How About Security Testing?

Similar documents
External Network & Web Application Assessment. For The XXX Group LLC October 2012

A Strategic Approach to Web Application Security The importance of a secure software development lifecycle

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Magento Security and Vulnerabilities. Roman Stepanov

Application Layer Encryption: Protecting against Application Logic and Session Theft Attacks. Whitepaper

Six Essential Elements of Web Application Security. Cost Effective Strategies for Defending Your Business

Effective Software Security Management

EVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke

SQL INJECTION ATTACKS By Zelinski Radu, Technical University of Moldova

SQL Injection. By Artem Kazanstev, ITSO and Alex Beutel, Student

Cracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH January 17, Mega Conference

Columbia University Web Security Standards and Practices. Objective and Scope

How to Instrument for Advanced Web Application Penetration Testing

Web Application Report

The purpose of this report is to educate our prospective clients about capabilities of Hackers Locked.

Chapter 1 Web Application (In)security 1

Enhanced Model of SQL Injection Detecting and Prevention

Hack Proof Your Webapps

WEB SECURITY CONCERNS THAT WEB VULNERABILITY SCANNING CAN IDENTIFY

Creating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011

Criteria for web application security check. Version

Common Security Vulnerabilities in Online Payment Systems

SQL Injection Vulnerabilities in Desktop Applications

Cross-Site Scripting

SQL Injection January 23, 2013

Application Security Testing How to find software vulnerabilities before you ship or procure code

Passing PCI Compliance How to Address the Application Security Mandates

Security Testing. Vulnerability Assessment vs Penetration Testing. Gabriel Mihai Tanase, Director KPMG Romania. 29 October 2014

Is Drupal secure? A high-level perspective on web vulnerabilities, Drupal s solutions, and how to maintain site security

SAP NetWeaver Application Server Add-On for Code Vulnerability Analysis. Patrick Hildenbrand, Product Management Security, SAP AG September 2014

Testing the OWASP Top 10 Security Issues

Barracuda Web Site Firewall Ensures PCI DSS Compliance

Finding Your Way in Testing Jungle. A Learning Approach to Web Security Testing.

Security Awareness For Website Administrators. State of Illinois Central Management Services Security and Compliance Solutions

SQL Injection. The ability to inject SQL commands into the database engine through an existing application

Check list for web developers

EECS 398 Project 2: Classic Web Vulnerabilities

Advanced Web Security, Lab

Ethical Hacking Penetrating Web 2.0 Security

SQL Injection. Sajjad Pourali CERT of Ferdowsi University of Mashhad

External Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION

Acunetix Website Audit. 5 November, Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build )

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

What is Web Security? Motivation

Web Security CS th November , Jonathan Francis Roscoe, Department of Computer Science, Aberystwyth University

Security Testing with Selenium

Web Applica+on Security: Be Offensive! About Me

Lecture 11 Web Application Security (part 1)

What about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)

Penetration Testing in Romania

A Review of Web Application Security for Preventing Cyber Crimes

SQL Injection for newbie

Hacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS

Cross Site Scripting Prevention

Columbia University Web Application Security Standards and Practices. Objective and Scope

Complete Web Application Security. Phase1-Building Web Application Security into Your Development Process

The Web AppSec How-to: The Defenders Toolbox

Bug Report. Date: March 19, 2011 Reporter: Chris Jarabek

Using Free Tools To Test Web Application Security

Web Application Security

1. Introduction. 2. Web Application. 3. Components. 4. Common Vulnerabilities. 5. Improving security in Web applications

Automated vulnerability scanning and exploitation

Protect Your IT Infrastructure from Zero-Day Attacks and New Vulnerabilities

Web Application Attacks and Countermeasures: Case Studies from Financial Systems

SAST, DAST and Vulnerability Assessments, = 4

OWASP AND APPLICATION SECURITY

OWASP Top Ten Tools and Tactics

Testing Web Applications for SQL Injection Sam Shober

elearning for Secure Application Development

Web Application Security. Vulnerabilities, Weakness and Countermeasures. Massimo Cotelli CISSP. Secure

WHITE PAPER FORTIWEB WEB APPLICATION FIREWALL. Ensuring Compliance for PCI DSS 6.5 and 6.6

Where every interaction matters.

SQL Injection Attack Lab

Sitefinity Security and Best Practices

Web Applications Security: SQL Injection Attack

Application security testing: Protecting your application and data

Last update: February 23, 2004

E-Commerce User Instructions

Security Testing of Java web applications Using Static Bytecode Analysis of Deployed Applications

HTML Web Page That Shows Its Own Source Code

Ethical Hacking as a Professional Penetration Testing Technique

Recon and Mapping Tools and Exploitation Tools in SamuraiWTF Report section Nick Robbins

Web Application Security Guidelines for Hosting Dynamic Websites on NIC Servers

Input Validation Vulnerabilities, Encoded Attack Vectors and Mitigations OWASP. The OWASP Foundation. Marco Morana & Scott Nusbaum

WHITE PAPER. FortiWeb Web Application Firewall Ensuring Compliance for PCI DSS 6.5 and 6.6

HTTPParameter Pollution. ChrysostomosDaniel

Braindumps.C questions

The Top Web Application Attacks: Are you vulnerable?

