SlideShare ist ein Scribd-Unternehmen logo

Web application security

Vikas Thange
Vikas Thange

This presentation is helpful to learn about the web vulnerabilities, and to developers to secure the web application.

Business
1 von 27
Sixth Outline Level  Seventh Outline Level  Eighth Outline Level Ninth Outline LevelClick to edit Master text styles Web Application Security Vikas Thange
Topics 1 What is Web Security 2 Why Web Security? 3 Proxy Server – Paros Proxy 4 Web Vulnerability 5 Web Vulnerability Types 6 SQL Injection 7 Other Types
What is Web Security 1 Web application security is a branch of information security that deals specifically with security of websites and web applications. 2 At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. 3 Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.
Why Web Security 1 We value our privacy 2 We value our client’s important data 3 We want to make everyone’s web presence safer and better 4 We must remember , it’s the users who uses the system 5 Users can be good as well as bad
Proxy Server 1 A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers 2 A client connects to the proxy server, requesting some service, such as a file, web page, or other resource, available from a different server. 3 The proxy server evaluates the request according to its filtering rules. If the request is validated by the filter, the proxy provides the resource
Use of Proxy Server 1 To apply access policy to network services or content, e.g. to block undesired sites. 2 To log / audit usage, i.e. to provide company employee Internet usage reporting. 3 To bypass security/ parental controls. 4 To scan transmitted content for malware before delivery. 5 To scan outbound content, e.g., for data leak protection. 6 To circumvent regional restrictions.
Sparos Proxy Server Tool
Web Vulnerability A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Weakness in custom Web Application, architecture, design, configuration, or code.
Web Vulnerability Types 1 SQL Injection 2 Code Injection 3 XSS or Cross Site Scripting 4 CSRF or Cross Site Request Forgery 5 To scan outbound content, e.g., for data leak protection. 6 Session Security 7 Input Validation
How Bad is it? **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
How Bad is it? **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
How Bad is it? 31,373 Sites Tested Summary Threat % of Vuln. No. of Vulns Vuln. % No. of Sites Classification Sites Brute Force 66 0.04% 66 0.21% Content Spoofing 663 0.45% 218 0.69% Cross Site Scripting 100,059 67.59% 26,531 84.57% Directory Indexing 292 0.20% 168 0.54% HTTP Response Splitting 4,487 3.03% 3,062 9.76% Information Leakage 20,518 13.86% 4,924 15.70% Insufficient Authentication 84 0.06% 1 0.00% Insufficient Authorization 23 0.02% 4 0.01% Insufficient Session Expiration 46 0.03% 1 0.00% OS Commanding 143 0.10% 44 0.14% Path Traversal 426 0.29% 374 1.19% Predictable Resource Location 651 0.44% 173 0.55% SQL Injection 19,607 13.25% 8,277 26.38% SSI Injection 950 0.64% 298 0.95% XPath Injection 14 0.01% 6 0.02% 148,029 100.00% 44,147 **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
SQL Injection What is SQL Injection? • It is a trick to inject SQL query/command as an input What do you need? possibly via web pages. What you should look for? • Many web pages take parameters from web user, and What if you can't find any page make SQL query to the database. that takes input? How do you test if it is vulnerable? • Take for instance when a user login, web page that user name and password and make SQL query to the database But why ' or 1=1--? to check if a user has valid name and password. How to avoid SQL Injection? • With SQL Injection, it is possible for us to send crafted Where can I get more info? user name and/or password field that will change the SQL query and thus grant us something else.
SQL Injection What is SQL Injection? • Little Sql and programming Knowledge What do you need? • No tool required What you should look for? What if you can't find any page • Any Web Browser that takes input? How do you test if it is vulnerable? • Sql injection attak dictonary But why ' or 1=1--? How to avoid SQL Injection? Where can I get more info?
SQL Injection What is SQL Injection? • Try to look for pages that allow you to submit data, What do you need? i.e: login page, search page, feedback, etc. What you should look for? • Sometimes, HTML pages use POST command to send What if you can't find any page parameters to another ASP page. Therefore, you may not that takes input? see the parameters in the URL. However, you can check How do you test if it is vulnerable? the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some But why ' or 1=1--? HTML codes: How to avoid SQL Injection? <FORM action=Search/search.asp method=post> <input type=hidden name=A value=C> Where can I get more info? </FORM> Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).
SQL Injection What is SQL Injection? What is SQL Injection? • You should look for pages like ASP, JSP, CGI, or PHP web What do you need? pages. Try to look especially for URL that takes parameters, like: What you should look for? What if you can't find any page http://duck/index.asp?id=10 that takes input? How do you test if it is vulnerable? But why ' or 1=1--? How to avoid SQL Injection? Where can I get more info?
