Download presentation
Presentation is loading. Please wait.
Published byAna Afton Modified over 9 years ago
1
Client and Server-Side Vulnerabilities Stephen Reese
2
Pen Testing vs. Vuln Assessments Vulnerability Assessments Penetration Testing Maturity Levels Goals Expectations
3
Plug-ins are useful evil Dynamic Content Browser plug-in Mobile code Sandbox evasion
4
Java Security The byte code verifier The applet class loader The security manager Sandbox Limited network access Resource restrictions Signed verse Unsigned JAR files
5
Java Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework CVE-2013-2465 <= JRE 7u21 <= JRE 6u45 <= JRE 5u45
6
Flash Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources Trusted No signed code*
7
Reader Security Remote Sandbox Policy / Developer Controls Local Sandbox Limited network access Local resources
8
Internet Explorer Demo Virtualized Environment Attacker (Linux Host) Victim (Windows XP SP3) MetaSploit Framework Recent 0-day CVE-2013-3893 IE 6 – 11 IE 8 (target)
9
Java Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall
10
IE Mitigations Patch Different Browser EMET Sandbox
11
Flash Mitigations Patch Different Browsers Click-to-Play Trusted Zones Third-party plugins Disable JRE in browser Uninstall
12
Reader Mitigations Review the JavaScript controls and set as needed Review the attachment white and black lists Review multimedia restrictions Review settings for XObjects, 3D content, and Flash Protected Mode Protected View Enhanced Security Patch
13
SQLi SQL queries are run in an unsafe manner View and/or modify application data Escalate privileges Execute OS commands Demo Browser or a scanner Vulnerable Web App
14
SQLi Migations Filter input $id = $_GET['id']; $id = stripslashes($id); $id = mysql_real_escape_string($id); Encode output htmlentities() htmlspecialchars() strip_tags() addslashes()
15
Questions?
16
References http://www.rapid7.com/db/modules/exploit/windows/browser/ms13_069 _caret http://www.rapid7.com/db/modules/exploit/multi/browser/java_storeima gearray http://www.offensive-security.com/metasploit- unleashed/Meterpreter_Basics http://www.pcworld.com/article/261562/six_ways_to_protect_against_th e_new_actively_exploited_java_vulnerability.html https://www.owasp.org/index.php/OWASP_Broken_Web_Applications_Pr oject http://caffeinept.blogspot.com/2012/01/dvwa-sql-injection.html http://samiux.blogspot.com/2013/08/howto-dvwa-sql-injection.html
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.