP.NET MVC Secure Coding 4-Day hands on Course. Course Syllabus

SECURITY ADVISORY. December 2008 Barracuda Load Balancer admin login Cross-site Scripting

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Hack Proof Your Webapps

Magento Security and Vulnerabilities. Roman Stepanov

Web Application Security

Application Security Testing. Generic Test Strategy

Annex B - Content Management System (CMS) Qualifying Procedure

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Web Application Report

Bank Hacking Live! Ofer Maor CTO, Hacktics Ltd. ATC-4, 12 Jun 2006, 4:30PM

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Check list for web developers

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

Last update: February 23, 2004

CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities

What is Web Security? Motivation

What about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)

Top Ten Web Application Vulnerabilities in J2EE. Vincent Partington and Eelco Klaver Xebia

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

EC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.

Web Application Hacking (Penetration Testing) 5-day Hands-On Course

The Top Web Application Attacks: Are you vulnerable?

Testing the OWASP Top 10 Security Issues

Figure 9-1: General Application Security Issues. Application Security: Electronic Commerce and . Chapter 9

Øredev Web application testing using a proxy. Lucas Nelson, Symantec Inc.

Are you fighting new threats with old weapons? Secure your Web applications with Web Application Firewalls.

OWASP AND APPLICATION SECURITY

Hacking for Fun and Profit

Enterprise Application Security Workshop Series

Ruby on Rails Security. Jonathan Weiss, Peritor Wissensmanagement GmbH

National Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research

DDoS Protection Technology White Paper

Detailed Description about course module wise:

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

Annual Web Application Security Report 2011

Project 2: Web Security Pitfalls

(WAPT) Web Application Penetration Testing

Gateway Apps - Security Summary SECURITY SUMMARY

Cyber Security Workshop Ethical Web Hacking

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Columbia University Web Security Standards and Practices. Objective and Scope

WEB ATTACKS AND COUNTERMEASURES

TECHNICAL AUDITS FOR CERTIFYING EUROPEAN CITIZEN COLLECTION SYSTEMS

FINAL DoIT v.8 APPLICATION SECURITY PROCEDURE

Cross-Site Scripting

Passing PCI Compliance How to Address the Application Security Mandates

Adobe Systems Incorporated

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Introduction. Two levels of security vulnerabilities:

Attack and Penetration Testing 101

Cross Site Scripting in Joomla Acajoom Component

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

Indexed Terms: attacks, challenges, cloud computing, countermeasures, hacker, security

University of Wisconsin Platteville SE411. Senior Seminar. Web System Attacks. Maxwell Friederichs. April 18, 2013

Web and Security 1 / 40

Client Side Filter Enhancement using Web Proxy

Enterprise level security, the Huddle way.

Security Research Advisory IBM inotes 9 Active Content Filtering Bypass

Security of Web Applications and Browsers: Challenges and Solutions

A Decision Maker s Guide to Securing an IT Infrastructure

APPLICATION SECURITY AND ITS IMPORTANCE

Using Foundstone CookieDigger to Analyze Web Session Management

Sample Report. Security Test Plan. Prepared by Security Innovation

Learn Ethical Hacking, Become a Pentester

Application Security Vulnerabilities, Mitigation, and Consequences

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek

Web Application Security

Ruby on Rails Secure Coding Recommendations

OWASP and OWASP Top 10 (2007 Update) OWASP. The OWASP Foundation. Dave Wichers. The OWASP Foundation. OWASP Conferences Chair

Criteria for web application security check. Version

5 Simple Steps to Secure Database Development

Application Security and the SDLC. Dan Cornell Denim Group, Ltd.

Web Vulnerability Scanner by Using HTTP Method

A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith

Network Security Exercise #8

Where every interaction matters.

Guide for the attention of developers/hosts for merchant websites on the minimum level of security for bank card data processing

Contemporary Web Application Attacks. Ivan Pang Senior Consultant Edvance Limited

Your customers protected against cybercrime. New commercial opportunities for you

Web Application Security

Course Content: Session 1. Ethics & Hacking

Attack Vector Detail Report Atlassian

The risks borne by one are shared by all: web site compromises

Network Security Testing using MMT: A case study in IDOLE project

How to break in. Tecniche avanzate di pen testing in ambito Web Application, Internal Network and Social Engineering

Security vulnerabilities in new web applications. Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant

Web Hacking Incidents Revealed: Trends, Stats and How to Defend. Ryan Barnett Senior Security Researcher SpiderLabs Research

Detecting Web Application Vulnerabilities Using Open Source Means. OWASP 3rd Free / Libre / Open Source Software (FLOSS) Conference 27/5/2008

Web Application Security

Exploits: XSS, SQLI, Buffer Overflow

Chapter 4 Application, Data and Host Security

Live Hacking. Threats & Countermeasures in Action (SEC411) Ofer Maor CTO Hacktics Ltd.

