Download presentation
Presentation is loading. Please wait.
1
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W Chen
2
Information Networking Security and Assurance Lab National Chung Cheng University OWASP Top Ten Vulnerabilities Outline A1 Unvalidated Input A5 Buffer Overflows A10 Insecure Configuration Management A2 Broken Access Control A3 Broken Authentication and Session Management A4 Cross Site Scripting (XSS) Flaws A6 Injection Flaws A7 Improper Error Handling A8 Insecure Storage A9 Denial of Service
3
Information Networking Security and Assurance Lab National Chung Cheng University Example Web Application Browser Web ServerApplication Server Database Server Internal Network DMZProtected Network Internet
4
Information Networking Security and Assurance Lab National Chung Cheng University Top Ten Vulnerabilities this year & last year
5
Information Networking Security and Assurance Lab National Chung Cheng University A1 Unvalidated Input (1/3) Attacker can tamper with any part of an HTTP request, including url, querystring, headers, cookies, form fields, and hidden field. Related Attack A4 Cross site Scripting A5 Buffer Overflows A6 Injection Flaws
6
Information Networking Security and Assurance Lab National Chung Cheng University A1 Unvalidated Input (2/3) Any malicious user can see the QueryString and modify it! http://www.yoursite.com/phones/phonelist.cgi?phoneid=34 http://www.yoursite.com/phones/phonelist.cgi?phoneid=34;delete from phones SELECT name, phone FROM phones WHERE phoneid=34; DELETE FROM phones Manipulation What will be done? Example: (SQL Injection)
7
Information Networking Security and Assurance Lab National Chung Cheng University A1 Unvalidated Input (3/3) Countermeasures Parameter should be validate before they are used. Data type Allow character set Minimum and maximum length Whether null is allowed Whether the parameter is require or not Whether duplicates are allowed Numeric range
8
Information Networking Security and Assurance Lab National Chung Cheng University A2 Broken Access Control Access Control = Authorization Countermeasures Use access control matrix to define access control rules. Administrative function can use VPN to protect. Path traversal File permissions – may allow access to config/password files Client-side caching Insecure session IDs or keys Forced browsing past access control checks
9
Information Networking Security and Assurance Lab National Chung Cheng University A3 Broken Authentication and Session Management Weak authentication Countermeasures Strong passwords Account List protection Session ID Protection (SSL) Password-only Easily guessable usernames Unencrypted secrets could be sniffed Trust relationships between hosts
10
Information Networking Security and Assurance Lab National Chung Cheng University A4 Cross Site Scripting (XSS) Flaws Attacker uses a trust application/company to send malicious code to end-user. <a href= http://www.insecuresite.com/welcome.asp?name= idForm.cookie.value=document.cookie; idForm.submit(); > here “cookie robbed!!” Source : Bo
11
Information Networking Security and Assurance Lab National Chung Cheng University A5 Buffer Overflows Mostly affects web/app servers Goal: crash the target app and get a shell Countermeasures Keep up with bug reports Periodically scan your website Code reviews –echo “vrfy `perl –e ‘print “a” x 1000’`” |nc www.targetsystem.com 25 www.targetsystem.com –char shellcode[] = “\xeb\xlf\x5e\x89\x76\x08…” Replace this with something like this… Example:
12
Information Networking Security and Assurance Lab National Chung Cheng University A6 Injection Flaws Allows attacker to relay malicious code through a web application to another system. Countermeasures Avoid system calls (use libraries instead) Validate input information. Run with limited privileges Path traversal: “../” Add more commands: “; rm –r *” SQL injection: “’ OR 1=1”
13
Information Networking Security and Assurance Lab National Chung Cheng University Helps attacker know how to target the application. Countermeasures Code review Modify default error pages (404, 401, etc.) A7 Improper Error Handling “File not found” vs. “Access denied” Example:
14
Information Networking Security and Assurance Lab National Chung Cheng University A8 Insecure Storage Insecure storage of sensitive information. Countermeasures Use a one-way hash function(SHA-1) instead of storing encrypted data. Make sure no open vulnerabilities in cryptography. Improper storage of secrets in memory Poor randomness Poor choice of algorithm Failure to encrypt critical dataInsecure storage of keys, certificates, and passwords
15
Information Networking Security and Assurance Lab National Chung Cheng University A9 Denial of Service Legitimate users can’t be serviced. Countermeasures Limit the sources allocated to any user to a bare minimum. Avoid any unnecessary access to databases or other expensive resource. Exhaust the system resources Legitimate account lock out
16
Information Networking Security and Assurance Lab National Chung Cheng University A10 Insecure Configuration Management Developers ≠ web masters Countermeasures Configure all security mechanisms. Turn off all unused services. Set up and audit roles, permissions, and accounts. logging and alerts. Unpatched security flaws in the server software. Improper file and directory permission. Default accounts with their default passwords. Configuration problems:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.