SlideShare ist ein Scribd-Unternehmen logo

How to Hijack a Pizza Delivery Robot with Injection Flaws

Als PPTX, PDF herunterladen
Security Innovation
Security Innovation

Welcome to the lighter side of the software security world! We’ll explain complex topics like injection flaws, configuration errors, and parameter tampering with real-world analogies, like breaking into your house through your shed, or sneaking into a Coldplay concert using a reflective yellow vest, a walkie talkie toy, and your bravado. If you’ve ever struggled to remember exactly how these issues work or struggled to explain them to someone outside of the security field, this presentation will help (and probably make you laugh). Topics covered include: - Injection Flaws - XSS - SQL Injection - Broken Authentication - Privilege Escalation - Information Disclosure - Parameter Tampering - Configuration Errors This webinar is ideal for anyone who wants to understand core Application Security concepts so they can apply risk mitigation strategies with better context.

Technologie
1 von 56
About Security Innovation ■ Authority in Software Security – 15+ years research on software vulnerabilities – Security testing methodology adopted by SAP, Symantec, Microsoft and McAfee – Authors of 18 books ■ Helping organizations minimize risk – Assessment: Show me the gaps – Education: Guide me to the right decisions – Standards: Set goals and make it easy and natural ■ Tech-enabled services for both breadth and depth
What am I doing? ■ I’m going to explain common attack and exploitation techniques, through my power of analogy! ■ There are some great common parallels between computer security and the real world ■ I will gently guide you from the real world into a high-level technical understanding ■ Goal: Lay the groundwork of understanding attacks and vulnerabilities for future
VULNERABILITIES the failures
INJECTION FLAWS Humans + code = sadness
Pizza Robot Goal: - Deliver pizza - Greet human - Return to pizzeria
Process 1. Human goes to a website 2. Makes their order 3. Enters their name “Joe” 4. The pizza is made and placed in delivery robot 5. Delivery robot is programmed with commands to get to the house 6. Delivery robot delivers pizza and says “Greetings, Joe” 7. Delivery robot returns to base Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Deliver: Pizza Return
Hijacking a Pizza Robot Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Deliver: Pizza Return Expected: Joe Unexpected: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Deliver: Pizza Return
What’s happening!? ■ Everything in White is “Code” – programmer supplied – Code is simply special text that tells a system what to do – GPS for a computer ■ Everything in Red is “Data” – user supplied – Data is anything else: text, photos, etc. ■ The programmer assumed the name would not include “Code” – Nobody’s named “Turn” or ”Forward” right? ■ When the user supplied those things the robot wrongly interpreted them as “Code” ■ This is fundamentally the same thing that happens in XSS, SQLi, Buffer Overflows, XML injection, and more! Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Deliver: Pizza Return
XSS & SQLI Time to get real
XSS Mixing code and data in the web browser is confusing
Cross Site Scripting (XSS) Mixing Code and Data using control characters in the webpage ■ Try this anywhere you control a value on the page – HTML – JavaScript – Headers ■ How is your input being encoded? ■ Test Cases – Change your input – Try <marquee> – Try <script>alert('XSS')</script>
What CanYou Do with XSS? loginError.action?errorMsg=Sorry%2C+incorrect+username+or+password.
What CanYou Do with XSS? loginError.action?errorMsg= </div><h1>Login Moved</h1><p>Please Login at: http://evilportal.com</p>
What CanYou Do with XSS? loginError.action?errorMsg= <marquee>
What CanYou Do with XSS? loginError.action?errorMsg= <script>document.location='http://evilhacker.or g'</script>
Why is XSS Possible?
When is XSS Possible? www.catsearch.com?search=fluffy
When is XSS Possible? www.catsearch.com?search=sadlfkjsadf...
When is XSS Possible? www.catsearch.com?search=<script>aler...
SQL INJECTION Mixing code and data in databases can be catastrophic
SQL Injection ■ Mixing Code and Data using control characters in DatabaseQueries ■ Try this on any input you think may use the database – Textboxes, URL Parameters, dropdowns, hidden fields ■ Start small, build more complex SQLQueries to manipulate the database ■ Test Cases – Does ' Produce an error message? – Think about how to manipulate the SQL command SELECT * FROM USERS WHERE Username = 'joe' AND Password = 'P4S$
