SlideShare ist ein Scribd-Unternehmen logo

Attacks1

Als PPTX, PDF herunterladen
Aravindharamanan S
Aravindharamanan S
InternetTechnologie
1 von 35
Common Vulnerabilities • Buffer Overflows • Incomplete Mediation • Command Injection Attack • Inference • Cross Site- Scripting
Buffer Overflows O Many languages require buffer size declaration O C language statement: char sample[10]; O Execute statement: sample[i] = ‘A’; where i=10 O Out of bounds (0-9) subscript – buffer overflow occurs O Some compilers don’t check for exceeding bounds O Similar problem caused by pointers. No reasonable way to define limits for pointers IFETCE/M.E CSE/NE7202-NIS/Unit 4 2
Buffer Overflows O Example char sample[10]; for (i=1; i<=10; i++) sample[i] = ‘A’; IFETCE/M.E CSE/NE7202-NIS/Unit 4 3
Buffer Overflows, cont. O Where does last ‘A’ go? Depends on what is adjacent to ‘sample[10]’ O Affects user’s data- overwrites user’s data O Affects users code- changes user’s instruction O Affects OS data - overwrites OS data O Affects OS code - changes OS instruction, unpredictable results O This is a case of aliasing IFETCE/M.E CSE/NE7202-NIS/Unit 4 4
Buffer Overflows Security Implication O Attacker replaces code in the system space and takes control back from the operating system O Suppose buffer overflow affects OS code area: O Attacker code executed as if it were OS code O Attacker might need to experiment to see what happens when he inserts A into OS code area O Can raise attacker’s privileges (to OS privilege level) when A is an appropriate instruction O Attacker can gain full control of OSIFETCE/M.E CSE/NE7202-NIS/Unit 4 5
Buffer Overflows Security Implication O Attacker uses the stack pointer or return register to execute other code O Parameter passing to web server O http://www.somesite.com/subpage/data&par m1=(808)555-1212&parm2=2004Jan01 O What if one of the parameters is made longer? O Microsoft's Phone Dialer contains a buffer overrun that allows execution of arbitary codeIFETCE/M.E CSE/NE7202-NIS/Unit 4 6
Summary OBuffer overflows still common O Used by attackers O to crash systems O to exploit systems by taking over control OLarge # of vulnerabilities due to buffer overflows IFETCE/M.E CSE/NE7202-NIS/Unit 4 7
Incomplete Mediation O Sensitive data are in exposed,uncontrolled condition O Example O URL to be generated by client’s browser to access server, e.g.: http://www.things.com/ order/final&custID=101&part=555A&qy=20&pri ce=10&ship=boat&shipcost=5&total=205 O Instead, user edits URL directly, changing price and total cost as follows: http://www.things.com /order/final&custID=101&part=555A&qy=20&pri ce=1&ship=boat&shipcost=5&total=25 O Security Implication O Easy to exploit – Things, Inc. example IFETCE/M.E CSE/NE7202-NIS/Unit 4 8
Incomplete Mediation, cont. O Unchecked data are a serious vulnerability! O Possible solution: anticipate problems O Don’t let client return a sensitive result (like total) that can be easily recomputed by server O Use drop-down boxes / choice lists for data input O Prevent user from editing input directly O Check validity of data values received from client IFETCE/M.E CSE/NE7202-NIS/Unit 4 9
Attacking the Web Application O Web application: O takes input strings from the user and interprets it. O Interacts with back-end database. O Retrieve data and dynamically generates new content. O Presents the output to the user. O The threat – Command Injection Attack: O Unexpected input may cause problems. 10IFETCE/M.E CSE/NE7202-NIS/Unit 4
What is code injection? • Code injection is the exploitation of a computer bug that is caused by processing invalid data. • Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. • The results of a code injection attack can be disastrous
Code Injectio n
Code injection can do • Arbitrarily modify values in a database through a type of code injection called SQL injection. The impact of this can range from defacement of a web site to serious compromisation of sensitive data. • Install malware on a computer by exploiting code injection vulnerabilities in a web browser or its plugins when the user visits a malicious site.
• Install malware or execute malevolent code on a server, by PHP or ASP Injection. • Privilege escalation to root permissions by exploiting Shell Injection vulnerabilities in a setuid root binary on UNIX. • Privilege escalation to Local System permissions by exploiting Shell Injection vulnerabilities in a service on Windows. • Stealing sessions/cookies from web browsers using HTML/Script Injection (Cross-site scripting). Code injection can do
Different types of Code injection • SQL injection • LDAP Injection • OS Command Injection • Cross-Site Scripting (“XSS”)
