Web application security

Slides:



Advertisements
Similar presentations
The Web Wizards Guide to Freeware/Shareware Chapter Four Essential Tools for Web Page Authors.
Advertisements

Office Links - Sharing Data in Microsoft Office A Mixed Bag of Treasures Chester N. Barkan Registrar Long Island University, C.W.Post Campus.
Conference-CD phdcc: PHD Computer Consultants Ltd CD Format Layout of CDs produced by Conference-CD What folders are on the CD How to use templates to.
Online Collaboration Applications ADE100- Computer Literacy Lecture 28.
Servlets and a little bit of Web Services Russell Beale.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
EValid Getting Started. Agenda Introduction to eValid First experience of using eValid Recording and Site Analysis in eValid.
The front door of the OACIS site includes: 1.General information 2.Funding information – active links concerning TICFIA 3.Contact links 4.Quick links –
Python and Web Programming
SiS Technical Training Development Track Technical Training(s) Day 1 – Day 2.
Using Entities & Creating Forms Jill R. Sommer Institute for Applied Linguistics Kent State University.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
1 Open a Lotus Notes Database in the Lotus Notes Client.
Installing Ricoh Driver. Items you need to know IP address of Printer Options that are installed And Paper Sizes To get all this information you can print.
 What I hate about you things people often do that hurt their Web site’s chances with search engines.
Christopher M. Pascucci Basic Structural Concepts of.NET Browser – Server Interaction.
Sen Wang 11/17/2011.  RFC  “Form-based File Upload in HTML” NOV 1995 
March 14, Microsoft Microsoft officially announced the date and time that Internet Explorer 9 (IE9) will move away from a release candidate and.
PLUG INS flash, quicktime, java applets, etc. Browser Plug-ins Netscape wanted a method to extend features of the browser became an unofficial standard.
Ori Calvo, 2010 “If people want to have maximum reach across *all* devices then HTML will provide the broadest reach” Scott Guthrie,
Classroom User Training June 29, 2005 Presented by:
Prevent Cross-Site Scripting (XSS) attack
© 2011 Delmar, Cengage Learning Chapter 9 Collecting Data with Forms.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
1 Chapter 2 & Chapter 4 §Browsers. 2 Terms §Software §Program §Application.
Using Technology Tools in the Classroom to Actively Engage Students in the Learning Process By Mrs. Teresa Jackson Dutchtown High School Follow me on twitter.
Publish Calendars to the Web. CCUweb Presentation (10 Minutes) 1 Demonstration of published calendars (10 minutes) 2 Demonstration of importing calendar.
Instant Messaging for the Workplace A pure collaborative communication tool that does not distract users from their normal activities.
Web site Development Utilizing Microsoft FrontPage Alexis M. Schilling.
Great Leads for the Savvy Sales Whiz A MINT Skills Workshop Professional Development Institute February 3, 2004.
1 IE in the Classroom The Internet Explorer Web Browser EDW647 Internet for Educators Roger Webster, Ph.D. Millersville University Department of Computer.
Marcel Casado NCAR/RAP WEATHER WARNING TOOL NCAR.
Creating Multimedia Interaction with Windows Media Technologies 7.
Ruby on Rails Your first app. Rails files app/ Contains the controllers, models, views and assets for your application. You’ll focus on this folder for.
Week seven CIT 354 Internet II. 2 Objectives Database_Driven User Authentication Using Cookies Session Basics Summary Homework and Project 2.
4 Copyright © 2004, Oracle. All rights reserved. Creating a Basic Form Module.
1 After completing this lesson, you will be able to: Transfer your files to the Internet. Choose a method for posting your Web pages. Use Microsoft’s My.
Google More than a Search Engine Presented By Cheryl Capozzoli.
STATE MANAGEMENT.  Web Applications are based on stateless HTTP protocol which does not retain any information about user requests  The concept of state.
Intro to PHP IST2101. Review: HTML & Tags 2IST210.
PLUG INS flash, quicktime, java applets, etc. Browser Plug-ins Netscape wanted a method to extend features of the browser became an unofficial standard.
Reading Flash. Training target: Read the following reading materials and use the reading skills mentioned in the passages above. You may also choose some.
Www2.computer.org Web Publishing Training Leo Wadsworth, Staff Manager April 2008.
Implementing and Using the SIRWEB Interface Setup of the CGI script and web procfile Connecting to your database using HTML Retrieving data using the CGI.
Web Technologies Lecture 3 Web forms. HTML5 forms A component of a webpage that has form controls – Text fields – Buttons – Checkboxes – Range controls.
Form Processing Week Four. Form Processing Concepts The principal tool used to process Web forms stored on UNIX servers is a CGI (Common Gateway Interface)
New Communication Platform of Our Class.
MashupAds Lesson 1: Making a One-Way Widget Example: AT&T Store Locator Widget.
HINDU STYLE PORTFOLIO TEMPLATE
SERVER web page repository WEB PAGE instructions stores information and instructions BROWSER retrieves web page and follows instructions Server Web Server.
François Briard GS-AIS-HR Database Developers Forum, APEX 6th May 2014 APEX Mobile Application Development 101.
CHAPTER 7 LESSON C Creating Database Reports. Lesson C Objectives  Display image data in a report  Manually create queries and data links  Create summary.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
By: Chuqing He. Android Overview - Purchased by Google in First Android Phone was sold in Oct Linux-based - Holds 75% of the worldwide.
111 State Management Beginning ASP.NET in C# and VB Chapter 4 Pages
Jim Fawcett CSE686 – Internet Programming Spring 2014
Weebly Elements, Continued
Unit 7 Learning Objectives
Weebly Elements, Continued
ASP MVP Web applications and Razor
Ready to discover a new way to learn the guitar?
Part 2 Setting up a web server the easy way
Create Links to STAT!Ref for your Web site
Web Browser server client 3-Tier Architecture Apache web server PHP
Web Systems Development (CSC-215)
Part 2 Setting up a web server the easy way
XML Problems and Solutions
Intro to Programming (in JavaScript)
Presentation transcript:

Web application security

 Web security tools that are on the web  Goals Save time Build a clean interface (Based on JQuery) Accessible anywhere Help other pen-testers  Limitations Optimized for IE for now (personal project)

 CSRF POC Helper  What does it do? Automates x-domain post via link Linked page auto-submits form to make x-domain post.  Why? Demonstrates CSRF in POST just as dangerous as GET.

 Web Text Converter  What does it do? Generates Encoded Payloads  Why? Save time! Accessible! Encoders supports:  Various base entity encoding  Url encoding  Various base script encoding  Base 64 encoding  Obfuscated Ascii encoding  Regular UTF-7  Comprehensive UTF-7

 Heap Spray Wizard  What does it do? Sprays your heap with default payload to run calc.exe or provide your own shellcode.  Why? Meant to be used with AX tools Configure how much heap memory you want to spray. Makes it one click process to spray with working payload

 Html Test Tool  What does it do? Render various content in the browser using arbitrary content- type.  Why? Different browsers treat different mime-types differently. Browsers sniff based on content- type. Flirting with mime-type paper by Blake Frantz. Great paper. Sanity check mime-type behavior.

 Web Bug Tool  What does it do? Creates temporary web bug. Record hits to a page.  Why? Save time reusing web bug.

 Online Strings  What does it do? Extract out unicode and ascii strings from binary files.  Why? Quick and accessible. Thought it was cool :-P

 Makes it one click operation to map  Again it’s available anywhere with web access.  Nothing surprising but fun tool  Lesson: Don’t share photos taken with phone! j/k

 View State Decoder  What does it do? Allows you to peek inside what’s inside ViewState data.  Why? Demystifies content of viewstate Allows you to see a tree view of all the property values in viewstate Any server side sensitive info inside? Any questionable property being stored?

 Feel free to use it for authorized pen- testing.  Over 20+ tools (including bookmarklets)  If you have tools you’d like to see online please shoot me a mail.  Thanks!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.