SQL Injection What is SQL injection? What is SQL Injection? • Start with a single quote trick. Input something like: What do you need? hi' or 1=1-- Into login, or password, or even in the URL. Example: What you should look for? - Login: hi' or 1=1-- What if you can't find any page - Pass: hi' or 1=1-- that takes input? - http://duck/index.asp?id=hi' or 1=1— How do you test if it is How do you tet if it is vulnerable? vulnerable? • If you must do this with a hidden field, just download But why ' or 1=1--? the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example: How to avoid SQL Injection? Where can I get more info? <FORM action=http://duck/Search/search.asp method=post> <input type=hidden name=A value="hi' or 1=1--"> </FORM> If luck is on your side, you will get login without any login name or password.
SQL Injection What is SQL injection? What is SQL Injection? • Other than bypassing login, it is also possible to view What do you need? extra information that is not normally available. Take an asp page that will link you to another page with the What you should look for? following URL: What if you can't find any page that takes input? http://duck/index.asp?category=food How do you test if it is How do you tet if it is vulnerable? vulnerable? • In the URL, 'category' is the variable name, and 'food' is But why ' or 1=1--? the value assigned to the variable. In order to do that, an How to avoid SQL Injection? ASP might contain the following code Where can I get more info? v_cat = request("category") sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'" set rs=conn.execute(sqlstr)
SQL Injection What is SQL Injection? • As we can see, our variable will be wrapped into v_cat What do you need? and thus the SQL statement should become: What you should look for? SELECT * FROM product WHERE PCategory='food' What if you can't find any page that takes input? The query should return a resultset containing one or How do you test if it is more rows that match the WHERE condition, in this case, vulnerable? 'food'. But Why ‘ or 1=1--? • Now, assume that we change the URL into something How to avoid SQL Injection? like this: Where can I get more info? http://duck/index.asp?category=food' or 1=1-- Now, our variable v_cat equals to "food' or 1=1-- ", if we Eg. http://testasp.vulnweb.com/ substitute this in the SQL query, we will have: http://www.altoromutual.com SELECT * FROM product WHERE PCategory='food' or 1=1--'
SQL Injection What is SQL Injection? • Filter out character like single quote, double quote, slash, What do you need? back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from: What you should look for? - Input from users What if you can't find any page - Parameters from URL that takes input? - Values from cookie How do you test if it is vulnerable? For numeric value, convert it to an integer before parsing But why ' or 1=1--? it into SQL statement. Or using ISNUMERIC to make sure it is an integer. How to avoid SQL Injection? Where can I get more info?
SQL Injection What is SQL Injection? • http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6 What do you need? • http://www.blackhat.com/presentations/win-usa- What you should look for? 01/Litchfield/BHWin01Litchfield.doc What if you can't find any page that takes input? • http://www.owasp.org/asac/input_validation/sql.shtml How do you test if it is vulnerable? • http://www.sensepost.com/misc/SQLinsertion.htm But why ' or 1=1--? • http://www.digitaloffense.net/wargames01/IOWargame How to avoid SQL Injection? s.ppt Where can I get more info? • http://www.wiretrip.net/rfp/p/doc.asp?id=60&iface=6 • http://www.spidynamics.com/whitepapers/WhitepaperS QLInjection.pdf
Code Injection • Code Injection is the general name for a lot of types of attacks which depend on inserting code, which is interpreted by the application. • Such an attack may be performed by adding strings of characters into a cookie or argument values in the URI. • This attack makes use of lack of accurate input/output data validation, for example: 1. class of allowed characters (standard regular expressions classes or custom) 2. data format 3. amount of expected data 4. for numerical input, its values
Code Injection When a programmer uses the eval() function and operates on the data inside it, and these data may be altered by the attacker, then it's only one step closer to Code Injection. The example below shows how to use the eval() function: $myvar = "varname"; $x = $_GET['arg']; eval("$myvar = $x;"); The code above which smells like a rose may be used to perform a Code Injection attack. Example: passing in the URI /index.php?arg=1; phpinfo() While exploiting bugs like these, the attacker doesn't have to limit himself only to a Code Injection attack. The attacker may attempt himself to use Command Injection technique, for example. /index.php?arg=1; system(‘dir')
Cross Site Scripting Flaw (XSS) • Cross site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into otherwise benign and trusted web sites • Cross site scripting flaws are the most prevalent flaw in web applications today • Cross site scripting attacks occur when an attacker uses a web application to send malicious code , generally in the form of a browser side script, to a different end user. • To avoid XSS attack we recommend validating input against a rigorous positive specification of what is expected
Client Server Architecture
Cross Site Scripting Flaw (XSS) Session id, cookies.
Session Hijacking

