Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen.

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

Unit 02. ASP.NET Introduction HTML & Server controls Postbacks Page Lifecycle.
Webgoat.
PHP File Upload ISYS 475.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Types, exploitation, and prevention
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
Vulnerability Assessment Course Applications Assessment.
-Ajay Babu.D y5cs022.. Contents Who is hacker? History of hacking Types of hacking Do You Know? What do hackers do? - Some Examples on Web application.
Blackbox Reversing of XSS Filters Alexander Sotirov ekoparty 2008.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Authenticating Users in an ASP.NET Application. Web Site Administration Tool From VS 2008, click Website/ ASP.Net Configuration to open Web Site Administration.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
FILE UPLOADS CHAPTER 11. THE BASIC PROCESS 1.The HTML form displays the control to locate and upload a file 2.Upon form submission, the server first stores.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Web Security Overview Lohika ASC team 2009
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Session 11: Security with ASP.NET
Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Copyright Security-Assessment.com 2005 Exposing Web Vulnerabilities The State of Web Application Security by Nick von Dadelszen.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
CSC 2720 Building Web Applications Web Application Security.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
1.NET Web Forms Security Issues © 2002 by Jerry Post.
Copyright Security-Assessment.com 2004 Security-Assessment.com Hacking VoIP Is your Conversation confidential? by Nick von Dadelszen and Darren Bilby.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
OWASP Top Ten #1 Unvalidated Input. Agenda What is the OWASP Top 10? Where can I find it? What is Unvalidated Input? What environments are effected? How.
ASP.NET The Clock Project. The ASP.NET Clock Project The ASP.NET Clock Project is the topic of Chapter 23. By completing the clock project, you will learn.
Beyond negative security Signatures are not always enough Or Katz Trustwave ot.com/
October 3, 2008IMI Security Symposium Application Security through a Hacker’s Eyes James Walden Northern Kentucky University
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
An Intro to Webhackery Parisa Tabriz. How the web was born Stage 1 : Network Protocols Stage 2 : HTTP Stage 3 : Server Side Scripting Stage 4 : Client.
Useful Tips Disable Custom Errors in Web.Config HTML Doctype Folder Structure.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
OWASP Building Secure Web Applications And the OWASP top 10 vulnerabilities.
 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/18/2015.
Introduction of XSS:-- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
SECURE DEVELOPMENT. SEI CERT TOP 10 SECURE CODING PRACTICES Validate input Use strict compiler settings and resolve warnings Architect and design for.
Module: Software Engineering of Web Applications
Module: Software Engineering of Web Applications
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
TOPIC: Web Security (Part-4)
Session Variables and Post Back
HTML Level II (CyberAdvantage)
ASP.NET Module Subtitle.
Lecture 2 - SQL Injection
PHP Forms and Databases.
Presentation transcript:

Copyright Security-Assessment.com 2004 Security-Assessment.com Advances in Web Application Hacking by Nick von Dadelszen

Copyright Security-Assessment.com 2004 Security-Assessment.com Existing Web App Issues Cross-site Scripting SQL Injection Parameter Manipulation Session Management

Copyright Security-Assessment.com 2004 Security-Assessment.com New Ways To Exploit Existing Issues Most issues are still occurring due to incorrect INPUT VALIDATION! Even the vendors are not immune

Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 1 ASP has trouble handling Null bytes when using FileScripting Object Take the following HTML code: Your Picture:

Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 2 Form posts to the following ASP code: Public Sub Save(Path) Set objFSO = Server.CreateObject("Scripting.FileSystemObject") Set objFSOFile = objFSO.CreateTextFile(objFSO.BuildPath(Path, tFile + ".bmp")) ‘ Write the file contents objFSOFile.Close End Sub

Copyright Security-Assessment.com 2004 Security-Assessment.com Null Byte Upload 3 If the POSTED filename contains a NULL byte, the FileSystem object only uses the information up to the NULL byte to create the file nc.exe test.bmp creates nc.exe in file system Must use Proxy to change filename WebProxy Handles Hex natively

Copyright Security-Assessment.com 2004 Security-Assessment.com

Copyright Security-Assessment.com 2004 Security-Assessment.com.Net XSS Filtering Bypass 1 ASP.Net 1.1 contains request Validation Built-in validators allow out-of-the-box protection for XSS and SQL injection Unfortunately has an implementation flaw allowing bypass of the filters Validator bans all strings in the form of <letter Close tags are allowed

Copyright Security-Assessment.com 2004 Security-Assessment.com.Net XSS Filtering Bypass 2 Bypass performed by adding a NULL byte between the < and the letter foo.bar/test.asp?term= alert('Vulnerable') Validator no longer sees this as an invalid tag and allows it through Browsers disregard NULL bytes when parsing so HTML code is still run

Copyright Security-Assessment.com 2004 Security-Assessment.com.Net Authentication Bypass 1 ASP.Net provides built-in Forms-based authentication Web.config tells server which files and folders to require authentication The following in web.config protects the /secure directory

Copyright Security-Assessment.com 2004 Security-Assessment.com.Net Authentication Bypass 2 Request to the following page redirects to a login page – Using Mozilla the following request will provide the page unauthenticated – Using IE the following request will also provide the page unauthenticated –

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.