Presentation is loading. Please wait.

Presentation is loading. Please wait.

Web Applications on the battlefield Alain Abou Tass.

Published byEsmond Roberts Modified over 9 years ago

Similar presentations

Presentation on theme: "Web Applications on the battlefield Alain Abou Tass."— Presentation transcript:

1 Web Applications on the battlefield Alain Abou Tass

2 About me Security Consultancy at Ward Solutions Previously in Banking Security A couple of Masters degrees Ethical Hacker Involved in Penetration Testing Web Application a number of years.

3 Purpose Advanced attacks using known attack vectors. Combined Attacks using multiple attack vectors Not XSS, CSRF, SQL Injection, Parameter Tampering etc

4 Penetration testing Identifying vulnerabilities Reporting

5 Combined Attacks

6 Scenario 1: Bypassing Account Lockout Customer assumed no brute force due to account lockout policy (lock out after 5 attempts), and password requires 8 characters.

7 Username enumeration + weak password policy Account Registration: username - minimum 4 characters password – minimum 8 characters Login page: Account Lock out after 5 attempts Indication if user exists

8 Scenario 2 – Persistent compromise of corporate LAN using internal intranet XSS can be used to compromise a LAN even if application is not open to internet. Generally XSS on internal applications => not a high issue (e.g. intranet). Insert Java Script (XSS) to intranet using a CSRF attack.

9 Stored XSS and CSRF Logged in CSRF: Update profile and inject Java Script Attack Malicious Website Only available internally

10 Scenario 2 –Defeat anti-CSRF with XSS JS SpaceHero Worm “…but most of all, Samy is my hero”

11 Samy’s profile: Java script injected Get valid Anti-CSRF token - Add Samy as a friend - Update profile - Inject the same Java script 1 2 3 4 Samy

12 Scenario 3: SSRF SSRF - Server Side Request Forgery attacks. The ability to create requests from the vulnerable server to intra/internet. Method of targeting internal services Example

13 Scenario 4: XSPA (Cross Site Port Attack) XSPA (Type of SSRF)

14 Scan the intranet scan.php XSPA

15 Scenario 5: Open proxy (SSRF)

16 Scenario 6: Unrestricted file upload + local file inclusion

17 File Upload: Web Shell

18 ln –s /etc/passwd passwd

19 Other attacks The billion laughs vulnerability (XXE DOS) OS injection (ping) Second order XSS and SQLi WAF evasion Business logic flaws

20 Movies vs Real life

Download ppt "Web Applications on the battlefield Alain Abou Tass."

Similar presentations

Webgoat.

Webgoat.
Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.

Incident Handling & Log Analysis in a Web Driven World Manindra Kishore.
Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.

Closing the Gap: Analyzing the Limitations of Web Application Vulnerability Scanners David Shelly Randy Marchany Joseph Tront Virginia Polytechnic Institute.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.

Vulnerability, Attack, Defense Split Tunneling Cross-Site Request Forgery And You Mary Henthorn OIT Senior Technology Analyst February 8, 2007.
Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.

Path Cutter: Severing the Self-Propagation Path of XSS JavaScript Worms in Social Web Networks Yinzhi Cao, Vinod Yegneswaran, Phillip Porras, and Yan Chen.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
A NTI S AMY J AVA I NTRODUCTION Wang Wenjun June 2011.

A NTI S AMY J AVA I NTRODUCTION Wang Wenjun June 2011.
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)

EECS 354 Network Security Cross Site Scripting (XSS)
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Introduction to Web Application Security

Introduction to Web Application Security
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.

Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
MongoDB Sharding and its Threats

MongoDB Sharding and its Threats

Similar presentations

Ads by Google