SQL injection • SQL injection attack consists of injection of malicious SQL commands via input data from the client to the application • Affect the execution of predefined SQL commands.
SQL injection • SQL injection consists of direct insertion of code into user-input variables which are concatenated with SQL commands and executed. • A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. • When the stored strings are subsequently concatenated into a dynamic SQL commands, the malicious code is then executed.
Web Application Architecture Web browser Application Database Application generates query based on user input 18IFETCE/M.E CSE/NE7202-NIS/Unit 4
SQLCIAs - Example String query = “SELECT cardnum FROM accounts WHERE username = ‘” + strUName + “’ AND cardtype = ” + strCType + “;”; Expected input: SELECT cardnum FROM accounts WHERE username = ‘John’ AND cardtype = 2; Result: Returns John’s saved credit card number. 19IFETCE/M.E CSE/NE7202-NIS/Unit 4
Malicious input: SELECT cardnum FROM accounts WHERE username = ‘John’ AND cardtype = 2 OR 1 = 1; SQLCIAs - Example Result: Returns all saved credit card numbers. ( () ) 20 String query = “SELECT cardnum FROM accounts WHERE username = ‘” + strUName + “’ AND cardtype = ” + strCType + “;”; IFETCE/M.E CSE/NE7202-NIS/Unit 4
4.Inference O Way to infer / derive sensitive data from nonsensitive data IFETCE/M.E CSE/NE7202-NIS/Unit 4 21
Direct Attack O A user tries to determine values of sensitive fields by seeking them O A sensitive query: O List NAME where SEX=M ^ DRUGS=1 O A less obvious query: O List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES) IFETCE/M.E CSE/NE7202-NIS/Unit 4 22
Direct Attack(Cont…) O Do not reveal results when a small number of people make up a large proportion of a category. O The rule of "n items over k percent" means that data should be withheld if n items represent over k percent of the result reported. IFETCE/M.E CSE/NE7202-NIS/Unit 4 23
Indirect Attack O Sum - An attack by sum tries to infer a value from a reported sum. O Count - The count can be combined with the sum to produce some even more revealing results. O Mean - The arithmetic mean (average) allows exact disclosure if the attacker can manipulate the subject population. O Median O Tracker Attacks – using additional queries that produce small results IFETCE/M.E CSE/NE7202-NIS/Unit 4 24
Indirect Attack OSum O Show STUDENT-AID WHERE SEX=F ^ DORM=Grey OCount O Show Count, STUDENT-AID WHERE SEX=M ^ DORM=Holmes O List NAME where (SEX=M ^ DORM=Holmes) IFETCE/M.E CSE/NE7202-NIS/Unit 4 25
Indirect Attack IFETCE/M.E CSE/NE7202-NIS/Unit 4 26
Controls O Suppression – don’t provide sensitive data O Concealing – don’t provide actual values (“close to”) O Limited Response Suppression O n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns) IFETCE/M.E CSE/NE7202-NIS/Unit 4 27
Controls O Combined Results O Sums O Ranges O Rounding O Random Sample O Random Data Perturbation O Query Analysis – “should the result be provided” IFETCE/M.E CSE/NE7202-NIS/Unit 4 28
Conclusion on the Inference Problem O No perfect solutions to the inference problem. O The approaches to controlling it: O Suppress obviously sensitive information O Track what the user knows O Disguise the data IFETCE/M.E CSE/NE7202-NIS/Unit 4 29
30 Cross-Site Scripting (XSS) O Occurs any time… O Raw data from attacker is sent to an innocent user O Raw data… O Stored in database O Reflected from web input (form field, hidden field, url, etc…) O Sent directly into rich JavaScript client O Virtually every web application has this problem O Try this in your browser – javascript:alert(document.cookie) IFETCE/M.E CSE/NE7202-NIS/Unit 4
31 XSS (Cont…) O Allows to embed malicious code: O JavaScript (AJAX!), VBScript, ActiveX, HTML, or Flash O Threats: phishing, hijacking, changing of user settings, cookie theft/poisoning, false advertising , execution of code on the client, ... IFETCE/M.E CSE/NE7202-NIS/Unit 4
32 XSS Types O Reflected O Link in other website / e-mail link O Stored O e.g. bulletin board, forum O DOM-Based IFETCE/M.E CSE/NE7202-NIS/Unit 4
33 Cross-Site Scripting Illustrated Application with stored XSS vulnerability 3 2 Attacker sets the trap – update my profile Attacker enters a malicious script into a web page that stores the data on the server 1 Victim views page – sees attacker profile Script silently sends attacker Victim’s session cookie Script runs inside victim’s browser with full access to the DOM and cookies Custom Code Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus.Functions IFETCE/M.E CSE/NE7202-NIS/Unit 4
34 Example IFETCE/M.E CSE/NE7202-NIS/Unit 4
35 Protection OInput validation OOutput Encoding: O< &lt; > &gt; O( &#40; ) &#41; O# &#35; & &#38; ODo not use "blacklist" validation OSpecify the output encoding IFETCE/M.E CSE/NE7202-NIS/Unit 4

