Enviar pesquisa
Carregar
nCircle Webinar: Get your Black Belt
•
Transferir como PPTX, PDF
•
2 gostaram
•
5,403 visualizações
nCircle - a Tripwire Company
Seguir
Get Your Black Belt in Web Application Security
Leia menos
Leia mais
Negócios
Tecnologia
Denunciar
Compartilhar
Denunciar
Compartilhar
1 de 41
Baixar agora
Recomendados
Securing and Managing the Oracle HTTP Server
Securing and Managing the Oracle HTTP Server
SecureDBA
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)
Soham Kansodaria
DVWA BruCON Workshop
DVWA BruCON Workshop
testuser1223
Beyond the OWASP Top 10
Beyond the OWASP Top 10
iphonepentest
Network penetration testing
Network penetration testing
Imaginea
Security_Testing_Presentation
Security_Testing_Presentation
Razil Shaik
Owasp top 10
Owasp top 10
Aravindharamanan S
t r
t r
electronicmingle01
Recomendados
Securing and Managing the Oracle HTTP Server
Securing and Managing the Oracle HTTP Server
SecureDBA
DVWA(Damn Vulnerabilities Web Application)
DVWA(Damn Vulnerabilities Web Application)
Soham Kansodaria
DVWA BruCON Workshop
DVWA BruCON Workshop
testuser1223
Beyond the OWASP Top 10
Beyond the OWASP Top 10
iphonepentest
Network penetration testing
Network penetration testing
Imaginea
Security_Testing_Presentation
Security_Testing_Presentation
Razil Shaik
Owasp top 10
Owasp top 10
Aravindharamanan S
t r
t r
electronicmingle01
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
OWASP TOP 10
OWASP TOP 10
Robert MacLean
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017
Aaron Hnatiw
Securing and Managing the Oracle HTTP Server - White Paper
Securing and Managing the Oracle HTTP Server - White Paper
SecureDBA
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
2013 OWASP Top 10
2013 OWASP Top 10
bilcorry
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
Sandro Gauci
Web Hacking
Web Hacking
Information Technology
Web application penetration testing
Web application penetration testing
Imaginea
OWASP Top 10 Proactive Controls
OWASP Top 10 Proactive Controls
Katy Anton
Web Apps Security
Web Apps Security
Victor Bucutea
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Secure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
Sebastien Gioria
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Secure code practices
Secure code practices
Hina Rawal
Web Application Security
Web Application Security
Richard Peter Ong
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Haitham Raik
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Quek Lilian
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
Mais conteúdo relacionado
Mais procurados
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
Marco Morana
OWASP TOP 10
OWASP TOP 10
Robert MacLean
Waf bypassing Techniques
Waf bypassing Techniques
Avinash Thapa
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017
Aaron Hnatiw
Securing and Managing the Oracle HTTP Server - White Paper
Securing and Managing the Oracle HTTP Server - White Paper
SecureDBA
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
2013 OWASP Top 10
2013 OWASP Top 10
bilcorry
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Brian Huff
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
Sandro Gauci
Web Hacking
Web Hacking
Information Technology
Web application penetration testing
Web application penetration testing
Imaginea
OWASP Top 10 Proactive Controls
OWASP Top 10 Proactive Controls
Katy Anton
Web Apps Security
Web Apps Security
Victor Bucutea
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Bulent Buyukkahraman
Secure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
Sebastien Gioria
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Niyas Nazar
Secure code practices
Secure code practices
Hina Rawal
Web Application Security
Web Application Security
Richard Peter Ong
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Haitham Raik
Mais procurados
(20)
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Owasp Top 10 And Security Flaw Root Causes
Owasp Top 10 And Security Flaw Root Causes
OWASP TOP 10
OWASP TOP 10
Waf bypassing Techniques
Waf bypassing Techniques
Beyond OWASP Top 10 - Hack In Paris 2017
Beyond OWASP Top 10 - Hack In Paris 2017
Securing and Managing the Oracle HTTP Server - White Paper
Securing and Managing the Oracle HTTP Server - White Paper
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
2013 OWASP Top 10
2013 OWASP Top 10
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Top 10 Web Security Vulnerabilities (OWASP Top 10)
Web Application Firewalls Detection, Bypassing And Exploitation
Web Application Firewalls Detection, Bypassing And Exploitation
Web Hacking
