CS 371 Web Application Programming

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Nick Feamster CS 6262 Spring 2009
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Issues and Challenges in Cloud Computing
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Martin Kruliš by Martin Kruliš (v1.0)1.
PHP Security.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Prevent Cross-Site Scripting (XSS) attack
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks.
PHP2010/11 : [‹#›] PHP Security. PHP2010/11 : [‹#›] Two Golden Rules 1.FILTER external input Obvious.. $_POST, $_COOKIE, etc. Less obvious.. $_SERVER.
All Input is Evil (Part 1) Introduction Will not cover everything Healthy level of paranoia Use my DVD Swap Shop application (week 2)
SEC835 Runtime authentication Secure session management Secure use of cryptomaterials.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Form Handling IDIA 618 Fall 2014 Bridget M. Blodgett.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
© Copyright 2009 SSLPost 01. © Copyright 2009 SSLPost 02 a recipient is sent an encrypted that contains data specific to that recipient the data.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
INFO 344 Web Tools And Development CK Wang University of Washington Spring 2014.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
PHP: Further Skills 02 By Trevor Adams. Topics covered Persistence What is it? Why do we need it? Basic Persistence Hidden form fields Query strings Cookies.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Computer & Network Security
Group 18: Chris Hood Brett Poche
Module: Software Engineering of Web Applications
Building Secure ColdFusion Applications
CSCE 548 Student Presentation Ryan Labrador
CSE 154 Lecture 25: web security.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Cross-Site Scripting Travis Deyarmin.
Example – SQL Injection
PHP / MySQL Introduction
Security.
Security concerns of web applications with database access
CSE 154 Lecture 26: web security.
Amit Kulkarni February 17, 2004
PHP: Security issues FdSc Module 109 Server side scripting and
Web Systems Development (CSC-215)
Lecture 2 - SQL Injection
Security.
Lecture 26: Regular Expressions and Security
PHP Forms and Databases.
Protecting Against Common Web Application Vulnerabilities
Lecture 27 Security I April 4, 2018 Open news web sites.
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
CSc 337 Lecture 24: Security.
Presentation transcript:

CS 371 Web Application Programming Security Avoiding and Preventing Attacks CS 371 Web Application Programming

Overview Internet executing malicious code leaking information Hey, what could go wrong? server client Internet executing malicious code leaking information access to server resources helpful sites: http://www.w3.org/Security/faq/wwwsf4.html packet sniffing spoofing DOS attacks modifying client code session hijacking CS 371 Web Application Programming

Points of Risk data on server cookies transmission what data? how is it at risk? cookies sensitive data can be viewed or stolen transmission sniffing losing packets CS 371 Web Application Programming

CGI Scripts using both GET and POST allow intruders to view data scripts running on server may have limited permissions but still enough to send out password file view the network information maps create a login session CS 371 Web Application Programming

CGI Scripts (cont.) hidden variables session variables like text vars but not displayed on browser tempting to use to maintain state if used for things like price, can be altered session variables convenient but sessions can be hijacked provide for session time out to minimize risk if possible encrypt session ID CS 371 Web Application Programming

Logins keep track of session is it possible to replay the login? legitimate user logs in, purchases, logs out co-worker uses back button to purchase page and buys something else is it possible to replay the login? erase id and password fields create a random key for each login and use once CS 371 Web Application Programming

Security Attacks injection tampering XSS - cross site scripting sql command code tampering parameters cookies XSS - cross site scripting information gathering password cracking denial of service CS 371 Web Application Programming

SQL Injection php script has the following query: "SELECT * FROM user WHERE name=' " + $_POST['userName'] +" '; " what if user enters D'wan? …name = 'D'wan'; query will cause an error what if user enters me';show tables; ? what if user enters me';drop table user; ? practice site:http://jmchilton.net/blog/?p=23 CS 371 Web Application Programming

Command Injection assume server has recipe files (ravioli.txt) server script dumps requested recipes by shelling out the cat command: exec("cat ".$_POST['recipeName']."txt"); user enters tuna, it returns tuna.txt what if user enters tuna.txt;ls;cat steak ? CS 371 Web Application Programming

Code Injection server accepts text from users and displays it on page (like a guest book or comments) user enters 'good job <script> window.location.href="bad.place.com" </script>' In Google, when you enter a search string does that string show up on results page? hmmm CS 371 Web Application Programming

Variable Tampering in an HTML form: <input type="hidden" name="id" value="12"/> passed from one script to another users can't see but hackers can easily change in crawling web sites, they are easy to spot session variables are safer (as long as the session isn't hijacked) CS 371 Web Application Programming

Cookie Poisoning users can modify cookies say a web site stores something like a price or total of order user can change the amount and pay much less to combat this, many sites store only an encrypted session id in a cookie and everything else on the server CS 371 Web Application Programming

Cross Site Scripting (XSS) injecting a link or malicious code into a web site to collect information on user examples: http://www.bad.com/user.php?uname= <script>document.cookie;</script> C posts a link to site B (that has vulnerability). Then A clicks on link and it emails sensitive data back to C CS 371 Web Application Programming

Information Gathering Almost every web site has info leakage WHOIS – internet service registration crawling the web for email and other info CS 371 Web Application Programming

use of back button to reveal password Password Cracking use of back button to reveal password using known facts of user or common words (DOB, child name, maiden name, “123456”, city, college, “love”, “letmein”, … brute force attacks (onemansblog.com) 4 characters => 0.86 seconds 6 characters => 8.51 days 8 characters => 2.1 centuries Do you use the same password for many websites? CS 371 Web Application Programming

Denial of Service typical DOS attacks involve inundating servers with requests, but what about using client-side code to stymie user? how would you write a simple javascript snippet to annoy and block a user’s attempt to send a request? a javascript function to validate user input in a non-helpful and annoying way? CS 371 Web Application Programming

shelling out or executing code What to do scripts: keep in one folder use standard extensions (php, etc.) prefer compiled over interpreted be wary of third party scripts make no assumptions about which client-side scripts are making calls to server-side scripts shelling out or executing code don’t do it or minimize its use be cautious of commands to be shelled CS 371 Web Application Programming

avoid XSS by escaping user input What to do (cont) variables consider all to be tainted escape them – magic quotes or addslashes use javascript to validate variables but don’t rely on that alone – hackers can circumvent php make sure register_globals is off include files – use .php not .inc avoid XSS by escaping user input obfuscate: jerry<at>myplace<dot>com CS 371 Web Application Programming

Transport Layer Security (TSL) typical algorithms require a key that both parties know so if Alice and Bob want to communicate, how do they agree on a key? in public key encryption, a message encrypted with public key can only be decrypted by private key encrypt decrypt CS 371 Web Application Programming

Transport Layer Security (TSL) Simplified transmission Alice sends Bob a message to initiate Bob responds with public key Alice encrypts a random number with public key that only Bob can decrypt they agree on a key using random number Server must have a digital certificate registered with a trusted authority CS 371 Web Application Programming

web pages are … just documents (or scripts that produce documents) Web Crawling web pages are … just documents (or scripts that produce documents) a php script can open any url document, so it is only a matter of knowing the url using the DOM in php, a list of the links can quickly be identified start with one url, follow links to other urls using a DFS or BFS CS 371 Web Application Programming

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.