Empfohlen

ONLINE STUDENT MANAGEMENT SYSTEM
ONLINE STUDENT MANAGEMENT SYSTEMONLINE STUDENT MANAGEMENT SYSTEM
ONLINE STUDENT MANAGEMENT SYSTEMRohit malav
 
Other public key systems
Other public key systemsOther public key systems
Other public key systemsAravindharamanan S
 
Lec 04e microprocessor_generations_w03
Lec 04e microprocessor_generations_w03Lec 04e microprocessor_generations_w03
Lec 04e microprocessor_generations_w03Aravindharamanan S
 
Rstutorialbook
RstutorialbookRstutorialbook
RstutorialbookAravindharamanan S
 
Introducing visual studio_2010_v1.0--chappell
Introducing visual studio_2010_v1.0--chappellIntroducing visual studio_2010_v1.0--chappell
Introducing visual studio_2010_v1.0--chappellAravindharamanan S
 
Cdn cs6740
Cdn cs6740Cdn cs6740
Cdn cs6740Aravindharamanan S
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Trends in marketing
Trends in marketingTrends in marketing
Trends in marketingAravindharamanan S
 

Empfohlen

ONLINE STUDENT MANAGEMENT SYSTEM
ONLINE STUDENT MANAGEMENT SYSTEMONLINE STUDENT MANAGEMENT SYSTEM
ONLINE STUDENT MANAGEMENT SYSTEMRohit malav
 
Other public key systems
Other public key systemsOther public key systems
Other public key systemsAravindharamanan S
 
Lec 04e microprocessor_generations_w03
Lec 04e microprocessor_generations_w03Lec 04e microprocessor_generations_w03
Lec 04e microprocessor_generations_w03Aravindharamanan S
 
Rstutorialbook
RstutorialbookRstutorialbook
RstutorialbookAravindharamanan S
 
Introducing visual studio_2010_v1.0--chappell
Introducing visual studio_2010_v1.0--chappellIntroducing visual studio_2010_v1.0--chappell
Introducing visual studio_2010_v1.0--chappellAravindharamanan S
 
Cdn cs6740
Cdn cs6740Cdn cs6740
Cdn cs6740Aravindharamanan S
 
Classical cryptography
Classical cryptographyClassical cryptography
Classical cryptographyAravindharamanan S
 