Empfohlen

A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeWakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeAlexandre Morgaut
 
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 

Empfohlen

A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...A2 - broken authentication and session management(OWASP thailand chapter Apri...
A2 - broken authentication and session management(OWASP thailand chapter Apri...Noppadol Songsakaew
 
Wakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeWakanda and the top 5 security risks - JS.everyrwhere(2012) Europe
Wakanda and the top 5 security risks - JS.everyrwhere(2012) EuropeAlexandre Morgaut
 
OWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum Top 10 A3 - 6th meeting
OWASP Khartoum Top 10 A3 - 6th meetingOWASP Khartoum
 
Waf bypassing Techniques
Waf bypassing TechniquesWaf bypassing Techniques
Waf bypassing TechniquesAvinash Thapa
 
Sql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseSql injection bypassing hand book blackrose
Sql injection bypassing hand book blackroseNoaman Aziz
 
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...
Garage4Hackers Ranchoddas Webcast Series - Bypassing Modern WAF's Exemplified...Garage4hackers.com
 
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesOwasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root CausesMarco Morana
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014Haitham Raik
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017Aaron Hnatiw
 
t r
t rt r
t relectronicmingle01
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationSandro Gauci
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure codingHaitham Raik
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Phpnw security-20111009
Phpnw security-20111009Phpnw security-20111009
Phpnw security-20111009Paul Lemon
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
AuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login formAuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login formDiana Pinchuk
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Dakiry
 
香港六合彩
香港六合彩香港六合彩
香港六合彩baoyin
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)Wail Hassan
 
Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010Security Ninja
 
Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Security Ninja
 

Weitere ähnliche Inhalte

Was ist angesagt?

PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014Haitham Raik
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesBulent Buyukkahraman
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngDmitry Evteev
 
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017Aaron Hnatiw
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationSandro Gauci
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013tmd800
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure codingHaitham Raik
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web ApplicationsSasha Goldshtein
 
Phpnw security-20111009
Phpnw security-20111009Phpnw security-20111009
Phpnw security-20111009Paul Lemon
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testingImaginea
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetupkunwaratul hax0r
 
AuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login formAuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login formDiana Pinchuk
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedPrathan Phongthiproek
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultMohammed ALDOUB
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhibhumika2108
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Dakiry
 
香港六合彩
香港六合彩香港六合彩
香港六合彩baoyin
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)Wail Hassan
 

Was ist angesagt? (20)

PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
 
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing ServicesAxoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
 
Methods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall EngMethods to Bypass a Web Application Firewall Eng
Methods to Bypass a Web Application Firewall Eng
 
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017
 
t r
t rt r
t r
 
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And ExploitationWeb Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
 
OWASP top 10-2013
OWASP top 10-2013OWASP top 10-2013
OWASP top 10-2013
 
PCI Security Requirements - secure coding
PCI Security Requirements - secure codingPCI Security Requirements - secure coding
PCI Security Requirements - secure coding
 
Attacking Web Applications
Attacking Web ApplicationsAttacking Web Applications
Attacking Web Applications
 
Phpnw security-20111009
Phpnw security-20111009Phpnw security-20111009
Phpnw security-20111009
 
Web application penetration testing
Web application penetration testingWeb application penetration testing
Web application penetration testing
 
Android pentesting the hackers-meetup
Android pentesting the hackers-meetupAndroid pentesting the hackers-meetup
Android pentesting the hackers-meetup
 
AuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login formAuthN & AuthZ testing: it’s not only about the login form
AuthN & AuthZ testing: it’s not only about the login form
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Web Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or SucceedWeb Application Firewall: Suckseed or Succeed
Web Application Firewall: Suckseed or Succeed
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan GandhiReliable and fast security audits - The modern and offensive way-Mohan Gandhi
Reliable and fast security audits - The modern and offensive way-Mohan Gandhi
 
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
Діана Пінчук "Як відрізнити авторизацію від аутентифікації та перестати бояти...
 
