Presentation is loading. Please wait.

Presentation is loading. Please wait.

CS 371 Web Application Programming

Published byDonna Parks Modified over 6 years ago

Similar presentations

Presentation on theme: "CS 371 Web Application Programming"— Presentation transcript:

1 CS 371 Web Application Programming
Security Avoiding and Preventing Attacks CS 371 Web Application Programming

2 Overview Internet executing malicious code leaking information
Hey, what could go wrong? server client Internet executing malicious code leaking information access to server resources helpful sites: packet sniffing spoofing DOS attacks modifying client code session hijacking CS 371 Web Application Programming

3 Points of Risk data on server cookies transmission what data?
how is it at risk? cookies sensitive data can be viewed or stolen transmission sniffing losing packets CS 371 Web Application Programming

4 CGI Scripts using both GET and POST allow intruders to view data
scripts running on server may have limited permissions but still enough to send out password file view the network information maps create a login session CS 371 Web Application Programming

5 CGI Scripts (cont.) hidden variables session variables
like text vars but not displayed on browser tempting to use to maintain state if used for things like price, can be altered session variables convenient but sessions can be hijacked provide for session time out to minimize risk if possible encrypt session ID CS 371 Web Application Programming

6 Logins keep track of session is it possible to replay the login?
legitimate user logs in, purchases, logs out co-worker uses back button to purchase page and buys something else is it possible to replay the login? erase id and password fields create a random key for each login and use once CS 371 Web Application Programming

7 Security Attacks injection tampering XSS - cross site scripting
sql command code tampering parameters cookies XSS - cross site scripting information gathering password cracking denial of service CS 371 Web Application Programming

8 SQL Injection php script has the following query: "SELECT * FROM user WHERE name=' " + $_POST['userName'] +" '; " what if user enters D'wan? …name = 'D'wan'; query will cause an error what if user enters me';show tables; ? what if user enters me';drop table user; ? practice site: CS 371 Web Application Programming

9 Command Injection assume server has recipe files (ravioli.txt)
server script dumps requested recipes by shelling out the cat command: exec("cat ".$_POST['recipeName']."txt"); user enters tuna, it returns tuna.txt what if user enters tuna.txt;ls;cat steak ? CS 371 Web Application Programming

10 Code Injection server accepts text from users and displays it on page (like a guest book or comments) user enters 'good job <script> window.location.href="bad.place.com" </script>' In Google, when you enter a search string does that string show up on results page? hmmm CS 371 Web Application Programming

11 Variable Tampering in an HTML form:
<input type="hidden" name="id" value="12"/> passed from one script to another users can't see but hackers can easily change in crawling web sites, they are easy to spot session variables are safer (as long as the session isn't hijacked) CS 371 Web Application Programming

12 Cookie Poisoning users can modify cookies
say a web site stores something like a price or total of order user can change the amount and pay much less to combat this, many sites store only an encrypted session id in a cookie and everything else on the server CS 371 Web Application Programming

13 Cross Site Scripting (XSS)
injecting a link or malicious code into a web site to collect information on user examples: <script>document.cookie;</script> C posts a link to site B (that has vulnerability). Then A clicks on link and it s sensitive data back to C CS 371 Web Application Programming

14 Information Gathering
Almost every web site has info leakage WHOIS – internet service registration crawling the web for and other info CS 371 Web Application Programming

15 use of back button to reveal password
Password Cracking use of back button to reveal password using known facts of user or common words (DOB, child name, maiden name, “123456”, city, college, “love”, “letmein”, … brute force attacks (onemansblog.com) 4 characters => 0.86 seconds 6 characters => 8.51 days 8 characters => 2.1 centuries Do you use the same password for many websites? CS 371 Web Application Programming

16 Denial of Service typical DOS attacks involve inundating servers with requests, but what about using client-side code to stymie user? how would you write a simple javascript snippet to annoy and block a user’s attempt to send a request? a javascript function to validate user input in a non-helpful and annoying way? CS 371 Web Application Programming

17 shelling out or executing code
What to do scripts: keep in one folder use standard extensions (php, etc.) prefer compiled over interpreted be wary of third party scripts make no assumptions about which client-side scripts are making calls to server-side scripts shelling out or executing code don’t do it or minimize its use be cautious of commands to be shelled CS 371 Web Application Programming

18 avoid XSS by escaping user input
What to do (cont) variables consider all to be tainted escape them – magic quotes or addslashes use javascript to validate variables but don’t rely on that alone – hackers can circumvent php make sure register_globals is off include files – use .php not .inc avoid XSS by escaping user input obfuscate: jerry<at>myplace<dot>com CS 371 Web Application Programming

19 Transport Layer Security (TSL)
typical algorithms require a key that both parties know so if Alice and Bob want to communicate, how do they agree on a key? in public key encryption, a message encrypted with public key can only be decrypted by private key encrypt decrypt CS 371 Web Application Programming

20 Transport Layer Security (TSL)
Simplified transmission Alice sends Bob a message to initiate Bob responds with public key Alice encrypts a random number with public key that only Bob can decrypt they agree on a key using random number Server must have a digital certificate registered with a trusted authority CS 371 Web Application Programming

21 web pages are … just documents (or scripts that produce documents)
Web Crawling web pages are … just documents (or scripts that produce documents) a php script can open any url document, so it is only a matter of knowing the url using the DOM in php, a list of the links can quickly be identified start with one url, follow links to other urls using a DFS or BFS CS 371 Web Application Programming

Download ppt "CS 371 Web Application Programming"

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
9/9/2005 Developing Secure Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
PHP Security.

PHP Security.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.

Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Prevent Cross-Site Scripting (XSS) attack

Prevent Cross-Site Scripting (XSS) attack
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.

+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Similar presentations

Ads by Google