Trends in marketing
Trends in marketingTrends in marketing
Trends in marketingAravindharamanan S
 
Rational rosetutorial
Rational rosetutorialRational rosetutorial
Rational rosetutorialAravindharamanan S
 
android_development_environment
android_development_environmentandroid_development_environment
android_development_environmentAravindharamanan S
 
Access control matrix
Access control matrixAccess control matrix
Access control matrixAravindharamanan S
 
Oose lab notes
Oose lab notesOose lab notes
Oose lab notesAravindharamanan S
 
Cloud based database
Cloud based databaseCloud based database
Cloud based databaseAravindharamanan S
 
Jaxws 2 0-fr-spec
Jaxws 2 0-fr-specJaxws 2 0-fr-spec
Jaxws 2 0-fr-specAravindharamanan S
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
 
Ebu class edgescan-2017
Ebu class edgescan-2017Ebu class edgescan-2017
Ebu class edgescan-2017Eoin Keary
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindAndreas Czakaj
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Sq linjection
Sq linjectionSq linjection
Sq linjectionMahesh Gupta (DBATAG) - SQL Server Consultant
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021Olivera Milenkovic
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEArun Voleti
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08kamensm02
 
ieee
ieeeieee
ieeeRadheshyam Dhakad
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 

Weitere ähnliche Inhalte

Andere mochten auch

android_development_environment
android_development_environmentandroid_development_environment
android_development_environmentAravindharamanan S
 

Andere mochten auch (6)

Rational rosetutorial
Rational rosetutorialRational rosetutorial
Rational rosetutorial
 
android_development_environment
android_development_environmentandroid_development_environment
android_development_environment
 
Access control matrix
Access control matrixAccess control matrix
Access control matrix
 
Oose lab notes
Oose lab notesOose lab notes
Oose lab notes
 
Cloud based database
Cloud based databaseCloud based database
Cloud based database
 
Jaxws 2 0-fr-spec
Jaxws 2 0-fr-specJaxws 2 0-fr-spec
Jaxws 2 0-fr-spec
 

Ähnlich wie Attacks1

OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersLewis Ardern
 
Ebu class edgescan-2017
Ebu class edgescan-2017Ebu class edgescan-2017
Ebu class edgescan-2017Eoin Keary
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindAndreas Czakaj
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allupllangit
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEArun Voleti
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08kamensm02
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack webhostingguy
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacksKevin Kline
 
Отчет Csa report RAPID7
Отчет Csa report RAPID7Отчет Csa report RAPID7
Отчет Csa report RAPID7Sergey Yrievich
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for MiddlewareManuel Brugnoli
 
Application Security
Application SecurityApplication Security
Application Securityflorinc
 

Ähnlich wie Attacks1 (20)

OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
 
Ebu class edgescan-2017
Ebu class edgescan-2017Ebu class edgescan-2017
Ebu class edgescan-2017
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
How to write clean & testable code without losing your mind
How to write clean & testable code without losing your mindHow to write clean & testable code without losing your mind
How to write clean & testable code without losing your mind
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
Sq linjection
Sq linjectionSq linjection
Sq linjection
 
CodeChecker summary 21062021
CodeChecker summary 21062021CodeChecker summary 21062021
CodeChecker summary 21062021
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
owasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWEowasp top 10 security risk categories and CWE
owasp top 10 security risk categories and CWE
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08Bank World 2008 Kamens 04 29 08
Bank World 2008 Kamens 04 29 08
 
ieee
ieeeieee
ieee
 
SQL Server Security - Attack
SQL Server Security - Attack SQL Server Security - Attack
SQL Server Security - Attack
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 
Understanding and preventing sql injection attacks
Understanding and preventing sql injection attacksUnderstanding and preventing sql injection attacks
Understanding and preventing sql injection attacks
 
Web Security
Web SecurityWeb Security
Web Security
 
Отчет Csa report RAPID7
Отчет Csa report RAPID7Отчет Csa report RAPID7
Отчет Csa report RAPID7
 
