1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks 8-Packages 9- References
Is the degree of weakness which allows the attackers to gain access to system information Vulnerabities types: Technological TCP/IP Protocol(ARP, Session hijacking) OS Weakness Network equipment(routers/firewalls). Configuration Unsecured user accounts Easily user passwords Unsecured defaults settings for an application Misconfigured network devices Security policy Lack of written policy Software/Hardware installation and changes don’t follow the policy No Disaster recovery plain Software bugs
Black hats Individuals with computing skills Malicious / Destructive activities Known as Crackers White hats Individuals with hacking skills Defensive purposes Known as Security Analysts Gray hats Individuals who works Offensive and defensive Script kidy A user with no knowledge of hacking. Download hacking utilities to launch attakcs. Hacktivist Hacker with political motivations.
Passive attacks No traffic sent from attacker Difficult to detect Like packet capturing (Wireshark, Snooping ) Active attacks Traffic must be sent from attacker Easily to detect Can access classified information Modify data on a system
Reconnaissance Gain information about targeted victim hosts/networks Scanning Identifying active hosts/open ports Gaining access Logging in to the host/network Maintaining access Install a backdoor/root kit Covering tracks Trying to hide the attack from the administrator
No single access control ever implemented Multiple layers of access control provides a security in depth No single point of failure Firewalls Block unwanted traffic Direct incoming traffic to more trust internal hosts Log traffic from/to internal(Private) network Based on access policy which (Permit or Deny) Cryptography
IDS -Intrusion Detection System- Application layer firewall Host based/Network based Passive device Offline connectivity The detection based on signature DB.
IPS – Intrusion Prevention System - Application layer firewall Host based/Network based Active device Online connectivity
Store, process, and deliver HTML/JAVA Scripts pages to a client using Hypertext Transfer Protocol. This page may contains Text, Images, Scripts, Style sheets Web client/Web agent is a web browser, or a web crawler In 1989 by Tim Berners-Lee as a project to exchange information World’s first web server called CERN httpd Ran on NeXTSTEP Workstation.
HTTP Protocol based on HTTP request methods: GET: Request data from a resource Data pairs sent In the URL Can be cached Remains in browser history Can be bookmarked should never used when exchange sensitive data have length restrictions Should be used only to retrieve data POST: Submit data to be processed. Data pairs sent in the HTTP message body Never cached Do not remain in the browser history Cannot be bookmarked Have no restrictions There are also Head, Put, Delete, Options, Connect, but out of presentation scope Cookies are used to store data between pages in the client, and session files in the servers http://testasp.vulnweb.com/search.asp?id=1
SQL injection is a code injection technique, used to attack data-driven applications, in which malicious SQL statements are inserted into an entry field for execution. - Retrieve Data - Destroy Data - Change Data
1-SQL : Try to load a Course with ID 1 http://192.168.1.21/Secuirty/sql/id.php?id=1http://192.168.1.21/Secuirty/sql/id.php?id=1 2-SQL : Try with ID 2 http://192.168.1.21/Secuirty/sql/id.php?id=3-1http://192.168.1.21/Secuirty/sql/id.php?id=3-1 3-SQL: Combine with other tables: http://192.168.1.21/Secuirty/sql/id.php?id=1+union+Select+*+from+users 4-SQL: To retrieve the DB name: http://192.168.1.21/Secuirty/sql/id.php?id=1+union%20select+1,2,database()
Types of Cross Site Scripting Non-Persistent Persistent
In case of Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visit the link, the crafted code will get executed by the user’s browser.
In case of persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non-persistent attack. Here we will see how to hijack other user’s session by performing XSS