We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byEliza Divine
Modified over 2 years ago
© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me
© 2008 Security Compass inc. Tom Aratyn –Software Developer at Security Compass –Developed the Exploit Me tools Who are we? 2
© 2008 Security Compass inc. Jamie –Security Consultant for Security Compass –Background in security research, penetration testing, and software development Who are we? 3
© 2008 Security Compass inc. Cross-site scripting, really a danger? State of web application security XSS-Me SQL Inject-Me Access Me Agenda 4
© 2008 Security Compass inc. We know XSS can be dangerous, but can we use it to rob a bank? –AJAX + CSRF + XSS = Major problem XSS – Really a Danger? 5
© 2008 Security Compass inc. Reflected –Spit back as soon as it goes in –XSS-Me helps here Stored –Saving it for someone else –XSS-Me future version Two Exciting Flavours 6
© 2008 Security Compass inc. AJAX is adding a new element into these attacks –AJAX was used in the IBDBank attack Attacker can play with data as if the victim is doing it –Send –Receive –Parse Someone Changed my App 8
© 2008 Security Compass inc. State of Web App Insecurity 9 Web app exploits outnumber buffer overflows in CVE Large portion of web apps suffer from XSS or SQL Injection
© 2008 Security Compass inc. Various tools exist –OWASP tools, commercial, Open Source Work very well –For what they were built to do Testing Tools 10
© 2008 Security Compass inc. Most tools not for developers or QA Developers and QA must be checking for security vulnerabilities Need lightweight tools The Missing Piece 11
© 2008 Security Compass inc. Firefox extension to test for cross-site scripting XSS-Me 0.4 to the Rescue 12
© 2008 Security Compass inc. Pick forms & fields to test Firefox 3 Import/export/add/remove XSS strings Test & Surf Heuristics to limit tests XSS-Me Features 13
© 2008 Security Compass inc. Checking all attacks against all fields is slow. –No, trust me, it’s slow Heuristic tests limit the fields we have to check by determining if we can inject them –Passes set of characters and checks if they’re returned (;\/<>=‘”) Heuristics? 14
© 2008 Security Compass inc. Attempts to set document.vulnerable=true into the DOM If property set, attack worked Also checks for plain text string, a potential vulnerability –OnMouseOver injection Behind the Magic 15
© 2008 Security Compass inc. Everyone says use Struts to protect yourself –Sure, just don’t follow the supplied examples Thank $deity for Struts 16
© 2008 Security Compass inc. Being Bobby 17 sql = “SELECT * FROM users WHERE username = ‘” & Request(“username”) & “’ AND password = '" & Request(“password”) & "'" User Input: username = jimmy password = blah’ OR ‘1’=‘1 SELECT * FROM users WHERE username = ‘jimmy’ AND password = ‘blah’ OR ‘1’=‘1’ Since “WHERE 1=1” is true for all records the entire table is returned! Courtesy XKCD.com
© 2008 Security Compass inc. Defence is well known and faster than what you’re doing now –Prepared Statements –Stored Procedure Ok, if you use exec in your procedure this is also vulnerable, but, you’re not doing that right? No Excuse 18
© 2008 Security Compass inc. Firefox extension to check for SQL injection SQL Inject-Me 0.4 19
© 2008 Security Compass inc. Pick what you test Configure attack and success strings Large default string set Firefox 3 Test & Surf SQL Inject-Me Features 20
© 2008 Security Compass inc. Web/application servers maybe vulnerable to HTTP Verb Tampering attacks Bypasses common authorization configurations What’s your method 21
© 2008 Security Compass inc. Access Me 0.2 22 Firefox extension to check for authentication issues
© 2008 Security Compass inc. Checks for unauthenticated access vulnerabilities Checks for HTTP verb vulnerabilities Regular expression based parameter detection Automatic test as you surf Access Me Features 23
© 2008 Security Compass inc. Detecting Access Vulnerabilities 24 Failed if response status is 200 and response too similar Warning if response status is 200 or response too similar
© 2008 Security Compass inc. Available off of our website –www.securitycompass.comwww.securitycompass.com Extra XSS-Me attack strings also available from site Open sourced under GPL v3 Where can you get ‘em 25
© 2008 Security Compass inc. May include –Spidering Stored attacks The Future... 26
© 2008 Security Compass inc. Lets have ‘em –firstname.lastname@example.org@securitycompass.com –email@example.com@securitycompass.comQuestions 27
Web Security Nick Feamster CS 6262 Spring Cross-Site Scripting Overview 2 Attack Server Server Victim User Victim visit web site receive malicious.