Secure Coding Practices for Middleware
Secure Coding Practices for MiddlewareSecure Coding Practices for Middleware
Secure Coding Practices for Middleware
 
Application Security
Application SecurityApplication Security
Application Security
 

Kürzlich hochgeladen

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirtrahman018755
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiEscorts Call Girls
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445ruhi
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...Neha Pandey
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...Escorts Call Girls
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...tanu pandey
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)Delhi Call girls
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...SUHANI PANDEY
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...SUHANI PANDEY
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceEscorts Call Girls
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...SUHANI PANDEY
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...SUHANI PANDEY
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubaikojalkojal131
 

Kürzlich hochgeladen (20)

Trump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts SweatshirtTrump Diapers Over Dems t shirts Sweatshirt
Trump Diapers Over Dems t shirts Sweatshirt
 
Al Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls DubaiAl Barsha Night Partner +0567686026 Call Girls Dubai
Al Barsha Night Partner +0567686026 Call Girls Dubai
 
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
All Time Service Available Call Girls Mg Road 👌 ⏭️ 6378878445
 
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
𓀤Call On 7877925207 𓀤 Ahmedguda Call Girls Hot Model With Sexy Bhabi Ready Fo...
 
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
(+971568250507 ))# Young Call Girls in Ajman By Pakistani Call Girls in ...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
Katraj ( Call Girls ) Pune 6297143586 Hot Model With Sexy Bhabi Ready For S...
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
WhatsApp 📞 8448380779 ✅Call Girls In Mamura Sector 66 ( Noida)
 
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
Low Sexy Call Girls In Mohali 9053900678 🥵Have Save And Good Place 🥵
 
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
VVIP Pune Call Girls Sinhagad WhatSapp Number 8005736733 With Elite Staff And...
 
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
Wagholi & High Class Call Girls Pune Neha 8005736733 | 100% Gennuine High Cla...
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts ServiceReal Escorts in Al Nahda +971524965298 Dubai Escorts Service
Real Escorts in Al Nahda +971524965298 Dubai Escorts Service
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
Russian Call Girls Pune (Adult Only) 8005736733 Escort Service 24x7 Cash Pay...
 
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
VVIP Pune Call Girls Mohammadwadi WhatSapp Number 8005736733 With Elite Staff...
 
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls DubaiDubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
Dubai=Desi Dubai Call Girls O525547819 Outdoor Call Girls Dubai
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 