It may look like this all has to do with your password, but that s not the only factor to worry about.

Transcription:

Sam Bowne Computer Networking and Information Technology City College San Francisco Email: sbowne@ccsf.edu Web: samsclass.info Two Hacking Classes CNIT 123: Ethical Hacking and Network Defense Has been taught since Spring 2007 (four times) Face-to-face and Online sections available Fall 2008 CNIT 124: Advanced Ethical Hacking Taught for the first time in Spring 2008 Supplemental Materials Projects from recent research Students get extra credit by attending conferences IEEE June 17, 2008 Bowne Page 1 of 5

Certified Ethical Hacker Those two classes prepare students for CEH Certification Certificate in Network Security Associate of Science Degree Four Vulnerabilities 16% of Web sites vulnerable Cross-Site Scripting 65% of major sites vulnerable Cross-Site Request Forgery Almost every Web site with a login is vulnerable Layer 7 Denial of Service Every site with active content is vulnerable E-Commerce Login HTML Form collects name and password It's processed at the SQL server with code lik e this: SELECT * FROM customer WHERE username = name' AND password = pw' If a hacker enters a name of OR 1=1 The SQL becomes: SELECT * FROM customer WHERE username = OR 1=1 --' AND password = pw The -- ends the statement, making the rest of the line a comment 1=1 is always true, so this makes the condition true IEEE June 17, 2008 Bowne Page 2 of 5

Effects This can cause the user to be authenticated as administrator, dump the entire database, or have other drastic effects Comic from xkcd.org Sanitize your Inputs All user input should be checked, and special characters like ' or '' or < or > discarded That will reduce vulnerability to SQL injection The typical vulnerability takes more than four months to locate and fix Cross-Site Scripting (XSS) Web Message Board Cross-Site Scripting (XSS) One client posts active content, with <script> tags or other programming content When another client reads the messages, the scripts are executed in his or her browser One user attacks another user, using the vulnerable Web application as a weapon <script>alert("xss vulnerability!")</script> <script>alert(document.cookie)</script> <script>window.location= "http://www.ccsf.edu"</script> IEEE June 17, 2008 Bowne Page 3 of 5

XSS Scripting Effects Steal another user's authentication cookie Hijack session Harvest stored passwords from the target's browser Take over machine through browser vulnerability Redirect Webpage Many, many other evil things Cross-Site Request Forgery (XSRF) Web-based Email Cross-Site Request Forgery (XSRF) Gmail sends the password through a secure HTTPS connection That cannot be captured by the attacker But the cookie identifying the user is sent in the clear with HTTP That can easily be captured by the attacker The attacker gets into your account without learning your password XSRF Countermeasure Use https://mail.google.com instead of http://gmail.com No other mail service has this option at all, as far as I know IEEE June 17, 2008 Bowne Page 4 of 5

Application-Layer Denial of Service Application-Layer DoS Find small requests that consume a lot of server resources Application Crashing Data Destruction Resource Depletion Memory CPU Bandwidth Disk Space Resource Depletion Example CPU Consumption On a large forum Create a complicated regular expression search Use a script to launch the search over and over Real-World Test Hacktics, a security company, brought down a large corporate network with just three laptops in an authorized test Global company with branches in Israel, Europe and the USA Internet Connectivity 3x50Mbps lines with load balancing. ISPs provide Cisco (Riverhead) based Anti DDoS solutions High security network, 30+ Web servers, backend servers, Mail Relay, databases Hacktics Results DoS was successful to all systems but one Two applications crashed completely after a few dozen requests only Most other applications stopped responding after 5-15 minutes of script execution from up to three laptops (though with most a single laptop was sufficient) Main cause of DoS was CPU exhaustion References Where the Web is Weak http://www.forbes.com/2008/05/14/web-hacking-google-tech-security08-cx_ag_0514webhack.html Application-Layer DDoS Attacks http://networks.rice.edu/papers/2006-04-infocom-final.ppt IEEE June 17, 2008 Bowne Page 5 of 5

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information