16.4.16 Java/Scala Lab
Upcoming events: goo.gl/I2gJ4H
Этот доклад поможет вам разрабатывать софт, который огорчит хакеров. Мы рассмотрим самые часто-встречающиеся и опасные уязвимости ПО, которые создаются непосредственно разработчиками, а так же как их можно избежать силами Java.
6. Problem summary
Developers are NOT responsible for security
bugs!
Well, almost
Absolute most security issues are due to
design!
Either a vulnerable one
Or an incomplete one – which makes the
developers decide what and how should be
implemented
8. Lack of web security
configurations
X-Frame-Options
Content Security Policy
HTTP Strict Transport Security
HTTP Public Key Pinning
9. Sessions - Cookie security flags
HTTPOnly flag
Secure flag
Cookie scope - Domain
domain better not be set than set liberally to a
domain
e.g. domain=server.com gives the cookie to
subdomains
It shouldn’t, but thanks to the RFC 2109 and 6265 circle-
jerk…
Cookie scope - Path
path must include only the webapp for which the
10. Sessions – Session fixation
http://whatever.com/login.jsp?jsessionid=E85FA
C04E331FFCA55549B10B7C7A4FA
Session token in URL – bad, bad practice!
It will also appear in server logs, browser history,
proxies, etc…
11. Decisions based on untrusted
data
&admin=true
Invisible/disabled controls
Data MIME type
Forced navigation to ID
20. Random
Hacking Java’s Random(): predicting the future
Linear Congruential PRNG:
seed = (seed * multiplier + addend) mod (2 ^ precision)
Has 48 bits of state, but discloses only 32 at a time e.g.
nextInt()
The remaining 16 bits are easily bruteforcible on modern
PCs:
21. Random
Hacking Java’s Random(): peeking into the past
Long story short, one bit at a time we unwind the changes
a previous seed would’ve had on the current number
And can do so recursively as far back as we wish
USE SECURE RANDO
22. Vulnerable crypto
EXP – export crypto
DES
RC4
MD4
MD5 – yes, fully broken since 2007, stop using
it!
SHA-1
“Oh please, we’ve used MD5 forever and it’s
25. Cryptographic hash
Password storage
Never store passwords for verification in the
clear
Use salts with hashes to fight rainbow tables
Never use clear hash functions to hash
passwords
Yep! Go for a key derivation function!
PBKDF2
scrypt
bcrypt
26. Setting up SSL/TLS
Do TLS the right way!
Yay or nay?
ECDHE-RSA-AES256-GCM-SHA256
Yay!
ECDHE-RSA-RC4-SHA
Nay!
EXP-RC4-MD5
Nay nay nay!!!