Client and Server-Side Vulnerabilities Stephen Reese.

Slides:

Advertisements

Similar presentations

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

Advertisements

Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.

Slide Heading Seminar Series: Managing IT Risk In 2010 Understanding End User Attack Vectors Brian Judd, CISSP SynerComm January 20, 2009.

Update your Software or Die! Wolfgang Kandek Qualys, Inc. RMISC 2012 Denver - May 18, 2012.

Endpoint security via Application sandboxing and virtualization: Past, present, future Rafal Wojtczuk

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Armitage and Metasploit Penetration Testing Lab

Mobile Code Security Aviel D. Rubin, Daniel E. Geer, Jr. MOBILE CODE SECURITY, IEEE Internet Computing, 1998 Minkyu Lee

Microsoft Windows XP SP2 Urs P. Küderli Strategic Security Advisor Microsoft Schweiz GmbH.

Server-Side vs. Client-Side Scripting Languages

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

CSCI 530L Vulnerability Assessment. Process of identifying vulnerabilities that exist in a computer system Has many similarities to risk assessment Four.

Information for Developers Windows XP Service Pack 2 Information for Developers.

Computer Security and Penetration Testing

Chapter 4 Application Security Knowledge and Test Prep

Browser Exploitation Framework (BeEF) Lab

Define objects and their relationships to multimedia Explain the fundamentals of C, C++, Java, JavaScript, JScript, C#, ActiveX and VBScript Discuss security.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Windows XP Service Pack 2 and the Microsoft Virtual Machine: Developer Implications Rudi Larno Developer & Platform Group Microsoft BeLux.

To receive our video stream in Live Meeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

2851A_C01. Microsoft Windows XP Service Pack 2 Security Technologies Bruce Cowper IT Pro Advisor Microsoft Canada.

Dennis  Application Security Specialist  WhiteHat Security  Full-Time Student  University of Houston – Main Campus ▪ Computer.

W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.

Introduction to Java CSIS 3701: Advanced Object Oriented Programming.

Information for Developers Windows XP Service Pack 2 Information for Developers Tony Goodhew Product manager Developer Division Microsoft Corp

Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.

To receive our video stream in LiveMeeting: - Click on “Voice & Video” - Click the drop down next to the camera icon - Select “Show Main Video” Dial-in.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

MIS Week 5 Site:

© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.

Open Web App. Purpose To explain Open Web Apps To explain Open Web Apps To demonstrate some opportunities for a small business with this technology To.

IST 210 Web Application Security. IST 210 Introduction Security is a process of authenticating users and controlling what a user can see or do.

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

3-Protecting Systems Dr. John P. Abraham Professor UTPA.

Cosc 4010 Sandboxing. Last lecture Last time, we covered chroot, which is a method to "sandbox" a problem. –Not full proof by any means. Many simple mistakes.

1 © 2004, Cisco Systems, Inc. All rights reserved. CISCO CONFIDENTIAL Using Internet Explorer 7.0 to Access Cisco Unity 5.0(1) Web Interfaces Unity 5.0(1)

Client Side Vulnerabilities Aka, The Perils of HTTP Lesson 14.

Basic Security: Java vs.NET Master Seminar Advanced Software Engineering Topics Prof. Jacques Pasquier-Rocha Software Engineering Group Department of Informatics.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.

Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.

Semantics for Cybersecurity and Privacy Tim Finin, UMBC Joint work with Anupam Joshi, Karuna Joshi, Zareen Syed andmany UMBC graduate students

CSE 4481 Computer Security Lab Mark Shtern. INTRODUCTION.

Web Automation Testing With Selenium By Rajesh Kanade.

1 MSCS 237 Overview of web technologies (A specific type of distributed systems)

Copyright © cs-tutorial.com. Overview Introduction Architecture Implementation Evaluation.

Web Pages with Features. Features on Web Pages Interactive Pages –Shows current date, get server’s IP, interactive quizzes Processing Forms –Serach a.

PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Module 5 : Security I Jong S. Bok

Wireless and Mobile Security

Mantra – Security Framework Free and Open Source Browser based Security Framework.

3/5/2002e-business and Information Systems1 Java Java Java Virtual Machine (JVM) Java Application Program Interface (API) HW Kernel API Application Programs.

Mark Shtern.  Our life depends on computer systems  Traffic control  Banking  Medical equipment  Internet  Social networks  Growing number of.

1 Figure 9-3: Webserver and E-Commerce Security Browser Attacks  Take over a client via the browser Interesting information on the client Can use browser.

JMU GenCyber Boot Camp Summer, “Canned” Exploits For many known vulnerabilities attackers do not have to write their own exploit code Many repositories.

Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.

Vulnerabilities in Operating Systems Michael Gaydeski COSC December 2008.

Windows Vista Configuration MCTS : Internet Explorer 7.0.

Andrés Riancho ariancho cybsec.com w3af – A framework to own the Web CanSecWest 2008 Vancouver, Canada.

How to replace Java (signed) applets Matija Tomašković | Evolva

Web Application Security

SY0-401 Exam Dumps CompTIA Security+ Certification Exam

World Wide Web policy.

Network Exploitation Tool

7/23/2018 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

Metasploit a one-stop hack shop

Mobile Pen Testing w/ drozer

Implementing Client Security on Windows 2000 and Windows XP Level 150

Security+ All-In-One Edition Chapter 15 – Web Components

Presentation transcript:

Client and Server-Side Vulnerabilities Stephen Reese

Pen Testing vs. Vuln Assessments Vulnerability Assessments Penetration Testing Maturity Levels Goals Expectations

Plug-ins are useful evil Dynamic Content Browser plug-in Mobile code Sandbox evasion

Java Security The byte code verifier The applet class loader The security manager Sandbox Limited network access Resource restrictions Signed verse Unsigned JAR files

Java Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework CVE <= JRE 7u21 <= JRE 6u45 <= JRE 5u45

Flash Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources Trusted No signed code*

Reader Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources

Internet Explorer Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework Recent 0-day CVE IE 6 – 11 IE 8 (target)

Java Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

IE Mitigations Patch Different Browser EMET Sandbox

Flash Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall

Reader Mitigations Review the JavaScript controls and set as needed Review the attachment white and black lists Review multimedia restrictions Review settings for XObjects, 3D content, and Flash Protected Mode Protected View Enhanced Security Patch

SQLi SQL queries are run in an unsafe manner View and/or modify application data Escalate privileges Execute OS commands Demo Browser or a scanner Vulnerable Web App

SQLi Migations Filter input $id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); Encode output htmlentities() htmlspecialchars() strip_tags() addslashes()

Questions?

References _caret gearray unleashed/Meterpreter_Basics e_new_actively_exploited_java_vulnerability.html oject