Presentation is loading. Please wait.

Presentation is loading. Please wait.

Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.

Published byMilo Hardy Modified over 9 years ago

Similar presentations

Presentation on theme: "Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone."— Presentation transcript:

1 Security Scanners Mark Shtern

2 Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone

3 Web platform vulnerabilities Sample files in production environment Configured incorrectly Source code disclosure Canonicalization Server extensions Input validation (e.g. buffer overflow)

4 Web Application SQL Injection (not only in web applications) Cross-Site Scripting Cross Site Request Forgery

5 OSs Misconfiguration Input validation (e.g. buffer overflow) Design Flaws

6 Vector of Attack

7 SQL Injection The ability to inject SQL commands into the database engine through an existing application

8 What is SQL? SQL stands for Structured Query Language Allows us to access a database ANSI and ISO standard computer language – The most current standard is SQL99 SQL can: – execute queries against a database – retrieve data from a database – insert new records in a database – delete records from a database – update records in a database

9 SQL Queries With SQL, we can query a database and have a result set returned A query looks like this: SELECT LastName FROM users WHERE UserID = 5;

10 SQL Data Manipulation Language (DML) SQL includes a syntax to update, insert, and delete records: – SELECT - extracts data – UPDATE - updates data – INSERT INTO - inserts new data – DELETE - deletes data

11 SQL Data Definition Language (DDL) The Data Definition Language (DDL) part of SQL: – Creates or deletes database tables – Defines indices (keys) – Specifies links between tables – Imposes constraints between database tables Some of the most commonly used DDL statements in SQL are: – CREATE TABLE - creates a new database table – ALTER TABLE - alters (changes) a database table – DROP TABLE - deletes a database table

12 Example Common vulnerable login query SELECT * FROM users WHERE login = ‘root' AND password = ' 123 ' (If it returns something then login!)

13 Example formusr = root' or 1=1 – – formpwd = anything Final query would look like this: SELECT * FROM users WHERE username = ‘root' or 1=1 – – AND password = 'anything'

14 Countermeasures Do not use string concatenation or string replacement Use prepared or parameterized SQL statements, also known as prepared statements Encrypt the underlying data such that it cannot be disclosed in the case of a SQL injection– induced breach Validate the data being used in the SQL statement

15 Cross-Site Scripting (XSS ) Scripting: Web Browsers can execute commands – Embedded in HTML page – Supports different languages (JavaScript, VBScript, ActiveX, etc.) – Most prominent: JavaScript “Cross-Site” means: Foreign script sent via server to client – Attacker makes Web-Server deliver malicious script code – Malicious script is executed in Client’s Web Browser Attack: – Steal Access Credentials, Denial-of-Service, Modify Web pages – Execute any command at the client machine

16 Simple XSS attack JSP page http://example.com?name=test Attack http://example.com?name= alert(“Attack”)

17 XSS Example Attacker – Posts forum message Subject: “Get free money” Body attack code WEB Server – Stores the post User – Reads the message – Malicious code executed

18 Cross-Site Scripting The three conditions for Cross-Site Scripting: – A Web application accepts user input – The input is used to create dynamic content – The input is insufficiently validated

19 Cross Site Request Forgery Exploits a website’s trust in the user/browser Generally involves websites that rely on the identity of the users Performs HTTP requests of the attacker’s choosing Intent is to trick a user into performing an HTTP request/action Attack is not “personal”

20 Cross Site Request Forgery Websites use URLs to specify requests for an action Example (from wikipedia) – Instead of the withdrawal happening from inside the banking website, an image in Mallory’s website attempts to trigger a transfer from Bob’s bank account to Mallory’s which will work if Bob’s bank cookie has not expired

21 Typical CSRF Process Attacker posts an IMG tag or other code that sends an HTTP request Code posted usually causes a request to be made to another site (hence the term “cross- site”) Victim loads page with bad code Victim unknowingly causes an HTTP request to be sent

22 Countermeasures Web application should insert random values, tied to the specified user’s session, into the forms it generates Web application should re-authenticate every time when users are about to perform a particularly dangerous operation

23 Security Scanners

24 Automatic testing tools Metasploit Openvas Nikto WEB Proxies (Paros, WebScarab, RAT Proxy, Spike Proxy) Sqlmap, Wapiti

25 Metasploit Metasploit is an open source penetration testing framework Automatic Exploitation (Autopwn) Msfconsole db_create db_nmap db_autopwn –t –p –e Session –i [id]

26 OpenVas The “OpenVas” security scanner audits remotely a given network and determines whether someone (or something - like a worm) may break into it, or misuse it in some way Released under GNU/GPL Client/Server application

27 OpenVas The “OpenVas” security scanner audits remotely a given network and determines whether someone (or something - like a worm) may break into it, or misuse it in some way Released under GNU/GPL Client/Server application

28 Operation steps Create certificate Create user Start server (openvasd -D) Start client (openvas) Configure client Run scan

Download ppt "Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone."

Similar presentations

Nick Feamster CS 6262 Spring 2009

Nick Feamster CS 6262 Spring 2009
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.

Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011.
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.

Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
WebGoat & WebScarab “What is computer security for $1000 Alex?”

WebGoat & WebScarab “What is computer security for $1000 Alex?”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.

By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.

B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.

Information Networking Security and Assurance Lab National Chung Cheng University The Ten Most Critical Web Application Security Vulnerabilities Ryan J.W.
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.

Sara SartoliAkbar Siami Namin NSF-SFS workshop July 14-18, 2014.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.

Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Exploits: XSS, SQLI, Buffer Overflow

Exploits: XSS, SQLI, Buffer Overflow
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.

2440: 141 Web Site Administration Web Server-Side Programming Professor: Enoch E. Damson.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.

WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.

Web Application Attacks ECE 4112 Fall 2007 Group 9 Zafeer Khan & Simmon Yau.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Workshop 3 Web Application Security Li Weichao March 14 2014.

Workshop 3 Web Application Security Li Weichao March

Similar presentations

Ads by Google