Attacks1

  • 1. Common Vulnerabilities • Buffer Overflows • Incomplete Mediation • Command Injection Attack • Inference • Cross Site- Scripting
  • 2. Buffer Overflows O Many languages require buffer size declaration O C language statement: char sample[10]; O Execute statement: sample[i] = ‘A’; where i=10 O Out of bounds (0-9) subscript – buffer overflow occurs O Some compilers don’t check for exceeding bounds O Similar problem caused by pointers. No reasonable way to define limits for pointers IFETCE/M.E CSE/NE7202-NIS/Unit 4 2
  • 3. Buffer Overflows O Example char sample[10]; for (i=1; i<=10; i++) sample[i] = ‘A’; IFETCE/M.E CSE/NE7202-NIS/Unit 4 3
  • 4. Buffer Overflows, cont. O Where does last ‘A’ go? Depends on what is adjacent to ‘sample[10]’ O Affects user’s data- overwrites user’s data O Affects users code- changes user’s instruction O Affects OS data - overwrites OS data O Affects OS code - changes OS instruction, unpredictable results O This is a case of aliasing IFETCE/M.E CSE/NE7202-NIS/Unit 4 4
  • 5. Buffer Overflows Security Implication O Attacker replaces code in the system space and takes control back from the operating system O Suppose buffer overflow affects OS code area: O Attacker code executed as if it were OS code O Attacker might need to experiment to see what happens when he inserts A into OS code area O Can raise attacker’s privileges (to OS privilege level) when A is an appropriate instruction O Attacker can gain full control of OSIFETCE/M.E CSE/NE7202-NIS/Unit 4 5
  • 6. Buffer Overflows Security Implication O Attacker uses the stack pointer or return register to execute other code O Parameter passing to web server O http://www.somesite.com/subpage/data&par m1=(808)555-1212&parm2=2004Jan01 O What if one of the parameters is made longer? O Microsoft's Phone Dialer contains a buffer overrun that allows execution of arbitary codeIFETCE/M.E CSE/NE7202-NIS/Unit 4 6
  • 7. Summary OBuffer overflows still common O Used by attackers O to crash systems O to exploit systems by taking over control OLarge # of vulnerabilities due to buffer overflows IFETCE/M.E CSE/NE7202-NIS/Unit 4 7
  • 8. Incomplete Mediation O Sensitive data are in exposed,uncontrolled condition O Example O URL to be generated by client’s browser to access server, e.g.: http://www.things.com/ order/final&custID=101&part=555A&qy=20&pri ce=10&ship=boat&shipcost=5&total=205 O Instead, user edits URL directly, changing price and total cost as follows: http://www.things.com /order/final&custID=101&part=555A&qy=20&pri ce=1&ship=boat&shipcost=5&total=25 O Security Implication O Easy to exploit – Things, Inc. example IFETCE/M.E CSE/NE7202-NIS/Unit 4 8
  • 9. Incomplete Mediation, cont. O Unchecked data are a serious vulnerability! O Possible solution: anticipate problems O Don’t let client return a sensitive result (like total) that can be easily recomputed by server O Use drop-down boxes / choice lists for data input O Prevent user from editing input directly O Check validity of data values received from client IFETCE/M.E CSE/NE7202-NIS/Unit 4 9
  • 10. Attacking the Web Application O Web application: O takes input strings from the user and interprets it. O Interacts with back-end database. O Retrieve data and dynamically generates new content. O Presents the output to the user. O The threat – Command Injection Attack: O Unexpected input may cause problems. 10IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 11. What is code injection? • Code injection is the exploitation of a computer bug that is caused by processing invalid data. • Code injection can be used by an attacker to introduce (or "inject") code into a computer program to change the course of execution. • The results of a code injection attack can be disastrous
  • 13. Code injection can do • Arbitrarily modify values in a database through a type of code injection called SQL injection. The impact of this can range from defacement of a web site to serious compromisation of sensitive data. • Install malware on a computer by exploiting code injection vulnerabilities in a web browser or its plugins when the user visits a malicious site.
  • 14. • Install malware or execute malevolent code on a server, by PHP or ASP Injection. • Privilege escalation to root permissions by exploiting Shell Injection vulnerabilities in a setuid root binary on UNIX. • Privilege escalation to Local System permissions by exploiting Shell Injection vulnerabilities in a service on Windows. • Stealing sessions/cookies from web browsers using HTML/Script Injection (Cross-site scripting). Code injection can do
  • 15. Different types of Code injection • SQL injection • LDAP Injection • OS Command Injection • Cross-Site Scripting (“XSS”)
  • 16. SQL injection • SQL injection attack consists of injection of malicious SQL commands via input data from the client to the application • Affect the execution of predefined SQL commands.
