Presentation is loading. Please wait.

Presentation is loading. Please wait.

School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks.

Published byViolet Dean Modified over 8 years ago

Similar presentations

Presentation on theme: "School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks."— Presentation transcript:

1 School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks

2 School of Computing and Information Systems CS 371 Web Application Programming Overview Interne t clie nt server executing malicious code leaking information access to server resources Hey, what could go wrong? packet sniffing spoofing DOS attacks modifying client code session hijacking

3 School of Computing and Information Systems CS 371 Web Application Programming Points of Risk data on server what data? how is it at risk? cookies sensitive data can be viewed or stolen transmission sniffing losing packets

4 School of Computing and Information Systems CS 371 Web Application Programming CGI Scripts using both GET and POST allow intruders to view data scripts running on server may have limited permissions but still enough to send out password file view the network information maps create a login session

5 School of Computing and Information Systems CS 371 Web Application Programming CGI Scripts (cont.) hidden variables like text vars but not displayed on browser tempting to use to maintain state if used for things like price, can be altered session variables convenient but sessions can be hijacked provide for session time out to minimize risk if possible encrypt session ID

6 School of Computing and Information Systems CS 371 Web Application Programming Logins keep track of session legitimate user logs in, purchases, logs out co-worker uses back button to purchase page and buys something else is it possible to replay the login? erase id and password fields create a random key for each login and use once

7 School of Computing and Information Systems CS 371 Web Application Programming Security Attacks injection sql command code tampering parameters cookies XSS - cross site scripting information gathering password cracking denial of service

8 School of Computing and Information Systems CS 371 Web Application Programming SQL Injection php script has the following query: "SELECT * FROM user WHERE name=' " + $_POST['userName'] +" '; " what if user enters D'wan? …name = 'D'wan'; query will cause an error what if user enters me';show tables; ? what if user enters me';drop table user; ? practice site:http://jmchilton.net/blog/?p=23http://jmchilton.net/blog/?p=23

9 School of Computing and Information Systems CS 371 Web Application Programming Command Injection assume server has recipe files (ravioli.txt) server script dumps requested recipes by shelling out the cat command: exec("cat ".$_POST['recipeName']."txt"); user enters tuna, it returns tuna.txt what if user enters tuna.txt;ls;cat steak ?

10 School of Computing and Information Systems CS 371 Web Application Programming Code Injection server accepts text from users and displays it on page (like a guest book or comments) user enters 'good job window.location.href="bad.place.com" ' In Google, when you enter a search string does that string show up on results page? hmmm

11 School of Computing and Information Systems CS 371 Web Application Programming Variable Tampering in an HTML form: passed from one script to another users can't see but hackers can easily change in crawling web sites, they are easy to spot session variables are safer (as long as the session isn't hijacked)

12 School of Computing and Information Systems CS 371 Web Application Programming Cookie Poisoning users can modify cookies say a web site stores something like a price or total of order user can change the amount and pay much less to combat this, many sites store only an encrypted session id in a cookie and everything else on the server

13 School of Computing and Information Systems CS 371 Web Application Programming Cross Site Scripting (XSS) injecting a link or malicious code into a web site to collect information on user examples: http://www.bad.com/user.php?uname= alert(document.cookie); C posts a link to site B (that has vulnerability). Then A clicks on link and it emails sensitive data back to C

14 School of Computing and Information Systems CS 371 Web Application Programming Information Gathering Almost every web site has info leakage WHOIS – internet service registration crawling the web for email and other info

15 School of Computing and Information Systems CS 371 Web Application Programming Password Cracking use of back button to reveal password using known facts of user or common words (DOB, child name, maiden name, “123456”, city, college, “love”, “letmein”, … brute force attacks (onemansblog.com) 4 characters => 0.86 seconds 6 characters => 8.51 days 8 characters => 2.1 centuries Do you use the same password for many websites?

16 School of Computing and Information Systems CS 371 Web Application Programming Denial of Service typical DOS attacks involve inundating servers with requests, but what about using client-side code to stymie user? how would you write a simple javascript snippet to annoy and block a user’s attempt to send a request? a javascript function to validate user input in a non-helpful and annoying way?

17 School of Computing and Information Systems CS 371 Web Application Programming What to do scripts: keep in one folder use standard extensions (php, etc.) prefer compiled over interpreted be wary of third party scripts make no assumptions about which client-side scripts are making calls to server-side scripts shelling out or executing code don’t do it or minimize it’s use be cautious of commands to be shelled

18 School of Computing and Information Systems CS 371 Web Application Programming What to do (cont) variables consider all to be tainted escape them – magic quotes or addslashes use javascript to validate variables but don’t rely on that alone – hackers can circumvent php make sure register_globals is off include files – use.php not.inc avoid XSS by escaping user input obfuscate: jerry myplace com

19 School of Computing and Information Systems CS 371 Web Application Programming Transport Layer Security (TSL) typical algorithms require a key that both parties know so if Alice and Bob want to communicate, how do they agree on a key? in public key encryption, a message encrypted with public key can only be decrypted by private key encrypt decrypt

20 School of Computing and Information Systems CS 371 Web Application Programming Transport Layer Security (TSL) Simplified transmission Alice sends Bob a message to initiate Bob responds with public key Alice encrypts a random number with public key that only Bob can decrypt they agree on a key using random number Server must have a digital certificate registered with a trusted authority

21 School of Computing and Information Systems CS 371 Web Application Programming Web Crawling web pages are … just documents (or scripts that produce documents) a php script can open any url document, so it is only a matter of knowing the url using the DOM in php, a list of the links can quickly be identified start with one url, follow links to other urls using a DFS or BFS

Download ppt "School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks."

Similar presentations

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.

PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.

COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
9/9/2005 Developing Secure Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.

9/9/2005 Developing "Secure" Web Applications 1 Methods & Concepts for Developing “Secure” Web Applications Peter Y. Hammond, Developer Wasatch Front Regional.
Hacking Presented By :KUMAR ANAND SINGH 04-243,ETC/2008.

Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
Security Issues and Challenges in Cloud Computing

Security Issues and Challenges in Cloud Computing
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.

 Key exchange o Kerberos o Digital certificates  Certificate authority structure o PGP, hierarchical model  Recovery from exposed keys o Revocation.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.

Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.

Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Chapter 6: Hostile Code Guide to Computer Network Security.

Chapter 6: Hostile Code Guide to Computer Network Security.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
PHP Security.

PHP Security.

Similar presentations

Ads by Google