Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Webgoat.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
Cookies, Sessions. Server Side Includes You can insert the content of one file into another file before the server executes it, with the require() function.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Bypassing Client-Side Protection CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
1 Configuring Internet- related services (April 22, 2015) © Abdou Illia, Spring 2015.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
1 Configuring Web services (Week 15, Monday 4/17/2006) © Abdou Illia, Spring 2006.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
A Security Analysis of the PHP language By Jonas Heineson Mattias Österberg.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
Chapter 4 Application Security Knowledge and Test Prep
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Designing Security In Web Applications Andrew Tomkowiak 10/8/2013 UW-Platteville Software Engineering Department
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Web-based Document Management System By Group 3 Xinyi Dong Matthew Downs Joshua Ferguson Sriram Gopinath Sayan Kole.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Martin Kruliš by Martin Kruliš (v1.0)1.
CHAPTER 12 COOKIES AND SESSIONS. INTRO HTTP is a stateless technology Each page rendered by a browser is unrelated to other pages – even if they are from.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Prevent Cross-Site Scripting (XSS) attack
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
A Security Review Process for Existing Software Applications
© All rights reserved. Zend Technologies, Inc. PHP Security Kevin Schroeder Zend Technologies.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Lecture 8 – Cookies & Sessions SFDV3011 – Advanced Web Development 1.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
nd Joint Workshop between Security Research Labs in JAPAN and KOREA Marking Scheme for Semantic- aware Web Application Security HPC.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Web Database Programming Week 7 Session Management & Authentication.
Chapter 16 The World Wide Web. FIGURE 16.0.F01: A very, very simple Web page. Courtesy of Dr. Richard Smith.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Security Issues with PHP  PHP installation  PHP programming Willa Zhu & Eugene Burger.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Defending Applications Against Command Insertion Attacks Penn State Web Conference 2003 Arthur C. Jones June 18, 2003.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
ASP.NET 2.0 Security Alex Mackman CM Group Ltd
WEB SECURITY WEEK 1 Computer Security Group University of Texas at Dallas.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Group 18: Chris Hood Brett Poche
Building Secure ColdFusion Applications
World Wide Web policy.
A Security Review Process for Existing Software Applications
Configuring Internet-related services
Lecture 2 - SQL Injection
WWW安全 國立暨南國際大學 資訊管理學系 陳彥錚.
Presentation transcript:

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

Top 5 ● Top 5 vulnerabilities (src: shtml?tid=78&tid=48) – SQL insertion – Cross Site Scripting (CSS/XSS) – Session management – Default/misconfigurations – Dangerous HTTP methods

SQL insertion ● Problem: Trusting input from client, and passing it on to a SQL server. ● E.g. : SELECT userid FROM tblusers WHERE user = ‘bleh’; EXEC master..xp_cmdshell “cmd.exe /c …”;-- ‘ AND pass = ‘password’

SQL insertion Form fields, URL parameters, cookies, and HTTP headers are all valid input vectors. Solution: Define acceptable data and make it as restrictive as possible. If input data is invalid then it should be rejected.

Cross Site Scripting ● Problem: a Web application accepts scripting commands as input, and returns them. – The script seems to appear to originate from the vulnerable server, which the user trusts, and gives it access to all the user's cookie and session information. ● Example: alert() ● Solution: Do not reflect values obtained as input back to the browser.

Session management problems ● Problem: the state between your browser and the Web site. – Used to track who are logged in and their access privileges. ● Attackers can access restricted pages without proper authorization, or manipulate session variables to gain access to other users' accounts. – e.g. manipulating parameters in the URL

Session management problems ● Sessions should always be maintained on the server side. – Don't trust cookies and client-side session values – Always use a strong unique identifier instead of an integer, address or account number/name. ● Check for a valid session on each restricted access page whenever the page is requested.

Session management problems ● javascript shopping carts – price is often embedded in html code – 3. party money collector – it is possible to change the price (get stuff cheaper...)

Default/misconfigurations (Sample apps/dir listings) ● configuration and installation problems. ● provides an attacker with a starting point for breaking into the server: – sample applications that are installed by default – directory listings and permissions – default software features and configurations – log and swap files

Default/misconfigurations ● Sample applications that are installed by default can contain information. ● Disclosing scripts that may reveal Web site source code. ● Directory listings can reveal files. ● Default software features may have exploitable bugs. ● Log files and swap files can be left over from developers editing Web application pages.

Dangerous HTTP commands ● PUT, DELETE, WebDAV ● PUT: upload a script ● DELETE: delete all the content of a site – DoS ● WebDAV: methods have been used to perform buffer overflows on Windows servers.

Dangerous HTTP commands cont. ● To test the PUT method, use a tool like curl to attempt a file upload: curl -T test.html – try to access the file ● To test the DELETE method, telnet to the Web server and issue the command: DELETE / HTTP/1.0

Conclusion ● Security problems are caused by errors: – configuration errors – programming errors – misplaced trust (e.g. in user input) ● Cryptography is failing to protect – or.. not the final answer ● Awareness and theaching

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.