Presentation is loading. Please wait.

Presentation is loading. Please wait.

Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual.

Published byAmbrose Simmons Modified over 8 years ago

Similar presentations

Presentation on theme: "Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual."— Presentation transcript:

1 Lesson 15 Client Side Vulnerabilities and you

2 Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual Basic Script (VBS) Provides: –State –Backend data base access –Generally display HTML in Browser

3 ASP (2) Pros: – Ability to Output HTML file on the fly Con – Numerous Vulnerabilities that allow attackers to view ASP code itself -- Attackers can learn further vulnerabilities in program logic -- Attackers can view sensitive info

4 ASP (3) Con Numerous Vulnerabilities that allow attackers to view ASP code itself – Attackers can learn further vulnerabilities in program logic – Attackers can view sensitive info

5 Well Known Vulnerabilities ASP DOT Bug Vulnerability (IIS 3.0) http://127.134.10.1/scripts/myexample.asp. –Allowed hacker to view ASP source code –Now patched –Patch intoduced new vulnerabilities http://127.134.10.1/scripts/myexample%2easp

6 Well Known Vulnerabilities(2) ASP Alternate Data Streams (IIS 3.0) http://127.134.10.1/scripts/myexample.asp::$data –Allowed file download –Limit file access rights of all source code by removing read access of the Everyone Group –Only allow execute permission

7 Well Known Vulnerabilities(3) Show code.asp Vulnerability (IIS 4.0) http://127.134.10.1/mscode/samples/SELECTOR/showco de.asp?source=/../../../../../boot.ini Script did not restrict use of “..” Allows Hacker to download files In this example Hacker Views Boot.ini file Applying hot fix corrected the problem

8 Well Known Vulnerabilities(4) Codebrws.asp Vulnerability (IIS 4.0) http://127.134.10.1/iissamples/exair/howitworks/codebrw s.asp?source=/../../../../../winnt/repair/setup.log Allows Hacker to View any file on target system Applying hot fix corrected the problem

9 Managing Your Security IE Configuration Very Flexibile Checking WWW Page Certificates –File Properties IE TOOLs--Internet Options –Advanced –Security –Content

10 MS Advanced Options Can Set SSL/TLS Options Warn About Invalid Digital Certificates Warn on form submission redirection Much More just see >>>>>>>

11

12 Using File Properties Allows User to Check on Web Page properties Allows User to verify Digital Certificates Allows User to verify encryption

13

14

15

16 MS Internet Security Zones Next Series of Slide Shows You How User (Client) can select the security they desire while interacting on the Internet.

17

18

19

20 MS Internet Content Next Series of Slide Shows You Can Manage Digital Certificates on your home computer

21

22

23

24

25 Checking Your Open Ports

26

27 Checking Your IP Configuration

28

29

30 SUMMARY Client Side Security is Your Responsibility Do not be afraid to experiment

Download ppt "Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual."

Similar presentations

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.

1 Copyright © 2002 Pearson Education, Inc.. 2 Chapter 1 Introduction to Perl and CGI.
Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 11: Advanced Web Technologies.

Copyright © 2004 ProsoftTraining, All Rights Reserved. Lesson 11: Advanced Web Technologies.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Internet Security Protocols

Internet Security Protocols
1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.

1 Web Servers / Deployment Alastair Dawes Original by Bhupinder Reehal.
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.

1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
Languages for Dynamic Web Documents

Languages for Dynamic Web Documents
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.

ASP Tutorial. What is ASP? ASP (Active Server Pages) is a Microsoft technology that enables you to make dynamic and interactive web pages. –ASP usually.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.

1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
CGIWrap CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server.

CGIWrap CGIWrap is a gateway program that allows general users to use CGI scripts and HTML forms without compromising the security of the http server.
Introduction to Web Base Multimedia Application. Web base application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Base Multimedia Application. Web base application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.

Introduction to Web Based Application. Web-based application TCP/IP (HTTP) protocol Using WWW technology & software Distributed environment.
Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.

Active Server Pages Chapter 1. Introduction Understand how browsers and servers interacted when the Web was young Understand what early Internet and intranet.
1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.

1 CS6320 – Why Servlets? L. Grewe 2 What is a Servlet? Servlets are Java programs that can be run dynamically from a Web Server Servlets are Java programs.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
MCDST 70-271: Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.

MCDST : Supporting Users and Troubleshooting a Microsoft Windows XP Operating System Chapter 15: Internet Explorer and Remote Connectivity Tools.
CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.

CGI Programming: Part 1. What is CGI? CGI = Common Gateway Interface Provides a standardized way for web browsers to: –Call programs on a server. –Pass.
Creating Web Page Forms

Creating Web Page Forms

Similar presentations

Ads by Google