Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security: Exploits & Countermeasures

Published byShannon Osborne Modified over 6 years ago

Similar presentations

Presentation on theme: "Security: Exploits & Countermeasures"— Presentation transcript:

1 Security: Exploits & Countermeasures
Security: Exploits & Countermeasures

2 SWEBOK KAs covered so far
Software Requirements Software Design Software Construction Software Testing Software Maintenance Software Configuration Management Software Engineering Management Software Engineering Process Software Engineering Models and Methods Software Quality Software Engineering Professional Practice Software Engineering Economics Computing Foundations Mathematical Foundations Engineering Foundations Today’s topic: Security

3 Three Common Web App Exploits and Countermeasures
I’ll unfold them one by one…

4 What potential exploit is here?
Ye Olde Internet Browser Rails Router Controller View Model DB

5 What potential exploit is here?
Ye Olde Internet Browser Rails Router Controller View Model DB Eavesdropping, packet sniffing, man-in-the-middle

6 Example: Unsecured Sign-Up Page
Trivial for packet sniffer to steal

7 How to prevent? Browser Ye Olde Internet Rails Router Controller View
Model DB

8 Encrypt communications with SSL (HTTPS)
How to prevent? Ye Olde Internet Browser Rails Router Controller View Model DB Encrypt communications with SSL (HTTPS)

9 How to enable site-wide SSL in Rails
Also requires config on production server E.g.: Signed certificate Taken from (3rd Ed.) Listing 7.26

10 Three Common Web App Exploits and Countermeasures
Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL

11 Why were the student records lost?

12 Why were the student records lost?
The name string “Robert') DROP TABLE Students;--” injected malicious code But how can this happen?

13 Imagine controller that looks up students by name
id = "Robert" Student.where("name = '#{id}'")

14 Imagine controller that looks up students by name
id = "Robert" Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; Rails ORM translates to…

15 What if…? id = "Robert'; DROP TABLE students;--" …
Student.where("name = '#{id}'")

16 What if…? id = "Robert'; DROP TABLE students;--" …
Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; DROP TABLE students;--';

17 How to prevent SQL injection?
id = "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'")

18 How to prevent SQL injection?
id = "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'") Student.where("name = ?", id) Write like this! Automatically escapes input

19 Translation becomes… id = "Robert'; DROP TABLE students;--" …
Student.where("name = ?", id) SELECT * FROM students WHERE name = 'Robert\'\; DROP TABLE students\;\-\-';

20 Three Common Web App Exploits and Countermeasures
Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Exploit: SQL injection Countermeasure: Use escaped queries

21 Micropost Example: What if…?

22 Micropost Example: What if…?
User posts Blah blah… <script src="

23 Malicious script runs when feed loads!
Blah blah… <script src="

24 How to prevent cross-site scripting (XSS)?

25 How to prevent cross-site scripting (XSS)?
Use Rails! Hartl: “Rails automatically prevents the [XSS] problem by escaping any content inserted into view templates.” <script src=" <script src=" ERB translates variable values to…

26 Three Common Web App Exploits and Countermeasures
Exploit: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Exploit: SQL injection Countermeasure: Use escaped queries Exploit: Cross-site scripting (another type of injection) Countermeasure: Use Rails (escape text) Although these exploits are common, there are many more (e.g., cross-site request forgery – see Hartl Ch. 3)

27 CERT Top 10 Software Security Practices
Validate input Heed compiler warnings Architect and design for security policies Keep it simple Default deny Adhere to the principle of least privilege Sanitize data sent to other software Practice defense in depth Use effective quality assurance techniques Adopt a software construction security standard Taken from

28 For more vulnerabilities and countermeasures, see the Rails Security Guide

Download ppt "Security: Exploits & Countermeasures"

Similar presentations

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
MongoDB Sharding and its Threats

MongoDB Sharding and its Threats
Martin Kruliš 2. 4. 2015 by Martin Kruliš (v1.0)1.

Martin Kruliš by Martin Kruliš (v1.0)1.
Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila.

Ruby on Rails CSCI 6314 David Gaspar Jennifer Garcia Avila.
CSCI 6962: Server-side Design and Programming Secure Web Programming.

CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.

Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.

Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.

Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.

1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.

Lecture slides prepared for “Computer Security: Principles and Practice”, 3/e, by William Stallings and Lawrie Brown, Chapter 5 “Database and Cloud Security”.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.

Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
OSI and TCP/IP Models And Some Vulnerabilities AfNOG 12 30 th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.

OSI and TCP/IP Models And Some Vulnerabilities AfNOG th May 2011 – 10 th June 2011 Tanzania By Marcus K. G. Adomey.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/

© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.

COMPUTER SECURITY MIDTERM REVIEW CS161 University of California BerkeleyApril 4, 2012.
Ram Santhanam Application Level Attacks - Session Hijacking & Defences

Ram Santhanam Application Level Attacks - Session Hijacking & Defences

Similar presentations

Ads by Google