Download presentation
Presentation is loading. Please wait.
Published byLouisa White Modified over 9 years ago
1
The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash
2
The attacks ● SQL Injection – first order: non-persistent – second order: persistent
3
The attacks ● Cross Channel Scripting – Similar to XSS and SQLI (contains all non-XSS, non- SQLI code injection vulnerabilites) – examples: ● Xpath Injection: unsanitzed data used in XML ● Malicious File Upload ● Open Redirects: (http://www.vulnerable.com?redirect=http://www.attacker.com) ● Path Traversal (http://foo.com/../../barfile)
4
The attacks ● Session Management – credentials sent over unencrypted HTTP – weak password recovery questions – weak CAPTCHAs – predicable authentication id values – insecure session cookies
5
The attacks ● Cross-Site Request Forgery – Alice is logged into her bank account – Trudy sends Alice an e-mail containing a link with a request to transfer money to Trudy's account ● could require a click ( ) ● or not ( ) – When the request is sent by Alice (eg by attempting to view the image), her authentication cookie is sent with it
6
The attacks ● SSL/Server Config – misconfigurations in the web server or SSL
7
Information Leakage ● Various methods of gaining sensitive information such as database names, source code or user names – die() function – path vulnerabilities
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.