Concern of Web Application Security
•Als ODP, PDF herunterladen•
12 gefällt mir•6,285 views
A presentation about web application security
![Contents of presentation ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Empfohlen
Weitere ähnliche Inhalte
Was ist angesagt?
Was ist angesagt? (20)
Andere mochten auch
Andere mochten auch (20)
Ähnlich wie Concern of Web Application Security
Ähnlich wie Concern of Web Application Security (20)
Kürzlich hochgeladen
Kürzlich hochgeladen (20)
Concern of Web Application Security
- 1. Concern of Web Application Security ” First and foremost, you must realize and accept that any user-supplied data is inherently unreliable and can't be trusted.” Md. Mahmud Ahsan Zend Certified Engineer http://mahmudahsan.wordpress.com/ http://www.ftechdb.com/
- 6. Best Practice Basic Steps
- 8. Input filtering Filter input example: <?php $clean = array(); switch($_POST['color']){ case 'red': case 'green': case 'blue': $clean['color'] = $_POST['color']; break; } ?>
- 9. Input filtering Filter input example: <?php $clean = array(); switch($_POST['color']){ case 'red': case 'green': case 'blue': $clean['color'] = $_POST['color']; break; } ?> Initialize array for storing filter data
- 10. Input filtering Filter input example: <?php $clean = array(); switch($_POST['color']){ case 'red': case 'green': case 'blue': $clean['color'] = $_POST['color']; break; } ?> Use switch statement to filter sets
- 11. Input filtering Filter input example: <?php $clean = array(); switch($_POST['color']){ case 'red': case 'green': case 'blue': $clean['color'] = $_POST['color']; break; } ?> Create cases for the valid values
- 12. Input filtering Filter input example: <?php $clean = array(); switch($_POST['color']){ case 'red': case 'green': case 'blue': $clean['color'] = $_POST['color']; break; } ?> Color is definately valid so store in the array
- 13. Most common attacks Filter input example 2: <?php $clean = array(); if (ctype_alnum($_POST['username'])){ $clean['username'] = $_POST['username']; } ?>
- 14. Most common attacks Filter input example 2: <?php $clean = array(); if (ctype_alnum($_POST['username'])){ $clean['username'] = $_POST['username']; } ?> Create an array to store filtered data
- 15. Input filtering Filter input example 2: <?php $clean = array(); if (ctype_alnum($_POST['username'])){ $clean['username'] = $_POST['username']; } ?> Username must be alphanumeric
- 16. Input filtering Filter input example 2: <?php $clean = array(); if (ctype_alnum($_POST['username'])){ $clean['username'] = $_POST['username']; } ?> If username is alphanumeric store it in the array
- 19. Escaping Output Escaping output example: <?php $html = array(); $html['username'] = htmlentities($clean['username'], ENT_QUOTES); echo "<p>Welcome back, {$html['username']}.</p>"; ?>
- 20. Escaping Output Escaping output example: <?php $html = array(); $html['username'] = htmlentities($clean['username'], ENT_QUOTES); echo "<p>Welcome back, {$html['username']}.</p>"; ?> Initialize array for storing escaped data
- 21. Escaping Output Escaping output example: <?php $html = array(); $html['username'] = htmlentities($clean['username'], ENT_QUOTES); echo "<p>Welcome back, {$html['username']}.</p>"; ?> Escaped the filtered username and store in the array
- 22. Escaping Output Escaping output example: <?php $html = array(); $html['username'] = htmlentities($clean['username'], ENT_QUOTES); echo "<p>Welcome back, {$html['username']} .</p>"; ?> Send the filtered and escaped username to the client
- 23. Escaping Output Escaping output example 2: <?php $mysql = array(); $mysql['username'] = mysql_real_escape_string($clean['username']); $sql = "SELECT * FROM profile WHERE username = '{$mysql['username']}'"; $result = mysql_query($sql); ?>
- 24. Escaping Output Escaping output example 2: <?php $mysql = array(); $mysql['username'] = mysql_real_escape_string($clean['username']); $sql = "SELECT * FROM profile WHERE username = '{$mysql['username']}'"; $result = mysql_query($sql); ?> Initialize an array for storing escaped data
- 25. Escaping Output Escaping output example 2: <?php $mysql = array(); $mysql['username'] = mysql_real_escape_string($clean['username']); $sql = "SELECT * FROM profile WHERE username = '{$mysql['username']}'"; $result = mysql_query($sql); ?> Escaped the filter username and store it in the array
- 26. Escaping Output Escaping output example 2: <?php $mysql = array(); $mysql['username'] = mysql_real_escape_string($clean['username']); $sql = "SELECT * FROM profile WHERE username = '{$mysql['username']}' "; $result = mysql_query($sql); ?> Use the filtered and escaped username in the SQL query
- 27. Escaping Output Escaping output example 2: <?php $mysql = array(); $mysql['username'] = mysql_real_escape_string($clean['username']); $sql = "SELECT * FROM profile WHERE username = '{$mysql['username']}'"; $result = mysql_query($sql) ; ?> SQL Query is now safe
- 29. SQL Injection SQL Injection attacking example: http://example.com/db.php?id=0 http://example.com/db.php?id=0 ;DELETE%20FROM%20users <?php $id = $_GET['id']; // $id = 0;DELETE FROM users $result = mysql_query("SELECT * FROM users WHERE id={$id}"); SQL Inject code User table data destroyed
- 30. SQL Injection SQL Injection attacking example 2: <?php $query = "SELECT * FROM users WHERE user='{$_POST['username']}' AND password='{$_POST['password']}'"; mysql_query($query); //$_POST['username'] = 'manzil'; //$_POST['password'] = "' OR ''='"; echo $query; ?> output: SELECT * FROM users WHERE user='manzil' AND password='' OR ''='' SQL Inject code
- 31. SQL Injection SQL Injection Protection: <?php $name = mysql_real_escape_string($_POST['username']); $pass = mysql_real_escape_string($_POST['password']); $query = "SELECT * FROM users WHERE user='{$name}' AND password='{$pass}'"; mysql_query($query); ?>
- 32. Cross-Site Scripting What is XSS ? It is a popular attacking to web application as web application largely echo user input. <?php echo "<p>Welcome back, { $_GET['username'] }.</p>"; ?>
- 33. Cross-Site Scripting Attacking Example: <?php echo "<p>Welcome back, <script> ... </script> .</p>"; ?> XSS Attacking !!!
- 35. Cross-Site Scripting htmlentities(): <?php $name = $_GET['username']; // <script> ... </script> echo htmlentities($name, ENT_QUOTES) ; ?> output: <script> ... </script>
- 37. Session Hijacking Example of Session Fixation: http://example.org/login.php?PHPSESSID=1234 Prevention of Session Fixation: Use session_regenerate_id() whenever there is a change in the level of privilege: if ($authenticated) { $_SESSION['logged_in'] = TRUE; session_regenerate_id(); }
- 38. Session Hijacking Another session security technique: Compare the browser signature headers. <?php session_start(); $chk = @md5( $_SERVER['HTTP_ACCEPT_CHARSET'] . $_SERVER['HTTP_ACCEPT_ENCODING'] . $_SERVER['HTTP_ACCEPT_LANGUAGE'] . $_SERVER['HTTP_USER_AGENT']); if (empty($_SESSION)) $_SESSION['key'] = $chk; else if ( $_SESSION['key'] != $chk ) session_destroy(); ?>
- 40. Cross Site Request Forgeries What is CSRF? An attacker can send arbitrary HTTP requests from avictim. Because the requests originate from the victim, they can bypass traditional safeguards, including firewalls and access control.
- 45. Thank You