WEBSITE VULNERABILITIES

Ngan Seok ChernMCP | CEH | MVP –ASP / ASP.NETseokchern85@hotmail.comhttp://blog.scnetstudio.com

Agenda

Web application setup

Why attack

Type of attack & countermeasure

Web Application Setup

Why Attack ?

Defacing Website

Sealing credit card information

exploting server-side scripting

exploiting buffer overflow

and etc

Step

1. Scanning

2. Gather Information

3. Testing

4. Plan

5. Launch

Type of Attack

Cross-site Scripting / XSS Flaws

SQL Injection

Buffer Overflow

Directory Traversal

Error message interception attack

Web.config

and etc

Cross-site Scripting / XSS Flaws

Typically found in web applications which allowcode injection by malicious users into the webpages viewed by other users.

JavaScript is commonly used.

During an attack "everything looks fine" to theend-user.

<script> </script>

Countermeasure : Validate all your sources.

Filtering script output.

SQL Injection

SQL to manipulate database’s data Execute from address bar, queries /

searches. SELECT fieldlist FROM table

WHERE field = '$EMAIL'; SELECT fieldlist FROM table

WHERE field = 'anything' OR'x'='x';

Countermeasure: Check user input. Validate and sanitize user input that

passed to database.

Buffer Overflow

Where a process stores data in a bufferoutside the memory the programmer setaside for it.

Countermeasure:

Validate input length.

Check and pay extra care on loop function whichcarry data.

Directory Traversal

Attacker able to browse directoriesand files.

Expose the directory structure ofapplication and often the underlyingweb server and operating system.

Eg. “../Images/logo.gif”

Countermeasure: Define access right to the protected area

Apply checks/hot fixes

Update web server with patches in timelymanner

Error Message Attack

Based on error message that show.

Example:

Your password is incorrect.

Connecting to the database on ……. With …..is notunsuccessful.

Countermeasure:

Modify and display common error message.

Web.config

Connection String Information

Example: Data Source=190.190.200.100,1433;Network

Library=DBMSSOCN;InitialCatalog=myDataBase;UserID=myUsername;Password=myPassword;

Countermeasure: Encrypt your web.config. aspnet_regiis.exe -pef "connectionStrings

Name" "C:\Inetpub\wwwroot\MySite" –prov"DataProtectionConfigurationProvider”

Web.config (Original)

Web.config (Encrypted)

Summary

Programmer played important roles.

Patches your server.

Thank youQ&A