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' AND Password = 'P4S$WorD1'; Username joe Password P4S$WorD1 Commentary: Assuming correct username and password the user is logged in InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe'' AND Password = 'P4S$WorD1'; Username joe' Password P4S$WorD1 com.fjordengineering.store.util.SecureSQLException Commentary: Errant single quote causes a parsing error. Error returned to user. InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe'#' AND Password = 'P4S$WorD1'; Username joe’# Password P4S$WorD1 Login Success: User = joe Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1 #' AND Password = 'P4S$WorD1'; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ Everything after the # is disregarded InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ 1=1 is alwaysTRUE, so we can replace that SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ Anything ORTRUE is alwaysTRUE SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; SELECT * FROM USERS WHERE TRUE; InputValues
Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ OR 1=1 # short circuits the entire where clause in this case SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; SELECT * FROM USERS WHERE TRUE; SELECT * FROM USERS; InputValues
INJECTION FLAWS ALLOW AN ATTACKERTO INJECT THEIR OWN CODE INTO THE PROGRAM
BROKEN AUTHENTICATIO N Check ID at the door
IS A HI-VIS VEST MORE POWERFU LTHAN ID?
FREE MOVIES https://www.vice.com/en_au/article/mgv4gn/chalecos-reflectantes-entrar-gratis
ENTRANC ETOTHE ZOO
COLDPLAY? I wasn't a big fan of Coldplay before I saw
Authentication Issues ■ Many opportunities to make mistakes – Default or test credentials – Not storing credentials properly – Forgetting/Resetting passwords – Not protecting authentication tokens properly – Cookie issues – Not handing user input safely – Loss of credentials – Password reuse – Not checking credentials properly – Changing usernames – Phishing – Failure to use 2FA – Overlap with other vulnerabilities (XSS,CSRF,SQLi, etc.) ■ Verify your users ■ Protect their credentials ■ Protect credential equivalents
PRIVILEGE ESCALATION Can I steal yourTV through your shed?
I want in here I can get in here
What’s in a house? ■ TV ■ Computers ■ Electronics ■ Money
What’s in a shed? ■ Ladders ■ Bolt cutters ■ Spare keys ■ Drills & Saws
Start Here Go Here
Horizontal vs.Vertical Escalation ■ Horizontal Privilege Escalation – Allows one user can access another user’s data ■ Vertical Privilege Escalation – Allows a user to increase their privilege level – Anonymous -> User – User -> Manager – Manager –> Administrator
Authentication is not Authorization Authentication ■ Verify a user is who they say they are ■ Validate that user throughout their use of the system – Through cookies or other tokens Authorization ■ Validate what the user should have access to ■ Users, Roles, access controls, or other methods of authorization Both must be accounted for and fail differently
INFORMATION DISCLOSURE I bet that guy is in sales, I can tell by his suit
A guy walks into a bar… Passive - Observe What’s he wearing? Shoes Hair Wedding ring Dirt under fingernails Scars Active - Start a conversation Where are you from? Siblings? How old are you? Pets? Job?
Computers give away information all the time ■ Hackers gather that information and use it against us every day ■ Tools and Databases scan and collect this information for easy querying ■ Our job is to protect this information
PARAMETER TAMPERING Control the data Control the future
Let’s find some deals! ■ Peel off the tags from someWonder Bread ■ Apply tags to fancy bread!
ALWAYS BE NICETO YOUR MILLENNIAL S
Everything a computer does starts with input Without input a computer will always do the same thing Input filtering, processing, and blocking sets the stage for everything else
CONFIGURATIO N ERRORS Don’t put the locks on the wrong side of the door
Doors, Windows, and Locks Installing a door can be difficult to do securely Installing a window so it locks automatically Don’t forget to lock your doors and windows Did you remember all your doors and windows?
YouTube: LockPickingLawyer https://www.youtube.com/watch?v=nJu_-Iuppc0
Many software systems can be configured securely ■ Most software systems don’t come secure by default ■ Insecure use of existing components – The door is installed poorly ■ Insecure configuration of components – The lock is misconfigured ■ Insecure defaults are used – The lock has a reused key or default keycode
Lots of ways that software can fail ■ Communication is a great first step ■ Start the conversation ■ Make it memorable ■ Give people an anchor of understanding
ThankYou! Joe Basirico Security Innovation SVP Engineering jbasirico@securityinnovation.com