  • 17. SQL injection • SQL injection consists of direct insertion of code into user-input variables which are concatenated with SQL commands and executed. • A less direct attack injects malicious code into strings that are destined for storage in a table or as metadata. • When the stored strings are subsequently concatenated into a dynamic SQL commands, the malicious code is then executed.
  • 18. Web Application Architecture Web browser Application Database Application generates query based on user input 18IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 19. SQLCIAs - Example String query = “SELECT cardnum FROM accounts WHERE username = ‘” + strUName + “’ AND cardtype = ” + strCType + “;”; Expected input: SELECT cardnum FROM accounts WHERE username = ‘John’ AND cardtype = 2; Result: Returns John’s saved credit card number. 19IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 20. Malicious input: SELECT cardnum FROM accounts WHERE username = ‘John’ AND cardtype = 2 OR 1 = 1; SQLCIAs - Example Result: Returns all saved credit card numbers. ( () ) 20 String query = “SELECT cardnum FROM accounts WHERE username = ‘” + strUName + “’ AND cardtype = ” + strCType + “;”; IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 21. 4.Inference O Way to infer / derive sensitive data from nonsensitive data IFETCE/M.E CSE/NE7202-NIS/Unit 4 21
  • 22. Direct Attack O A user tries to determine values of sensitive fields by seeking them O A sensitive query: O List NAME where SEX=M ^ DRUGS=1 O A less obvious query: O List NAME where (SEX=M ^ DRUGS=1) v (SEX#M ^ SEX#F) v (DORM=AYRES) IFETCE/M.E CSE/NE7202-NIS/Unit 4 22
  • 23. Direct Attack(Cont…) O Do not reveal results when a small number of people make up a large proportion of a category. O The rule of "n items over k percent" means that data should be withheld if n items represent over k percent of the result reported. IFETCE/M.E CSE/NE7202-NIS/Unit 4 23
  • 24. Indirect Attack O Sum - An attack by sum tries to infer a value from a reported sum. O Count - The count can be combined with the sum to produce some even more revealing results. O Mean - The arithmetic mean (average) allows exact disclosure if the attacker can manipulate the subject population. O Median O Tracker Attacks – using additional queries that produce small results IFETCE/M.E CSE/NE7202-NIS/Unit 4 24
  • 25. Indirect Attack OSum O Show STUDENT-AID WHERE SEX=F ^ DORM=Grey OCount O Show Count, STUDENT-AID WHERE SEX=M ^ DORM=Holmes O List NAME where (SEX=M ^ DORM=Holmes) IFETCE/M.E CSE/NE7202-NIS/Unit 4 25
  • 27. Controls O Suppression – don’t provide sensitive data O Concealing – don’t provide actual values (“close to”) O Limited Response Suppression O n-item k-percent rule eliminates low frequency elements from being displayed (may need to suppress additional rows/columns) IFETCE/M.E CSE/NE7202-NIS/Unit 4 27
  • 28. Controls O Combined Results O Sums O Ranges O Rounding O Random Sample O Random Data Perturbation O Query Analysis – “should the result be provided” IFETCE/M.E CSE/NE7202-NIS/Unit 4 28
  • 29. Conclusion on the Inference Problem O No perfect solutions to the inference problem. O The approaches to controlling it: O Suppress obviously sensitive information O Track what the user knows O Disguise the data IFETCE/M.E CSE/NE7202-NIS/Unit 4 29
  • 30. 30 Cross-Site Scripting (XSS) O Occurs any time… O Raw data from attacker is sent to an innocent user O Raw data… O Stored in database O Reflected from web input (form field, hidden field, url, etc…) O Sent directly into rich JavaScript client O Virtually every web application has this problem O Try this in your browser – javascript:alert(document.cookie) IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 31. 31 XSS (Cont…) O Allows to embed malicious code: O JavaScript (AJAX!), VBScript, ActiveX, HTML, or Flash O Threats: phishing, hijacking, changing of user settings, cookie theft/poisoning, false advertising , execution of code on the client, ... IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 32. 32 XSS Types O Reflected O Link in other website / e-mail link O Stored O e.g. bulletin board, forum O DOM-Based IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 33. 33 Cross-Site Scripting Illustrated Application with stored XSS vulnerability 3 2 Attacker sets the trap – update my profile Attacker enters a malicious script into a web page that stores the data on the server 1 Victim views page – sees attacker profile Script silently sends attacker Victim’s session cookie Script runs inside victim’s browser with full access to the DOM and cookies Custom Code Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus.Functions IFETCE/M.E CSE/NE7202-NIS/Unit 4
  • 35. 35 Protection OInput validation OOutput Encoding: O< &lt; > &gt; O( &#40; ) &#41; O# &#35; & &#38; ODo not use "blacklist" validation OSpecify the output encoding IFETCE/M.E CSE/NE7202-NIS/Unit 4