13
A new web security scanning approach dan zulla, [email protected]
| Date post: | 07-Apr-2018 |
| Category: |
Documents |
| Upload: | daniel-zulla |
| View: | 217 times |
| Download: | 0 times |
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 1/14
A new web security scanning approach
dan zulla, [email protected]
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 2/14
State-Of-The-Art
scanner
cookie / session
remote application - injecting!
injecting again!
reusing the session?
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 3/14
State-Of-The-Art
injecting again!
xss, sql injection, time-based sql injection,lfi, rfi, [...] - any kind of injection vulnerability!
scanner
user / tester
reporting injection vulns.
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 4/14
State-Of-The-Art
injecting again!
xss, sql injection, time-based sql injection,lfi, rfi, [...] - any kind of injection vulnerability!
scanner
user / tester
reporting injection vulns.
a crappy WAF / IDS
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 5/14
The problem with injection vulns.
injecting again!
xss, sql injection, time-based sql injection,lfi, rfi, [...] - any kind of injection vulnerability!
a crappy WAF / IDS
The automatic detection fails. Even if the remote application is still crappy and insecure.
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 6/14
Automatic Detection of integer-basedprivilege escalations in web applications!
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 7/14
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
remembering integers (e.g.input[type=hidden])
Automatic Detection of integer-basedprivilege escalations in web applications!
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 8/14
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
sharing those integers and thelocations (forms, links)
Automatic Detection of integer-basedprivilege escalations in web applications!
sharing those integers and thelocations (forms, links)
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 9/14
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
reusing integersshared by instance1 with the
account of instance2
try to modify theother users
account; to readclassified
information!
Automatic Detection of integer-basedprivilege escalations in web applications!
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 10/14
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
instance 2 asks instance one if the data has been modified;checks if the data has been
classified
Automatic Detection of integer-basedprivilege escalations in web applications!
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 11/14
scanner
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
instance 1 checks andresponds
Automatic Detection of integer-basedprivilege escalations in web applications!
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 12/14
√
instance 1 instance 2
user1:pw1 user2:pw2
remote application
loggedin1 loggedin2
The scanner-server process can verify the results, anddetermine if there‘s a security problem.
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 13/14
Automatic Detection of integer-basedprivilege escalations in web applications!
what do you think?
8/3/2019 Www Scanning
http://slidepdf.com/reader/full/www-scanning 14/14