Empfohlen

WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
Arduino camera interfacing OV7670
Arduino camera interfacing OV7670Arduino camera interfacing OV7670
Arduino camera interfacing OV7670Somnath Sharma
 
Spring Cloud Contract And Your Microservice Architecture
Spring Cloud Contract And Your Microservice ArchitectureSpring Cloud Contract And Your Microservice Architecture
Spring Cloud Contract And Your Microservice ArchitectureMarcin Grzejszczak
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesAruba, a Hewlett Packard Enterprise company
 
AWS for IoT
AWS for IoTAWS for IoT
AWS for IoTAmazon Web Services
 
End to End Communication protection
End to End Communication protectionEnd to End Communication protection
End to End Communication protectionSibiKrishnan
 
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Kentaro Ebisawa
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 

Empfohlen

WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) WeirdAAL (AWS Attack Library)
WeirdAAL (AWS Attack Library) Chris Gates
 
Arduino camera interfacing OV7670
Arduino camera interfacing OV7670Arduino camera interfacing OV7670
Arduino camera interfacing OV7670Somnath Sharma
 
Spring Cloud Contract And Your Microservice Architecture
Spring Cloud Contract And Your Microservice ArchitectureSpring Cloud Contract And Your Microservice Architecture
Spring Cloud Contract And Your Microservice ArchitectureMarcin Grzejszczak
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesAruba, a Hewlett Packard Enterprise company
 
AWS for IoT
AWS for IoTAWS for IoT
AWS for IoTAmazon Web Services
 
End to End Communication protection
End to End Communication protectionEnd to End Communication protection
End to End Communication protectionSibiKrishnan
 
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Quick Start Guide using Virtuozzo 7 (β) on AWS EC2
Quick Start Guide using Virtuozzo 7 (β) on AWS EC2Kentaro Ebisawa
 
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...
Introduction to Industrial Control Systems : Pentesting PLCs 101 (BlackHat Eu...arnaudsoullie
 
Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
Open VAS Manual
Open VAS ManualOpen VAS Manual
Open VAS ManualInformation Technology Inistitute
 
Binders and crypters
Binders and cryptersBinders and crypters
Binders and cryptersTej Singh
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
Kismet
KismetKismet
KismetNilesh Pawar
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Building an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp VaultBuilding an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp VaultJeff Ploughman
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...Bakul Banerjee, Ph.D.
 
Backtrack 5 claves wpa y wpa2 pirate night
Backtrack 5 claves wpa y wpa2 pirate nightBacktrack 5 claves wpa y wpa2 pirate night
Backtrack 5 claves wpa y wpa2 pirate nightMiguel Alexander Segovia Lovera
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT HubWinWire Technologies Inc
 
Entel SAP on Huawei Cloud.pdf
Entel SAP on Huawei Cloud.pdfEntel SAP on Huawei Cloud.pdf
Entel SAP on Huawei Cloud.pdfArielRodriguezSolis1
 
Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Priyanka Aash
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 

Weitere ähnliche Inhalte

Was ist angesagt?

Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Fábio Afonso
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWYudi Arijanto
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architecturesinovia
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examInfosec
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO AuthenticationFIDO Alliance
 
Binders and crypters
Binders and cryptersBinders and crypters
Binders and cryptersTej Singh
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virusshusrusha
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT SecurityCAS
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105 Thomas Treml
 
Building an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp VaultBuilding an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp VaultJeff Ploughman
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security StrategyCapgemini
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewallsrajakhurram
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Ulf Mattsson
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Haniyama Wataru
 
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...Bakul Banerjee, Ph.D.
 

