Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client and Server-Side Vulnerabilities Stephen Reese.

Similar presentations


Presentation on theme: "Client and Server-Side Vulnerabilities Stephen Reese."— Presentation transcript:

1 Client and Server-Side Vulnerabilities Stephen Reese

2 Pen Testing vs. Vuln Assessments Vulnerability Assessments Penetration Testing Maturity Levels Goals Expectations

3 Plug-ins are useful evil Dynamic Content Browser plug-in Mobile code Sandbox evasion

4 Java Security The byte code verifier The applet class loader The security manager Sandbox Limited network access Resource restrictions Signed verse Unsigned JAR files

5 Java Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework CVE <= JRE 7u21 <= JRE 6u45 <= JRE 5u45

6 Flash Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources Trusted No signed code*

7 Reader Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources

8 Internet Explorer Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework Recent 0-day CVE IE 6 – 11 IE 8 (target)

9 Java Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

10 IE Mitigations Patch Different Browser EMET Sandbox

11 Flash Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

12 Reader Mitigations Review the JavaScript controls and set as needed Review the attachment white and black lists Review multimedia restrictions Review settings for XObjects, 3D content, and Flash Protected Mode Protected View Enhanced Security Patch

13 SQLi SQL queries are run in an unsafe manner View and/or modify application data Escalate privileges Execute OS commands Demo Browser or a scanner Vulnerable Web App

14 SQLi Migations Filter input $id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); Encode output htmlentities() htmlspecialchars() strip_tags() addslashes()

15 Questions?

16 References _caret gearray unleashed/Meterpreter_Basics e_new_actively_exploited_java_vulnerability.html https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Pr oject


Download ppt "Client and Server-Side Vulnerabilities Stephen Reese."

Similar presentations


Ads by Google