Presentation is loading. Please wait.

Presentation is loading. Please wait.

Vulnerability Chaining Every Low Issue Has its big impact

Published byRalf Gaines Modified over 6 years ago

Similar presentations

Presentation on theme: "Vulnerability Chaining Every Low Issue Has its big impact"— Presentation transcript:

1 Vulnerability Chaining Every Low Issue Has its big impact
Chandrakant Nial Security Analyst

2 BIO Chandrakant Nial is a security analyst and a practicing developer and a security bug hunter in Bhubaneswar. His career span over 3 years including TCS and as an independent bounty hunter. His education includes Bachelor in Computer Sc. from BPUT, Orissa.

3 Agenda OWASP TOP 10 2013 Some low issue that we come across
Typical mistake by developers Chaining Process Analyzing the response and understanding behavior of application Using multiple vulnerability Knowledge on various technology Impacts Defacing website Account take over Delete codebase, DataBases, etc… Best practices/References Conclusion

4 Top 10 List A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A4-Insecure Direct Object References A5-Security Misconfiguration A6-Sensitive Data Exposure A7-Missing Function Level Access Control A8-Cross-Site Request Forgery (CSRF) A9-Using Components with Known Vulnerabilities A10-Unvalidated Redirects and Forwards

5 Low Issues Unwanted Methods (PUT,DELETE,HEAD) Cookie Low flag
Encryption (URL,Base64) Directory traversal Banner grabbing Url Redirection Information Disclose ,Mixed Content

6 Typical Mistakes Ignorance Unaware Of security things
They don’t care security but functionality is all they want

7 Chaining Process Low bug

8 Chaining Process Chained BUG Versoix, Switzerland

9 Chaining Process Example – 1

10 Chaining Process Examples

11 Chaining Process Examples

12 Chaining Process Examples

13 Chaining Process Examples

14 Chaining Process Examples

15 Chaining Process Examples

16 Chaining Process Examples

17 Chaining Process By passing authentication Consider two user
Attackers Login ID: attackerloginid md5 hash value:  db9e21c958a4df44eea4 Victims Login ID: victimloginid md5 hash value: e9fc2abd9060fde1a67e3367b7d64bd0

18 Authentication Bypass
Original Server Response Using Attackers Account with Wrong Password HTTP/ OK Date: Wed, 7 May :17:27 GMT Server: Apache Expires: Thu, 19 Nov :52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=; expires=Tue, 25-Mar :32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"failed":false}

19 Authentication Bypass…
Original Response Using Attackers Account with Right Password: HTTP/ Found Date: Wed,  7 May :17:27 GMT Server: Apache Expires: Thu, 19 Nov :52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken= db9e21c958a4df44eea4; expires=Tue, 25-Mar :32:27 GMT; path=/ Set-Cookie: pstoken= db9e21c958a4df44eea4; expires=Tue, 25-Mar :32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

20 Authentication Bypass…
Modified Response in which the attacker modified the Response Code, Set-Cookies & there Values, Status Code Values and Sent it as a Request: HTTP/ Found Date: Wed, 7 May :17:27 GMT Server: Apache Expires: Thu, 19 Nov :52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar :32:27 GMT; path=/ Set-Cookie: pstoken=e9fc2abd9060fde1a67e3367b7d64bd0; expires=Tue, 25-Mar :32:27 GMT; path=/ Content-Length: 16 Connection: close Content-Type: text/html; charset=UTF-8 {"success":true}

21 Moral How to Start Chaining? Find Vulnerability Analyze bugs
Research on customer’s business

22 Moral How to Start Chaining? Find Vulnerability Analyze bugs
Research on customer’s business

23 Demo DEMO

24 Moral Questions Please
Vulnerable code + weak Configuration = Dangerous Exploitation Every Vulnerability need to patch irrespective of severity Questions Please

Download ppt "Vulnerability Chaining Every Low Issue Has its big impact"

Similar presentations

Webgoat.

Webgoat.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
OWASP Web Vulnerabilities and Auditing

OWASP Web Vulnerabilities and Auditing
Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!

Don’t get Stung (An introduction to the OWASP Top Ten Project) Barry Dorrans Microsoft Information Security Tools NEW AND IMPROVED!
SEC835 OWASP Top Ten Project.

SEC835 OWASP Top Ten Project.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
The 10 Most Critical Web Application Security Vulnerabilities

The 10 Most Critical Web Application Security Vulnerabilities
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March
Web Security Overview Lohika ASC team 2009

Web Security Overview Lohika ASC team 2009
OWASP Zed Attack Proxy Project Lead

OWASP Zed Attack Proxy Project Lead
HTTP and Server Security James Walden Northern Kentucky University.

HTTP and Server Security James Walden Northern Kentucky University.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.

Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
The OWASP Way Understanding the OWASP Vision and the Top Ten.

The OWASP Way Understanding the OWASP Vision and the Top Ten.
Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.

Security testing of study information system Security team: Matis Alliksoo Alo Konno Urmo Lihten Taavi Podzuks Sander Saarm.
Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.

Ryan Dewhurst - 20th March 2012 Web Application (PHP) Security.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University

November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.

Browser Web Server Users DB 2a. Redirect to login page plugin 1. access a protected page Login Web Server (https) aislogin.cern.ch edh.cern.ch 3a. Set.

Similar presentations

Ads by Google