Penetration Test Report

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

A Strategic Approach to Web Application Security

(M.S.), INDIA. Keywords: Internet, SQL injection, Filters, Session tracking, E-commerce Security, Online shopping.

Is your software secure?

Transcription:

How About Security Testing? Jouri Dufour, CTG www.eurostarconferences.com @esconfs #esconfs

How About Cybercrime?

Our BUSINESS LIFE is online.

If A happens, then B must be the case, so I will do C. BUT WHAT IF X OCCURS?

01 Fooling a password change function

Password change function Administrator Username Existing password * New password Confirm new password * Only presented to users Password change request N Existing password parameter? Y User The functionality The assumption The attack

Password change function Administrator N FLAW Username Existing password * New password Confirm new password * Only presented to users Password change request Existing password parameter? Y User The functionality The assumption The attack

ATTACK Password change function Administrator Username Existing password * New password Confirm new password * Only presented to users Password change request N Existing password parameter? Y User The functionality The assumption The attack

RECOMMENDED HACK STEPS Try removing in turn each request parameter Be sure to delete the actual parameter name as well as its value Attack only one parameter at a time Follow a multistage process through to completion

02 Proceeding to checkout

Retail application Add items to shopping basket Finalize order Enter payment information Enter delivery information The functionality The assumption The attack

Retail application Add items to shopping basket Finalize order FLAW Enter payment information Enter delivery information The functionality The assumption The attack

Retail application ATTACK Add items to shopping basket Finalize order Enter payment information Enter delivery information The functionality The assumption The attack

RECOMMENDED HACK STEPS Attempt to submit requests out of the expected sequence Be sure to fully understand the access mechanisms to distinct stages Try to violate the developers assumptions Use any interesting error messages and debug output to fine-tune your attacks

The application may enforce strict access control only on the initial stages of the process

03 Beating a business limit

ERP application Bank account 1 Less than 10.000? Y Bank account 2 N The functionality The assumption The attack

ERP application FLAW Bank account 1 Less than 10.000? Y Bank account 2 N The functionality The assumption The attack

ERP application 20.000 Bank account 1-20.000 Less than 10.000? Y Bank account 2 N The functionality The assumption The attack

Many applications use numeric limits and beating such limits may have serious business consequences

RECOMMENDED HACK STEPS Try entering negative values Sometimes several steps need to be repeated to bring the application in a vulnerable state

04 Cheating on bulk discounts

Retail application Shopping basket Item 1... Item 2... Item 3... Purchase bundle -25% The functionality The assumption The attack

Retail application Shopping basket Item 1... Item 2... Item 3... FLAW Purchase bundle -25% The functionality The assumption The attack

ATTACK Retail application Shopping basket Item 1... Item 2... Item 3... Purchase bundle -25% The functionality The assumption The attack

RECOMMENDED HACK STEPS Find out if adjustments are made on a one-time basis Try to manipulate the application s behavior to get adjustments that don t correspond to the original intended criteria

05 Escaping from escaping

Web application User-controllable input Sanitization using the backslash character \ ; & < > ` space newline Operating system command The functionality The assumption The attack

Web application User-controllable input Sanitization using the backslash character \ ; & < > ` space newline FLAW Operating system command The functionality The assumption The attack

ATTACK Web application User-controllable input Sanitization using the backslash character \ ; & < > ` space newline Operating system command The functionality The assumption The attack

Web application COMMAND INJECTION Foo\;ls Sanitization using the backslash character \ Foo\\;ls Operating system command ; & < > ` space newline The functionality The assumption The attack

RECOMMENDED HACK STEPS Attempt to insert relevant metacharacters into the data you control Always try placing a backslash immediately before each such character

This same defect can be found in some defenses against cross-site scripting attacks

Yesterday Today Tomorrow Dynamic Application Security Testing (DAST) Static Application Security Testing (SAST) + = Integrated Application Security Testing (IAST)

Time 00:00 Victims 31762 00:01 00:02 00:03 00:04 00:05 00:06 00:07 00:08 00:09 00:10 00:11 00:12 00:13 00:14 00:15 00:16 00:17 00:18 00:19 00:20 00:21 00:22 00:23 00:24 00:25 00:26 00:27 00:28 00:29 00:30 00:31 00:32 00:33 00:34 00:35 00:36 00:37 00:38 00:39 00:40 00:41 00:42 00:43 00:44 00:45 00:46 00:47 00:48 00:49 00:50 00:51 00:52 00:53 00:54 00:55 00:56 00:57 00:58 00:59 01:00 31744 31726 31708 31690 31672 31654 31636 31618 31600 31582 31564 31546 31528 31510 31492 31474 31456 31438 31420 31402 31384 31366 31348 31330 31312 31294 31276 31258 31240 31222 31204 31186 31168 31150 31132 31114 31096 31078 31060 31042 31024 31006 30988 30970 30952 30934 30916 30898 30880 30862 30844 30826 30808

HOW ABOUT SECURITY TESTING? Fooling a password change function Proceeding to checkout Beating a business limit Cheating on bulk discounts Escaping from escaping Speaker: Jouri Dufour www.ctg.com jouri.dufour@ctg.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information