25 seconds left….. 24 seconds left….. 23 seconds left…..
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
ABC Technology Project Mrs. Kiddle. ABCs of Technology Word 1 Word 2 Word 3 Word 4 Word 5 Word 6 Word 7 Word 8 Word 9 Word 19 Word 20 Word 21 Word 22.
Jeopardy Topic 1Topic Q 1Q 6Q 11Q 16Q 21 Q 2Q 7Q 12Q 17Q 22 Q 3Q 8Q 13Q 18Q 23 Q 4Q 9Q 14Q 19Q 24 Q 5Q 10Q 15Q 20Q 25 Final Jeopardy.
SQL Injection Josh Mann. What is SQL Injection SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Cross-site Request Forgery (CSRF) Attacks Vijay Ganesh University of Waterloo Winter 2013.
©2007 First Wave Consulting, LLC A better way to do business. Period This is definitely NOT your father’s standard operating procedure.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
We will resume in: 25 Minutes We will resume in: 24 Minutes.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
SecuBat: An Automated Web Vulnerability Detection Framework Stefan Kals, Engin Kirda Christopher Kruegel and Nenad Jovanovic Secure Systems Lab Vienna.
HORIZONT 1 TWS/WebAdmin 3.1 HORIZONT Software for Datacenters Garmischer Str. 8 D München Tel ++49(0)89 / Web Interface.
Graphing AWR Data in Excel David Kurtz Go-Faster Consultancy Ltd.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Web Applications Testing By Jamie Rougvie Supported by.
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
1 NatQuery 3/05 An End-User Perspective On Using NatQuery To Extract Data From ADABAS Presented by Treehouse Software, Inc.
1 Chapter 1 The Study of Body Function Image PowerPoint Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Building Secure Web Applications With ASP.Net MVC.
CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.
XP New Perspectives on Microsoft Office Word 2003 Tutorial 9 1 Microsoft Office Word 2003 Tutorial 9 – Creating On-Screen Forms Using Advanced Table Techniques.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
My Alphabet Book 2 a b c d e f g h i j k l m n o p q r s t u v w x y z My name is Autumn and I work hard at school.
WEEK 1 You have 10 seconds to name…
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
Addition 1’s to
By Brian Vees. SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities.
PSSA Preparation. Question 1(no calculator) D Question 2 (no calculator)
© 2002 D & D Enterprises 1 Linking Images For Navigation & Clickable Image Maps.
Webgoat. Blame it on the Goat! Run through and solve all exercises This part is broken up into hour blocks
Chapter 5 Test Review Sections 5-1 through 5-4. Simplify each expression. 1)2) 3)4) 5) 6)
By Sean Rose and Erik Hazzard. SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Slide 10-1 Copyright © 2003 Pearson Education, Inc. Figure: Computer Science an overview EDITION 7 J. Glenn Brookshear.
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
Services Course Windows Live SkyDrive Participant Guide.
Copyright © 2008 Cengage Learning Understanding Generalist Practice, 5e, Kirst-Ashman/Hull 1.
Chapter 12 Working with Forms Principles of Web Design, 4 th Edition.
© 2017 SlidePlayer.com Inc. All rights reserved.