Date post: | 01-Dec-2023 |
Category: |
Documents |
Upload: | independent |
View: | 0 times |
Download: | 0 times |
Disclaimer
• The information provided in this talk is meant to be used for legal and ethical purpose only.
• It is only for awareness among the participants and viewers.
• I am not responsible for what you do with this resource provided.
About Me
• A security Enthusiast..
• Speaker at HconGroups..
• Conducted a seminar of Security Awareness program in LD Engineering, Ahmedabad..
• Reported Serious vulnerability to Intel’s web application, Avast! Web Application, Adobe etc..
Some Stats
• More the Technology, more the attack vectors..
• One of the report in 2013 by IMPERVA says “A Web Application Is Attacked 26 Times Per Minute”.
• ~ More then 37k Web Attacks per 24hrs..
Source: http://www.imperva.com/download.asp?id=419
In 2014, 44% longer then 2013
Web App Penetration Testing
• It is a way to test security of a web application or a network methodically validating and verifying security controls.
• Proper report of the test is also important.
Why Security Testing? • Ask your self 1. How valuable is your data to you? 2. How valuable is your data to someone else? 3. How well have you protected your data? 4. How much are you prepared to pay make sure its
protected?
Ans to 1 & 2 are: “My business gets a boost” and “Thousand $$” Then you should probably worth doing a penetration testing to find loop holes..
Reason
If the data is been breach & Exposed:
• Lose of confidential data
• Lose of client trust
• Exposed internal issue’s
• And many other fall..
The main aim of security is to provide an organization a smooth run towards success.
Penetration testing Methodologies
• OSSTMM
(http://www.isecom.org/research/osstmm.html)
• OWASP
(https://www.owasp.org/index.php/Web_Application_Penetration_Testing)
• PTES
(http://www.pentest-standard.org/index.php/PTES_Technical_Guidelines)
• AppSec Labs Methodology
(https://appsec-labs.com/attacks_and_tests/)
• VulnerabilityAssessment
(http://www.vulnerabilityassessment.co.uk/Penetration%20Test.html)
The Famous OWASP List..
Official List:
https://www.owasp.org/index.php/Top_10_2013-Top_10
A1 Injection
A2 Broken Authentication &
Session management
A3 Cross Site Scripting(xss)
A4 Insecure Direct Obj
Reference
A6 Sensitive Data Exposure
A7 Missing Function Level
Access Control
A8 Cross Site Request
Forgery(csrf)
A9 Using Components With
known Vulnerabilities
A5 Security Misconfig
A10 Invalidated Redirects and
Forwards
SQL Injection
• Sql injection is also know as sqli. • This technique is used to extract
database records by injecting the malicious queries into the front end.
• It sends queries directly to the database and hence forth causes the data leak..
SQL Injection Defense
• Disable magic qoutes • use mysql_real_escape_string function to escape • Use htmlspecialchars to display the string into html. • Always bind & escape the data before it goes back into execution.
OWASP A3 – Cross Site Scripting
Detection : Easy Exploitability : Average Technical Impact : Average
Cross Site Scripting
• Cross site Scripting is widely known as XSS. • Client side attack is executed taking advantage of this kind of
weaknesses in a web application. • A js is loaded into the web page traditionally between • <script> js</script> tags.
Cross Site Scripting
Consequences: 1. Cookie stealing. 2. Alert pop-up on page. 3. Redirecting to another website/page/phishing site. 4. Executing browser exploits. 5. Compromise the entire web application in some cases.
XSS Defense
• Encode <,>,’ and “. It is the 1st step. • Encode special char’s with the following
1. & –> & 2. < –> < 3. > –> > 4. / –> / 5. –> ' 6. ” –> "
• Use htmlspecialchars() to encode the above in PHP For Ex: $input = htmlspecialchars($input, ENT_QUOTES); • Replacing it is also a good idea:
1. $input = str_replace(array(‘&’,’<’,’>’), array(‘&amp;’,’&lt;’,’&gt;’), $input);
2. $input= preg_replace(‘/(&#*w+)*x00-x20++;/u’, ‘$1;’, $data); 3. $data = preg_replace(‘/(&#x**0-9A-F]+);*/iu’, ‘$1;’, $input);
Defensing Input: Resources & Libraries
Resources: • https://www.owasp.org/index.php/Data_Validation • https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Preventio
n_Cheat_Sheet • https://www.owasp.org/index.php/OWASP_Java_Encoder_Project#tab=Main • https://msdn.microsoft.com/en-us/library/ms998271.aspx • http://www.sqlbook.com/SQL/Defending-against-SQL-Injection-30.aspx Hand Book: • https://code.google.com/p/browsersec/ Open-source Libraries: • https://code.google.com/p/php-antixss/. • https://gist.github.com/mbijon/1098477 • http://htmlpurifier.org/download • https://code.google.com/p/xssprotect/ • https://github.com/finn-no/xss-html-filter
Resources Secure Architecture: • https://msdn.microsoft.com/en-us/library/aa302420.aspx Theory and Cheat Sheets: • https://www.owasp.org/index.php/Injection_Theory • https://www.owasp.org/index.php/Application_Security_Architect
ure_Cheat_Sheet Secure Framework and Unix Server: • http://apparch.codeplex.com/ • http://www.hdiv.org/ • https://www.owasp.org/index.php/OWASP_PHP_Security_Project • http://shiro.apache.org/ • http://liftweb.net/ • http://www.banshee-php.org/ • https://www.hiawatha-webserver.org/
Thanks to:
Viral Parmar Ravi Rajput
Special Thanks to: Piyush Malik
Contact: [email protected] facebook.com/bhashit.pandya @bhashitpandya
17/04/15 InfoCity, Gandhinagar. ComExpo Cyber Security Awareness Program