香港六合彩
香港六合彩香港六合彩
香港六合彩
 
Module 14 (sql injection)
Module 14 (sql injection)Module 14 (sql injection)
Module 14 (sql injection)
 

Ähnlich wie Web application security

Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010Security Ninja
 
Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Security Ninja
 
SecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurity Ninja
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Shrutirupa Banerjiee
 
Sql injection whitepaper
Sql injection whitepaperSql injection whitepaper
Sql injection whitepaperManish Godawat
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security NinjaPaul Gilzow
 
SQL Injection: How It Works, How to Stop It
SQL Injection: How It Works, How to Stop ItSQL Injection: How It Works, How to Stop It
SQL Injection: How It Works, How to Stop ItGrant Fritchey
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10InnoTech
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx0567Padma
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software Shreeraj Shah
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injectionJawhar Ali
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Duo Security
 
Secure software development presentation
Secure software development presentationSecure software development presentation
Secure software development presentationMahdi Dolati
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeThuan Ng
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015devObjective
 

Ähnlich wie Web application security (20)

Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010Injecting simplicity not SQL BSides Las Vegas 2010
Injecting simplicity not SQL BSides Las Vegas 2010
 
Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010Injecting simplicity not SQL RSA Europe 2010
Injecting simplicity not SQL RSA Europe 2010
 
SecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know itSecurityBSides London - Agnitio: it's static analysis but not as we know it
SecurityBSides London - Agnitio: it's static analysis but not as we know it
 
Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)Infosec girls training-hackcummins-college-jan-2020(v0.1)
Infosec girls training-hackcummins-college-jan-2020(v0.1)
 
Sql injection whitepaper
Sql injection whitepaperSql injection whitepaper
Sql injection whitepaper
 
Become a Security Ninja
Become a Security NinjaBecome a Security Ninja
Become a Security Ninja
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
 
SQL Injection: How It Works, How to Stop It
SQL Injection: How It Works, How to Stop ItSQL Injection: How It Works, How to Stop It
SQL Injection: How It Works, How to Stop It
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
 
csf_ppt.pptx
csf_ppt.pptxcsf_ppt.pptx
csf_ppt.pptx
 
Secure SDLC for Software
Secure SDLC for Software Secure SDLC for Software
Secure SDLC for Software
 
Spa Secure Coding Guide
Spa Secure Coding GuideSpa Secure Coding Guide
Spa Secure Coding Guide
 
seminar report on Sql injection
seminar report on Sql injectionseminar report on Sql injection
seminar report on Sql injection
 
Making Web Development "Secure By Default"
Making Web Development "Secure By Default" Making Web Development "Secure By Default"
Making Web Development "Secure By Default"
 
Secure software development presentation
Secure software development presentationSecure software development presentation
Secure software development presentation
 
Make your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More SafeMake your Azure PaaS Deployment More Safe
Make your Azure PaaS Deployment More Safe
 
SQL injection
SQL injectionSQL injection
SQL injection
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 
Web hackingtools 2015
Web hackingtools 2015Web hackingtools 2015
Web hackingtools 2015
 

Kürzlich hochgeladen

Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSendBig4
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterJamesConcepcion7
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxran17april2001
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024Adnet Communications
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfDanny Diep To
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckHajeJanKamps
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataExhibitors Data
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfJamesConcepcion7
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOne Monitar
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...ssuserf63bd7
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxRakhi Bazaar
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxmbikashkanyari
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamArik Fletcher
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsGOKUL JS
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdfChris Skinner
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesDoe Paoro
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdfShaun Heinrichs
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationAnamaria Contreras
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...ssuserf63bd7
 

Kürzlich hochgeladen (20)

Send Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.comSend Files | Sendbig.com
Send Files | Sendbig.comSend Files | Sendbig.com
 
Healthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare NewsletterHealthcare Feb. & Mar. Healthcare Newsletter
Healthcare Feb. & Mar. Healthcare Newsletter
 
BAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptxBAILMENT & PLEDGE business law notes.pptx
BAILMENT & PLEDGE business law notes.pptx
 
TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024TriStar Gold Corporate Presentation - April 2024
TriStar Gold Corporate Presentation - April 2024
 
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdfGUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
GUIDELINES ON USEFUL FORMS IN FREIGHT FORWARDING (F) Danny Diep Toh MBA.pdf
 
Pitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deckPitch Deck Teardown: Xpanceo's $40M Seed deck
Pitch Deck Teardown: Xpanceo's $40M Seed deck
 
NAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors DataNAB Show Exhibitor List 2024 - Exhibitors Data
NAB Show Exhibitor List 2024 - Exhibitors Data
 
WSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdfWSMM Media and Entertainment Feb_March_Final.pdf
WSMM Media and Entertainment Feb_March_Final.pdf
 
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring CapabilitiesOnemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
Onemonitar Android Spy App Features: Explore Advanced Monitoring Capabilities
 
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
Horngren’s Financial & Managerial Accounting, 7th edition by Miller-Nobles so...
 
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptxGo for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
Go for Rakhi Bazaar and Pick the Latest Bhaiya Bhabhi Rakhi.pptx
 
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptxThe-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
The-Ethical-issues-ghhhhhhhhjof-Byjus.pptx
 
Technical Leaders - Working with the Management Team
Technical Leaders - Working with the Management TeamTechnical Leaders - Working with the Management Team
Technical Leaders - Working with the Management Team
 
WAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdfWAM Corporate Presentation April 12 2024.pdf
WAM Corporate Presentation April 12 2024.pdf
 
Supercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebsSupercharge Your eCommerce Stores-acowebs
Supercharge Your eCommerce Stores-acowebs
 
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
20220816-EthicsGrade_Scorecard-JP_Morgan_Chase-Q2-63_57.pdf
 
Unveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic ExperiencesUnveiling the Soundscape Music for Psychedelic Experiences
Unveiling the Soundscape Music for Psychedelic Experiences
 
1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf1911 Gold Corporate Presentation Apr 2024.pdf
1911 Gold Corporate Presentation Apr 2024.pdf
 
PSCC - Capability Statement Presentation
PSCC - Capability Statement PresentationPSCC - Capability Statement Presentation
PSCC - Capability Statement Presentation
 
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
Intermediate Accounting, Volume 2, 13th Canadian Edition by Donald E. Kieso t...
 