Was ist angesagt? (20)

Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2Wi-Fi security – WEP, WPA and WPA2
Wi-Fi security – WEP, WPA and WPA2
 
How to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFWHow to prevent ssh-tunneling using Palo Alto Networks NGFW
How to prevent ssh-tunneling using Palo Alto Networks NGFW
 
Security in microservices architectures
Security in microservices architecturesSecurity in microservices architectures
Security in microservices architectures
 
CompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new examCompTIA network+ | Everything you need to know about the new exam
CompTIA network+ | Everything you need to know about the new exam
 
Google & FIDO Authentication
Google & FIDO AuthenticationGoogle & FIDO Authentication
Google & FIDO Authentication
 
Open VAS Manual
Open VAS ManualOpen VAS Manual
Open VAS Manual
 
Binders and crypters
Binders and cryptersBinders and crypters
Binders and crypters
 
Counter Measures Of Virus
Counter Measures Of VirusCounter Measures Of Virus
Counter Measures Of Virus
 
Kismet
KismetKismet
Kismet
 
Introduction to IoT Security
Introduction to IoT SecurityIntroduction to IoT Security
Introduction to IoT Security
 
Zero Trust 20211105
Zero Trust 20211105 Zero Trust 20211105
Zero Trust 20211105
 
Building an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp VaultBuilding an Ethereum Wallet using Hashicorp Vault
Building an Ethereum Wallet using Hashicorp Vault
 
Cloud Security Strategy
Cloud Security StrategyCloud Security Strategy
Cloud Security Strategy
 
Lecture 4 firewalls
Lecture 4 firewallsLecture 4 firewalls
Lecture 4 firewalls
 
Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017Security for iot and cloud aug 25b 2017
Security for iot and cloud aug 25b 2017
 
Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装Idcon25 FIDO2 の概要と YubiKey の実装
Idcon25 FIDO2 の概要と YubiKey の実装
 
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
THE NEW IEEE STANDARD FOR SOFTWARE QUALITY ASSURANCE PROCESSES – AN ESSENTIA...
 
Backtrack 5 claves wpa y wpa2 pirate night
Backtrack 5 claves wpa y wpa2 pirate nightBacktrack 5 claves wpa y wpa2 pirate night
Backtrack 5 claves wpa y wpa2 pirate night
 
Azure IoT Hub
Azure IoT HubAzure IoT Hub
Azure IoT Hub
 
Entel SAP on Huawei Cloud.pdf
Entel SAP on Huawei Cloud.pdfEntel SAP on Huawei Cloud.pdf
Entel SAP on Huawei Cloud.pdf
 

Ähnlich wie How to Hijack a Pizza Delivery Robot with Injection Flaws

Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Priyanka Aash
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthnFIDO Alliance
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsn|u - The Open Security Community
 
Memphis php html form processing with php
Memphis php html form processing with phpMemphis php html form processing with php
Memphis php html form processing with phpJoe Ferguson
 
Identity theft: Developers are key - JFokus 2017
Identity theft: Developers are key - JFokus 2017Identity theft: Developers are key - JFokus 2017
Identity theft: Developers are key - JFokus 2017Brian Vermeer
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php SecurityDave Ross
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdNipun Jaswal
 
SQL Injections and Behind...
SQL Injections and Behind...SQL Injections and Behind...
SQL Injections and Behind...arjunguptam
 
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSECSean Whalen
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014Chris Nickerson
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Positive Hack Days
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...PROIDEA
 
Cyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital Worldqubanewmedia
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security TestingTEST Huddle
 

Ähnlich wie How to Hijack a Pizza Delivery Robot with Injection Flaws (20)

Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)Hijacking a Pizza Delivery Robot (using SQL injection)
Hijacking a Pizza Delivery Robot (using SQL injection)
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Getting Started With WebAuthn
Getting Started With WebAuthnGetting Started With WebAuthn
Getting Started With WebAuthn
 
2600 Thailand #50 From 0day to CVE
2600 Thailand #50 From 0day to CVE2600 Thailand #50 From 0day to CVE
2600 Thailand #50 From 0day to CVE
 
Breaking out of restricted RDP
Breaking out of restricted RDPBreaking out of restricted RDP
Breaking out of restricted RDP
 
Is it good to be paranoid ?
Is it good to be paranoid ?Is it good to be paranoid ?
Is it good to be paranoid ?
 
The hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignmentsThe hardcore stuff i hack, experiences from past VAPT assignments
The hardcore stuff i hack, experiences from past VAPT assignments
 
Memphis php html form processing with php
Memphis php html form processing with phpMemphis php html form processing with php
Memphis php html form processing with php
 
Identity theft: Developers are key - JFokus 2017
Identity theft: Developers are key - JFokus 2017Identity theft: Developers are key - JFokus 2017
Identity theft: Developers are key - JFokus 2017
 
Intro to Php Security
Intro to Php SecurityIntro to Php Security
Intro to Php Security
 
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. LtdBeyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
Beyond Ethical Hacking By Nipun Jaswal , CSA HCF Infosec Pvt. Ltd
 
SQL Injections and Behind...
SQL Injections and Behind...SQL Injections and Behind...
SQL Injections and Behind...
 
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
apidays LIVE New York 2021 - Why Software Teams Struggle with API Security Te...
 
Intro to INFOSEC
Intro to INFOSECIntro to INFOSEC
Intro to INFOSEC
 
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 201450 Shades of RED: Stories from the “Playroom” from CONFidence 2014
50 Shades of RED: Stories from the “Playroom” from CONFidence 2014
 
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
Alexey Sintsov. Honeypot that Can Bite: Reverse Penetration.
 
Phd final
Phd finalPhd final
Phd final
 
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"..."Inter- application vulnerabilities. hunting for bugs in secure applications"...
"Inter- application vulnerabilities. hunting for bugs in secure applications"...
 
Cyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital WorldCyber Threats and Data Privacy in a Digital World
Cyber Threats and Data Privacy in a Digital World
 
Zen and the art of Security Testing
Zen and the art of Security TestingZen and the art of Security Testing
Zen and the art of Security Testing
 

Mehr von Security Innovation

Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the CloudSecurity Innovation
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Security Innovation
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Security Innovation
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
5 Ways To Train Security Champions
5 Ways To Train Security Champions5 Ways To Train Security Champions
5 Ways To Train Security ChampionsSecurity Innovation
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to ComplianceSecurity Innovation
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsSecurity Innovation
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureSecurity Innovation
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart WaySecurity Innovation
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSecurity Innovation
 
A Fresh, New Look for CMD+CTRL Cyber Range
A Fresh, New Look for CMD+CTRL Cyber RangeA Fresh, New Look for CMD+CTRL Cyber Range
A Fresh, New Look for CMD+CTRL Cyber RangeSecurity Innovation
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT SystemsSecurity Innovation
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecuritySecurity Innovation
 
Is Blockchain Right for You? The Million Dollar Question
Is Blockchain Right for You? The Million Dollar QuestionIs Blockchain Right for You? The Million Dollar Question
Is Blockchain Right for You? The Million Dollar QuestionSecurity Innovation
 
Privacy: The New Software Development Dilemma
Privacy: The New Software Development DilemmaPrivacy: The New Software Development Dilemma
Privacy: The New Software Development DilemmaSecurity Innovation
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingSecurity Innovation
 
Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Security Innovation
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythSecurity Innovation
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesSecurity Innovation
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security TwistSecurity Innovation
 

Mehr von Security Innovation (20)

Securing Applications in the Cloud
Securing Applications in the CloudSecuring Applications in the Cloud
Securing Applications in the Cloud
 
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
Modernizing, Migrating & Mitigating - Moving to Modern Cloud & API Web Apps W...
 
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
Develop, Test & Maintain Secure Systems (While Being PCI Compliant)
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
5 Ways To Train Security Champions
5 Ways To Train Security Champions5 Ways To Train Security Champions
5 Ways To Train Security Champions
 
Aligning Application Security to Compliance
Aligning Application Security to ComplianceAligning Application Security to Compliance
Aligning Application Security to Compliance
 
How an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software SystemsHow an Attacker "Audits" Your Software Systems
How an Attacker "Audits" Your Software Systems
 
Opening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital FutureOpening the Talent Spigot to Securing our Digital Future
Opening the Talent Spigot to Securing our Digital Future
 
Assessing System Risk the Smart Way
Assessing System Risk the Smart WayAssessing System Risk the Smart Way
Assessing System Risk the Smart Way
 
Slashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do'sSlashing Your Cloud Risk: 3 Must-Do's
Slashing Your Cloud Risk: 3 Must-Do's
 
A Fresh, New Look for CMD+CTRL Cyber Range
A Fresh, New Look for CMD+CTRL Cyber RangeA Fresh, New Look for CMD+CTRL Cyber Range
A Fresh, New Look for CMD+CTRL Cyber Range
 
Security Testing for IoT Systems
Security Testing for IoT SystemsSecurity Testing for IoT Systems
Security Testing for IoT Systems
 
Cyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to SecurityCyber Ranges: A New Approach to Security
Cyber Ranges: A New Approach to Security
 
Is Blockchain Right for You? The Million Dollar Question
Is Blockchain Right for You? The Million Dollar QuestionIs Blockchain Right for You? The Million Dollar Question
Is Blockchain Right for You? The Million Dollar Question
 
Privacy: The New Software Development Dilemma
Privacy: The New Software Development DilemmaPrivacy: The New Software Development Dilemma
Privacy: The New Software Development Dilemma
 
Privacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be TellingPrivacy Secrets Your Systems May Be Telling
Privacy Secrets Your Systems May Be Telling
 
Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?Secure DevOps - Evolution or Revolution?
Secure DevOps - Evolution or Revolution?
 
IoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" MythIoT Security: Debunking the "We Aren't THAT Connected" Myth
IoT Security: Debunking the "We Aren't THAT Connected" Myth
 
Threat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to VulnerabilitiesThreat Modeling - Locking the Door to Vulnerabilities
Threat Modeling - Locking the Door to Vulnerabilities
 
GDPR: The Application Security Twist
GDPR: The Application Security TwistGDPR: The Application Security Twist
GDPR: The Application Security Twist
 

Kürzlich hochgeladen

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitecturePixlogix Infotech
 

Kürzlich hochgeladen (20)

A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Understanding the Laravel MVC Architecture
Understanding the Laravel MVC ArchitectureUnderstanding the Laravel MVC Architecture
Understanding the Laravel MVC Architecture
 

