Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to Information Security

Published byDoris Logan Modified over 6 years ago

Similar presentations

Presentation on theme: "Introduction to Information Security"— Presentation transcript:

1 Introduction to Information Security
Web Vulnerabilities - Backend

2 About Passwords Remember long sentences > shorter randomness?
The sentences shouldn't be coherent Otherwise, Markov Chains can break them Random Generator + Probability (Distribution) + Conditional Probability (Memory)

3 Reminder A browser sends HTTP requests to a web server, which serves them and generates HTTP responses with HTML, CSS and JS content, which the browser then renders. Frontend Vulnerabilities: malicious responses (like cookie manipulations) to hack the client side Backend Vulnerabilities: malicious requests (like injections) to hack the server side SQL Injection

4 SQL Databases with tables, with columns, with values
chat messages users username password user content Databases with tables, with columns, with values INSERT INTO users (username, password) VALUES ('alice', 'foo') UPDATE users SET password = 'foobar' WHERE username = 'alice' DELETE FROM users WHERE username = 'alice' SELECT * FROM users SELECT username FROM users WHERE username = 'alice' AND password = 'foo' SELECT * FROM users JOIN messages ON (users.username = messages.user) Rows often have a PK (primary key), and JOINs are often done on FKs (foreign keys) 1 alice foo bob bar Hello! Hi there. 1 2 2

5 Authentication <form action="/login" method="POST">
<input type="text" name="username" /> <input type="password" name="password" /> <input type="submit" /> </form> def authenticate(request): user, pass = request.POST['username'], request.POST['password'] rows = db.execute("SELECT * FROM users WHERE username = '%s' AND password = '%s'" % (user, pass)) return len(rows) > 1

6 SQL Injection SELECT * FROM users WHERE username = 'alice' AND password = '' OR 1 = 1 -- ' comment

7 More SQL Injections '; DROP TABLE UNION

8 Remote File Inclusion Essentially the same: user input is integrated into the execution and hijacks control Except this time it usually involves loading and executing external / uploaded files In PHP, it was a mess Surprisingly, in Python (and Ruby, and Node.js) it's also possible it all comes down to lazy programming

9 Python Packaging A python module is a file (with a .py extension) which can be imported A python package is a directory (with a __init__.py file) which can also be imported The import result is actually the directory/__init__.py module But it allows relative imports (from .sibling import x, from ..parent import y) Imagine this structure: And assume the server uses a GET parameter to device which hash To use: __import__(request.GET['hash']).compute() Of course, upload is not an importable module... Or is it? server/ server.py md5.py sha1.py uploads/ user1.jpg user2.jpg ...

10 Missing Function Level Access Control
Developers rely on the UI But an attacker can easily forge requests to the "hidden" functionality! Examples: Don't display the button Please log in to continue Credential validation!

11 Information Disclosure
Don't leak personal information. Easy, right? Consider this: username: foo, password: **** invalid username username: dan, password: **** invalid password "Pipeline" structure is especially prone to information disclosure Even in hardware – for example, safes

Download ppt "Introduction to Information Security"

Similar presentations

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.

Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.

1.  Understanding about How to Working with Server Side Scripting using PHP Framework (CodeIgniter) 2.
Copyright © 2004 - The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation.
Introduction The concept of “SQL Injection”

Introduction The concept of “SQL Injection”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu 15 708 33 Ostrava-Poruba.

NAVY Research Group Department of Computer Science Faculty of Electrical Engineering and Computer Science VŠB-TUO 17. listopadu Ostrava-Poruba.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
INTRODUCTION The Group WEB BROWSER FOR RELATION Goals.

INTRODUCTION The Group WEB BROWSER FOR RELATION Goals.
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.

CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.

Performed by:Gidi Getter Svetlana Klinovsky Supervised by:Viktor Kulikov 08/03/2009.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Introduction to InfoSec – Recitation 8 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 8 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
MIS 5211.001 Week 11 Site:

MIS Week 11 Site:
AJAX Chat Analysis and Design Rui Zhao CS5260 2012SPG UCCS.

AJAX Chat Analysis and Design Rui Zhao CS SPG UCCS.
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.

Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.

Analysis of SQL injection prevention using a proxy server By: David Rowe Supervisor: Barry Irwin.
Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)

Introduction to InfoSec – Recitation 7 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
1 Accelerated Web Development Course JavaScript and Client side programming Day 2 Rich Roth On The Net 413-586-9668 -

1 Accelerated Web Development Course JavaScript and Client side programming Day 2 Rich Roth On The Net

Similar presentations

Ads by Google