Web application security

  • 1. Sixth Outline Level  Seventh Outline Level  Eighth Outline Level Ninth Outline LevelClick to edit Master text styles Web Application Security Vikas Thange
  • 2. Topics 1 What is Web Security 2 Why Web Security? 3 Proxy Server – Paros Proxy 4 Web Vulnerability 5 Web Vulnerability Types 6 SQL Injection 7 Other Types
  • 3. What is Web Security 1 Web application security is a branch of information security that deals specifically with security of websites and web applications. 2 At a high level, Web application security draws on the principles of application security but applies them specifically to Internet and Web systems. 3 Typically web applications are developed using programming languages such as PHP, Java EE, Java, Python, Ruby, ASP.NET, C#, VB.NET or Classic ASP.
  • 4. Why Web Security 1 We value our privacy 2 We value our client’s important data 3 We want to make everyone’s web presence safer and better 4 We must remember , it’s the users who uses the system 5 Users can be good as well as bad
  • 5. Proxy Server 1 A proxy server is a server (a computer system or an application) that acts as an intermediary for requests from clients seeking resources from other servers 2 A client connects to the proxy server, requesting some service, such as a file, web page, or other resource, available from a different server. 3 The proxy server evaluates the request according to its filtering rules. If the request is validated by the filter, the proxy provides the resource
  • 6. Use of Proxy Server 1 To apply access policy to network services or content, e.g. to block undesired sites. 2 To log / audit usage, i.e. to provide company employee Internet usage reporting. 3 To bypass security/ parental controls. 4 To scan transmitted content for malware before delivery. 5 To scan outbound content, e.g., for data leak protection. 6 To circumvent regional restrictions.
  • 8. Web Vulnerability A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Weakness in custom Web Application, architecture, design, configuration, or code.
  • 9. Web Vulnerability Types 1 SQL Injection 2 Code Injection 3 XSS or Cross Site Scripting 4 CSRF or Cross Site Request Forgery 5 To scan outbound content, e.g., for data leak protection. 6 Session Security 7 Input Validation
  • 10. How Bad is it? **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
  • 11. How Bad is it? **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
  • 12. How Bad is it? 31,373 Sites Tested Summary Threat % of Vuln. No. of Vulns Vuln. % No. of Sites Classification Sites Brute Force 66 0.04% 66 0.21% Content Spoofing 663 0.45% 218 0.69% Cross Site Scripting 100,059 67.59% 26,531 84.57% Directory Indexing 292 0.20% 168 0.54% HTTP Response Splitting 4,487 3.03% 3,062 9.76% Information Leakage 20,518 13.86% 4,924 15.70% Insufficient Authentication 84 0.06% 1 0.00% Insufficient Authorization 23 0.02% 4 0.01% Insufficient Session Expiration 46 0.03% 1 0.00% OS Commanding 143 0.10% 44 0.14% Path Traversal 426 0.29% 374 1.19% Predictable Resource Location 651 0.44% 173 0.55% SQL Injection 19,607 13.25% 8,277 26.38% SSI Injection 950 0.64% 298 0.95% XPath Injection 14 0.01% 6 0.02% 148,029 100.00% 44,147 **Web Application Security Consortium (WASC) http://www.webappsec.org/projects/statistics/
  • 13. SQL Injection What is SQL Injection? • It is a trick to inject SQL query/command as an input What do you need? possibly via web pages. What you should look for? • Many web pages take parameters from web user, and What if you can't find any page make SQL query to the database. that takes input? How do you test if it is vulnerable? • Take for instance when a user login, web page that user name and password and make SQL query to the database But why ' or 1=1--? to check if a user has valid name and password. How to avoid SQL Injection? • With SQL Injection, it is possible for us to send crafted Where can I get more info? user name and/or password field that will change the SQL query and thus grant us something else.
  • 14. SQL Injection What is SQL Injection? • Little Sql and programming Knowledge What do you need? • No tool required What you should look for? What if you can't find any page • Any Web Browser that takes input? How do you test if it is vulnerable? • Sql injection attak dictonary But why ' or 1=1--? How to avoid SQL Injection? Where can I get more info?
  • 15. SQL Injection What is SQL Injection? • Try to look for pages that allow you to submit data, What do you need? i.e: login page, search page, feedback, etc. What you should look for? • Sometimes, HTML pages use POST command to send What if you can't find any page parameters to another ASP page. Therefore, you may not that takes input? see the parameters in the URL. However, you can check How do you test if it is vulnerable? the source code of the HTML, and look for "FORM" tag in the HTML code. You may find something like this in some But why ' or 1=1--? HTML codes: How to avoid SQL Injection? <FORM action=Search/search.asp method=post> <input type=hidden name=A value=C> Where can I get more info? </FORM> Everything between the <FORM> and </FORM> have potential parameters that might be useful (exploit wise).
  • 16. SQL Injection What is SQL Injection? What is SQL Injection? • You should look for pages like ASP, JSP, CGI, or PHP web What do you need? pages. Try to look especially for URL that takes parameters, like: What you should look for? What if you can't find any page http://duck/index.asp?id=10 that takes input? How do you test if it is vulnerable? But why ' or 1=1--? How to avoid SQL Injection? Where can I get more info?
