Presentation is loading. Please wait.

Presentation is loading. Please wait.

Client and Server-Side Vulnerabilities Stephen Reese.

Published byAna Afton Modified over 9 years ago

Similar presentations

Presentation on theme: "Client and Server-Side Vulnerabilities Stephen Reese."— Presentation transcript:

1 Client and Server-Side Vulnerabilities Stephen Reese

2 Pen Testing vs. Vuln Assessments Vulnerability Assessments Penetration Testing Maturity Levels Goals Expectations

3 Plug-ins are useful evil Dynamic Content Browser plug-in Mobile code Sandbox evasion

4 Java Security The byte code verifier The applet class loader The security manager Sandbox Limited network access Resource restrictions Signed verse Unsigned JAR files

5 Java Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework CVE-2013-2465 <= JRE 7u21 <= JRE 6u45 <= JRE 5u45

6 Flash Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources Trusted No signed code*

7 Reader Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources

8 Internet Explorer Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework Recent 0-day CVE-2013-3893 IE 6 – 11 IE 8 (target)

9 Java Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

10 IE Mitigations Patch Different Browser EMET Sandbox

11 Flash Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

12 Reader Mitigations Review the JavaScript controls and set as needed Review the attachment white and black lists Review multimedia restrictions Review settings for XObjects, 3D content, and Flash Protected Mode Protected View Enhanced Security Patch

13 SQLi SQL queries are run in an unsafe manner View and/or modify application data Escalate privileges Execute OS commands Demo Browser or a scanner Vulnerable Web App

14 SQLi Migations Filter input $id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); Encode output htmlentities() htmlspecialchars() strip_tags() addslashes()

15 Questions?

16 References http://www.rapid7.com/db/modules/exploit/windows/browser/ms13_069 _caret http://www.rapid7.com/db/modules/exploit/multi/browser/java_storeima gearray http://www.offensive-security.com/metasploit- unleashed/Meterpreter_Basics http://www.pcworld.com/article/261562/six_ways_to_protect_against_th e_new_actively_exploited_java_vulnerability.html https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Pr oject http://caffeinept.blogspot.com/2012/01/dvwa-sql-injection.html http://samiux.blogspot.com/2013/08/howto-dvwa-sql-injection.html

Download ppt "Client and Server-Side Vulnerabilities Stephen Reese."

Similar presentations

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.

Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.
Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.
Endpoint security via Application sandboxing and virtualization: Past, present, future Rafal Wojtczuk

Endpoint security via Application sandboxing and virtualization: Past, present, future Rafal Wojtczuk
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Armitage and Metasploit Penetration Testing Lab

Armitage and Metasploit Penetration Testing Lab
Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee 2007. 04. 23.

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee
Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.
Information for Developers Windows XP Service Pack 2 Information for Developers.

Information for Developers Windows XP Service Pack 2 Information for Developers.
Computer Security and Penetration Testing

Computer Security and Penetration Testing
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.

Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.
To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.
Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.
To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Similar presentations

Ads by Google