How to Hijack a Pizza Delivery Robot with Injection Flaws

  • 1.
  • 2. About Security Innovation ■ Authority in Software Security – 15+ years research on software vulnerabilities – Security testing methodology adopted by SAP, Symantec, Microsoft and McAfee – Authors of 18 books ■ Helping organizations minimize risk – Assessment: Show me the gaps – Education: Guide me to the right decisions – Standards: Set goals and make it easy and natural ■ Tech-enabled services for both breadth and depth
  • 3. What am I doing? ■ I’m going to explain common attack and exploitation techniques, through my power of analogy! ■ There are some great common parallels between computer security and the real world ■ I will gently guide you from the real world into a high-level technical understanding ■ Goal: Lay the groundwork of understanding attacks and vulnerabilities for future
  • 6. Pizza Robot Goal: - Deliver pizza - Greet human - Return to pizzeria
  • 7. Process 1. Human goes to a website 2. Makes their order 3. Enters their name “Joe” 4. The pizza is made and placed in delivery robot 5. Delivery robot is programmed with commands to get to the house 6. Delivery robot delivers pizza and says “Greetings, Joe” 7. Delivery robot returns to base Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Deliver: Pizza Return
  • 8. Hijacking a Pizza Robot Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Deliver: Pizza Return Expected: Joe Unexpected: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Deliver: Pizza Return
  • 9. What’s happening!? ■ Everything in White is “Code” – programmer supplied – Code is simply special text that tells a system what to do – GPS for a computer ■ Everything in Red is “Data” – user supplied – Data is anything else: text, photos, etc. ■ The programmer assumed the name would not include “Code” – Nobody’s named “Turn” or ”Forward” right? ■ When the user supplied those things the robot wrongly interpreted them as “Code” ■ This is fundamentally the same thing that happens in XSS, SQLi, Buffer Overflows, XML injection, and more! Forward: 50 ft Turn: Right Forward: 300 ft Turn: Left Forward: 10 ft Turn: Left Forward: 5 ft Greet: Joe Turn: Left Forward: 1 ft Turn: Left Forward: 1 ft Deliver: Pizza Return
  • 10. XSS & SQLI Time to get real
  • 11. XSS Mixing code and data in the web browser is confusing
  • 12. Cross Site Scripting (XSS) Mixing Code and Data using control characters in the webpage ■ Try this anywhere you control a value on the page – HTML – JavaScript – Headers ■ How is your input being encoded? ■ Test Cases – Change your input – Try <marquee> – Try <script>alert('XSS')</script>
  • 13. What CanYou Do with XSS? loginError.action?errorMsg=Sorry%2C+incorrect+username+or+password.
  • 14. What CanYou Do with XSS? loginError.action?errorMsg= </div><h1>Login Moved</h1><p>Please Login at: http://evilportal.com</p>
  • 15. What CanYou Do with XSS? loginError.action?errorMsg= <marquee>
  • 16. What CanYou Do with XSS? loginError.action?errorMsg= <script>document.location='http://evilhacker.or g'</script>
  • 17. Why is XSS Possible?
  • 18. When is XSS Possible? www.catsearch.com?search=fluffy
  • 19. When is XSS Possible? www.catsearch.com?search=sadlfkjsadf...
  • 20. When is XSS Possible? www.catsearch.com?search=<script>aler...
  • 21. SQL INJECTION Mixing code and data in databases can be catastrophic
  • 22. SQL Injection ■ Mixing Code and Data using control characters in DatabaseQueries ■ Try this on any input you think may use the database – Textboxes, URL Parameters, dropdowns, hidden fields ■ Start small, build more complex SQLQueries to manipulate the database ■ Test Cases – Does ' Produce an error message? – Think about how to manipulate the SQL command SELECT * FROM USERS WHERE Username = 'joe' AND Password = 'P4S$
  • 23. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' AND Password = 'P4S$WorD1'; Username joe Password P4S$WorD1 Commentary: Assuming correct username and password the user is logged in InputValues
  • 24. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe'' AND Password = 'P4S$WorD1'; Username joe' Password P4S$WorD1 com.fjordengineering.store.util.SecureSQLException Commentary: Errant single quote causes a parsing error. Error returned to user. InputValues
  • 25. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe'#' AND Password = 'P4S$WorD1'; Username joe’# Password P4S$WorD1 Login Success: User = joe Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ InputValues
  • 26. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1 #' AND Password = 'P4S$WorD1'; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ Everything after the # is disregarded InputValues
  • 27. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ 1=1 is alwaysTRUE, so we can replace that SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; InputValues
  • 28. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ Anything ORTRUE is alwaysTRUE SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; SELECT * FROM USERS WHERE TRUE; InputValues
  • 29. Logging in with SQL Injection SELECT * FROM USERS WHERE Username = 'joe' OR 1=1; Username joe’ OR 1=1 # Password P4S$WorD1 Commentary: Password check is commented out. Username is checked and attacker is logged in as ‘joe’ OR 1=1 # short circuits the entire where clause in this case SELECT * FROM USERS WHERE Username = 'joe' OR TRUE; SELECT * FROM USERS WHERE TRUE; SELECT * FROM USERS; InputValues
  • 30. INJECTION FLAWS ALLOW AN ATTACKERTO INJECT THEIR OWN CODE INTO THE PROGRAM
  • 35. COLDPLAY? I wasn't a big fan of Coldplay before I saw
  • 36. Authentication Issues ■ Many opportunities to make mistakes – Default or test credentials – Not storing credentials properly – Forgetting/Resetting passwords – Not protecting authentication tokens properly – Cookie issues – Not handing user input safely – Loss of credentials – Password reuse – Not checking credentials properly – Changing usernames – Phishing – Failure to use 2FA – Overlap with other vulnerabilities (XSS,CSRF,SQLi, etc.) ■ Verify your users ■ Protect their credentials ■ Protect credential equivalents
  • 37. PRIVILEGE ESCALATION Can I steal yourTV through your shed?
  • 38. I want in here I can get in here
  • 39. What’s in a house? ■ TV ■ Computers ■ Electronics ■ Money
  • 40. What’s in a shed? ■ Ladders ■ Bolt cutters ■ Spare keys ■ Drills & Saws
  • 42. Horizontal vs.Vertical Escalation ■ Horizontal Privilege Escalation – Allows one user can access another user’s data ■ Vertical Privilege Escalation – Allows a user to increase their privilege level – Anonymous -> User – User -> Manager – Manager –> Administrator
  • 43. Authentication is not Authorization Authentication ■ Verify a user is who they say they are ■ Validate that user throughout their use of the system – Through cookies or other tokens Authorization ■ Validate what the user should have access to ■ Users, Roles, access controls, or other methods of authorization Both must be accounted for and fail differently
  • 44. INFORMATION DISCLOSURE I bet that guy is in sales, I can tell by his suit
  • 45. A guy walks into a bar… Passive - Observe What’s he wearing? Shoes Hair Wedding ring Dirt under fingernails Scars Active - Start a conversation Where are you from? Siblings? How old are you? Pets? Job?
  • 46. Computers give away information all the time ■ Hackers gather that information and use it against us every day ■ Tools and Databases scan and collect this information for easy querying ■ Our job is to protect this information
  • 48. Let’s find some deals! ■ Peel off the tags from someWonder Bread ■ Apply tags to fancy bread!
  • 50. Everything a computer does starts with input Without input a computer will always do the same thing Input filtering, processing, and blocking sets the stage for everything else
  • 51. CONFIGURATIO N ERRORS Don’t put the locks on the wrong side of the door
  • 52. Doors, Windows, and Locks Installing a door can be difficult to do securely Installing a window so it locks automatically Don’t forget to lock your doors and windows Did you remember all your doors and windows?
  • 54. Many software systems can be configured securely ■ Most software systems don’t come secure by default ■ Insecure use of existing components – The door is installed poorly ■ Insecure configuration of components – The lock is misconfigured ■ Insecure defaults are used – The lock has a reused key or default keycode
  • 55. Lots of ways that software can fail ■ Communication is a great first step ■ Start the conversation ■ Make it memorable ■ Give people an anchor of understanding
  • 56. ThankYou! Joe Basirico Security Innovation SVP Engineering jbasirico@securityinnovation.com