  • 17. SQL Injection What is SQL injection? What is SQL Injection? • Start with a single quote trick. Input something like: What do you need? hi' or 1=1-- Into login, or password, or even in the URL. Example: What you should look for? - Login: hi' or 1=1-- What if you can't find any page - Pass: hi' or 1=1-- that takes input? - http://duck/index.asp?id=hi' or 1=1— How do you test if it is How do you tet if it is vulnerable? vulnerable? • If you must do this with a hidden field, just download But why ' or 1=1--? the source HTML from the site, save it in your hard disk, modify the URL and hidden field accordingly. Example: How to avoid SQL Injection? Where can I get more info? <FORM action=http://duck/Search/search.asp method=post> <input type=hidden name=A value="hi' or 1=1--"> </FORM> If luck is on your side, you will get login without any login name or password.
  • 18. SQL Injection What is SQL injection? What is SQL Injection? • Other than bypassing login, it is also possible to view What do you need? extra information that is not normally available. Take an asp page that will link you to another page with the What you should look for? following URL: What if you can't find any page that takes input? http://duck/index.asp?category=food How do you test if it is How do you tet if it is vulnerable? vulnerable? • In the URL, 'category' is the variable name, and 'food' is But why ' or 1=1--? the value assigned to the variable. In order to do that, an How to avoid SQL Injection? ASP might contain the following code Where can I get more info? v_cat = request("category") sqlstr="SELECT * FROM product WHERE PCategory='" & v_cat & "'" set rs=conn.execute(sqlstr)
  • 19. SQL Injection What is SQL Injection? • As we can see, our variable will be wrapped into v_cat What do you need? and thus the SQL statement should become: What you should look for? SELECT * FROM product WHERE PCategory='food' What if you can't find any page that takes input? The query should return a resultset containing one or How do you test if it is more rows that match the WHERE condition, in this case, vulnerable? 'food'. But Why ‘ or 1=1--? • Now, assume that we change the URL into something How to avoid SQL Injection? like this: Where can I get more info? http://duck/index.asp?category=food' or 1=1-- Now, our variable v_cat equals to "food' or 1=1-- ", if we Eg. http://testasp.vulnweb.com/ substitute this in the SQL query, we will have: http://www.altoromutual.com SELECT * FROM product WHERE PCategory='food' or 1=1--'
  • 20. SQL Injection What is SQL Injection? • Filter out character like single quote, double quote, slash, What do you need? back slash, semi colon, extended character like NULL, carry return, new line, etc, in all strings from: What you should look for? - Input from users What if you can't find any page - Parameters from URL that takes input? - Values from cookie How do you test if it is vulnerable? For numeric value, convert it to an integer before parsing But why ' or 1=1--? it into SQL statement. Or using ISNUMERIC to make sure it is an integer. How to avoid SQL Injection? Where can I get more info?
  • 21. SQL Injection What is SQL Injection? • http://www.wiretrip.net/rfp/p/doc.asp?id=42&iface=6 What do you need? • http://www.blackhat.com/presentations/win-usa- What you should look for? 01/Litchfield/BHWin01Litchfield.doc What if you can't find any page that takes input? • http://www.owasp.org/asac/input_validation/sql.shtml How do you test if it is vulnerable? • http://www.sensepost.com/misc/SQLinsertion.htm But why ' or 1=1--? • http://www.digitaloffense.net/wargames01/IOWargame How to avoid SQL Injection? s.ppt Where can I get more info? • http://www.wiretrip.net/rfp/p/doc.asp?id=60&iface=6 • http://www.spidynamics.com/whitepapers/WhitepaperS QLInjection.pdf
  • 22. Code Injection • Code Injection is the general name for a lot of types of attacks which depend on inserting code, which is interpreted by the application. • Such an attack may be performed by adding strings of characters into a cookie or argument values in the URI. • This attack makes use of lack of accurate input/output data validation, for example: 1. class of allowed characters (standard regular expressions classes or custom) 2. data format 3. amount of expected data 4. for numerical input, its values
  • 23. Code Injection When a programmer uses the eval() function and operates on the data inside it, and these data may be altered by the attacker, then it's only one step closer to Code Injection. The example below shows how to use the eval() function: $myvar = "varname"; $x = $_GET['arg']; eval("$myvar = $x;"); The code above which smells like a rose may be used to perform a Code Injection attack. Example: passing in the URI /index.php?arg=1; phpinfo() While exploiting bugs like these, the attacker doesn't have to limit himself only to a Code Injection attack. The attacker may attempt himself to use Command Injection technique, for example. /index.php?arg=1; system(‘dir')
  • 24. Cross Site Scripting Flaw (XSS) • Cross site Scripting (XSS) attacks are a type of injection problem, in which malicious scripts are injected into otherwise benign and trusted web sites • Cross site scripting flaws are the most prevalent flaw in web applications today • Cross site scripting attacks occur when an attacker uses a web application to send malicious code , generally in the form of a browser side script, to a different end user. • To avoid XSS attack we recommend validating input against a rigorous positive specification of what is expected
  • 26. Cross Site Scripting Flaw (XSS) Session id, cookies.

Hinweis der Redaktion

  1. &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; Window.open(‘http://google.com’);
  2. &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; Window.open(‘http://google.com’);
  3. &lt;SCRIPT&gt;alert(document.cookie);&lt;/SCRIPT&gt; Window.open(‘http://google.com’);