Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Application Security: Electronic Commerce and E-Mail Chapter 9 Copyright 2003 Prentice-Hall.

Published byValentine Daniels Modified over 9 years ago

Similar presentations

Presentation on theme: "1 Application Security: Electronic Commerce and E-Mail Chapter 9 Copyright 2003 Prentice-Hall."— Presentation transcript:

1

2 1 Application Security: Electronic Commerce and E-Mail Chapter 9 Copyright 2003 Prentice-Hall

3 2 Figure 9-1: General Application Security Issues Executing Commands with the Privileges of a Compromised Application  If an attacker takes over an application, the attacker can execute commands with the privileges of that application  Many applications run with super user (root) privileges

4 3 Figure 9-1: General Application Security Issues Buffer Overflow Attacks  From Chapter 6: Vulnerabilities  Exploits  Fixes Patches Manual work-arounds, or Version upgrades  Buffers are places where data is stored temporarily  If an attacker sends too much data, a buffer might overflow, overwriting an adjacent section of RAM

5 4 Figure 9-1: General Application Security Issues Buffer Overflow Attacks  If that section is retrieved, various problems can occur  Read as data, read as program instructions, illegal values that cause a crash  Stacks are used to hold information temporarily on subprograms  Stack overflows might allow an attacker to execute any command (Figure 9-2)  An example: The IIS IPP Buffer Overflow Attack: Host variable is overflowed

6 5 Figure 9-2: Stack Entry and Buffer Overflow Return Address 1. Write Return Address 2. Add Data to Buffer Data Buffer 5. Start of Attack Code 3. Direction of Data Writing 4. Overwrite Return Address

7 6 Figure 9-1: General Application Security Issues Few Operating Systems But Many Applications  Application hardening is more total work than operating system hardening Application Security Actions  Understanding the server’s role and threat environment  If it runs only one or a few services, easy to disallow irrelevant things

8 7 Figure 9-1: General Application Security Issues Application Security Actions  Basics Physical security backup harden the operating system  Minimize applications Main applications Subsidiary applications Be guided by security baselines

9 8 Figure 9-1: General Application Security Issues Application Security Actions  Minimize the permissions of applications In UNIX, use chroot to put application in a directory Attacks will be limited to this directory and subdirectories However, chroot protection can be broken, especially by root applications for which it is most critical

10 9 Figure 9-1: General Application Security Issues Application Security Actions  Add application layer authentication  Implement cryptographic systems  Delete optional learning aids  Install patches New chips being designed that isolates programs from data

Download ppt "1 Application Security: Electronic Commerce and E-Mail Chapter 9 Copyright 2003 Prentice-Hall."

Similar presentations

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.

Computer Security: Principles and Practice EECS710: Information Security Professor Hossein Saiedian Fall 2014 Chapter 10: Buffer Overflow.
Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.

Lecture 16 Buffer Overflow modified from slides of Lawrie Brown.
Computer Security: Principles and Practice

Computer Security: Principles and Practice
Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.

Breno de MedeirosFlorida State University Fall 2005 Buffer overflow and stack smashing attacks Principles of application software security.
1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.

1 CHAPTER 8 BUFFER OVERFLOW. 2 Introduction One of the more advanced attack techniques is the buffer overflow attack Buffer Overflows occurs when software.
1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.

1 Figure 6-16: Advanced Server Hardening Techniques Reading Event Logs (Chapter 10)  The importance of logging to diagnose problems Failed logins, changing.
Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.

Stack-Based Buffer Overflows Attacker – Can take over a system remotely across a network. local malicious users – To elevate their privileges and gain.
System and Network Security Practices COEN 351 E-Commerce Security.

System and Network Security Practices COEN 351 E-Commerce Security.
WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.

WEB SECURITY. WEB ATTACK TYPES Buffer OverflowsXML InjectionsSession Hijacking Attacks WEB Attack Types.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Building Secure Software Chapter 9 Race Conditions.

Building Secure Software Chapter 9 Race Conditions.
Chapter 12 File Management Systems

Chapter 12 File Management Systems
Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.

Application Security Chapter 8 Copyright Pearson Prentice Hall 2013.
Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.

Operating System Security Chapter 9. Operating System Security Terms and Concepts An operating system manages and controls access to hardware components.
Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.

Guide to Operating System Security Chapter 2 Viruses, Worms, and Malicious Software.
Installing and Configuring a Secure Web Server COEN 351 David Papay.

Installing and Configuring a Secure Web Server COEN 351 David Papay.
CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 20 Jonathan Katz.
Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.

Buffer Overflow Attacks. Memory plays a key part in many computer system functions. It’s a critical component to many internal operations. From mother.
Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.

Vulnerabilities. flaws in systems that allow them to be exploited provide means for attackers to compromise hosts, servers and networks.
CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.

CSC 386 – Computer Security Scott Heggen. Agenda Introduction to Software Security.

Similar presentations

Ads by Google