Hinweis der Redaktion

  1. Security innovation is a company dedicated to helping our customers with hard application and data security problems. We’ve spent years researching security vulnerabilities, why they occur, what they look like in production code and how to find and fix them. We have experience working with some of the largest companies in a variety of industries - from software companies such as Microsoft to e-commerce companies such as amazon, financial companies and many more. We offer solutions for all phases of the SDLC including instructor led training, computer based eLearning courses, on-site consulting and security assessments as well as technology to help secure sensitive data over the network or at rest. Over the years we’ve analyzed more than 10,000 vulnerabilities both in the course of research studies and through the assessments of software for our customers We got our start as a security testing company, grew to a products and services company that focused on breaking systems (code review, pen test, etc) and then helping fix the problems through secure design and implementation. We acquired NTRU in 2009 to expand our data protection services focused on data in transit as well as data at rest with best in class, high performance cryptography.
  2. It is important to understand the difference between authentication and authorization. Authentication verifies a user is who they say they are. This is similar to checking an ID card or a passport. Once a user presents their credentials it is common and best practice to provide the user with an authentication token. This is a cryptographically secure random value that maps to the user. The user then presents this token after authentication for authorization. This token should be unique to the user, should expire after a set period of time, should be regenerated after authentication, and should be destroyed client and server side after a timeout or logout event. Authorization validates what the user should have access to. You can think of this as getting a keycard in a building. The keycard may grant you access to certain rooms, but there’s an additional check with each access. Authorization can fail in many different ways as well, including what we call vertical and horizontal authorization issues. Vertical authorization issues occur when an attacker can gain access to a system or asset that a user with a higher privilege controls such as an anonymous attacker gaining user privileges, or a user gaining administration privileges. Horizontal authorization issues occur when the system allows one user to access another user’s data. Authorization can be defined through users, roles, access controls or other methods, but it is critical that those systems are hardened from attack and well implemented. Remember, authentication and authorization are different issues and both must be accounted for in your threat model, architecture and development.