Web Hacking
Web application penetration testing
Web application penetration testing
OWASP Top 10 Proactive Controls
OWASP Top 10 Proactive Controls
Web Apps Security
Web Apps Security
Axoss Web Application Penetration Testing Services
Axoss Web Application Penetration Testing Services
Secure Coding for Java - An Introduction
Secure Coding for Java - An Introduction
Vulnerabilities in modern web applications
Vulnerabilities in modern web applications
Secure code practices
Secure code practices
Web Application Security
Web Application Security
PCI security requirements secure coding and code review 2014
PCI security requirements secure coding and code review 2014
Semelhante a nCircle Webinar: Get your Black Belt
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Quek Lilian
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Ravindra Singh Rathore
Secure coding guidelines
Secure coding guidelines
Zakaria SMAHI
Web security 2012
Web security 2012
Mohamed Elabnody
OWASP App Sec US - 2010
OWASP App Sec US - 2010
Aditya K Sood
Web Application Scanning 101
Web Application Scanning 101
Sasha Nunke
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
Cenzic
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Null Bhubaneswar
Top Application Security Trends of 2012
Top Application Security Trends of 2012
DaveEdwards12
Web hackingtools 2015
Web hackingtools 2015
ColdFusionConference
Web hackingtools 2015
Web hackingtools 2015
devObjective
Unit 08: Security for Web Applications
Unit 08: Security for Web Applications
DSBW 2011/2002 - Carles Farré - Barcelona Tech
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
ColdFusionConference
OWASP Top Ten in Practice
OWASP Top Ten in Practice
Security Innovation
Web Security
Web Security
Gerald Villorente
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Imperva Incapsula
Web Security
Web Security
Chatree Kunjai
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
Amiga Utomo
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Kislaychd
Cyber ppt
Cyber ppt
karthik menon
Semelhante a nCircle Webinar: Get your Black Belt
(20)
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter...
Sql injections (Basic bypass authentication)
Sql injections (Basic bypass authentication)
Secure coding guidelines
Secure coding guidelines
Web security 2012
Web security 2012
OWASP App Sec US - 2010
OWASP App Sec US - 2010
Web Application Scanning 101
Web Application Scanning 101
Security in the cloud protecting your cloud apps
Security in the cloud protecting your cloud apps
OWASP TOP 10 VULNERABILITIS
OWASP TOP 10 VULNERABILITIS
Top Application Security Trends of 2012
Top Application Security Trends of 2012
Web hackingtools 2015
Web hackingtools 2015
Web hackingtools 2015
Web hackingtools 2015
Unit 08: Security for Web Applications
Unit 08: Security for Web Applications
Web hackingtools cf-summit2014
Web hackingtools cf-summit2014
OWASP Top Ten in Practice
OWASP Top Ten in Practice
Web Security
Web Security
A DevOps Guide to Web Application Security
A DevOps Guide to Web Application Security
Web Security
Web Security
Ce hv6 module 42 hacking database servers
Ce hv6 module 42 hacking database servers
Ce Hv6 Module 42 Hacking Database Servers
Ce Hv6 Module 42 Hacking Database Servers
Cyber ppt
Cyber ppt
Mais de nCircle - a Tripwire Company
Computer Forensics Bootcamp
Computer Forensics Bootcamp
nCircle - a Tripwire Company
Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor Authentication
nCircle - a Tripwire Company
Password War Games Webinar
Password War Games Webinar
nCircle - a Tripwire Company
Continuous Monitoring 2.0
Continuous Monitoring 2.0
nCircle - a Tripwire Company
2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey
nCircle - a Tripwire Company
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
nCircle - a Tripwire Company
Compliance what does security have to do with it
Compliance what does security have to do with it
nCircle - a Tripwire Company
Security on a budget
Security on a budget
nCircle - a Tripwire Company
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
nCircle - a Tripwire Company
Mais de nCircle - a Tripwire Company
(9)
Computer Forensics Bootcamp
Computer Forensics Bootcamp
Google-Jacking: A Review of Google 2-Factor Authentication
Google-Jacking: A Review of Google 2-Factor Authentication
Password War Games Webinar
Password War Games Webinar
Continuous Monitoring 2.0
Continuous Monitoring 2.0
2012 nCircle Federal Security and Compliance Trends Survey
2012 nCircle Federal Security and Compliance Trends Survey
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Applying Boyd's OODA Loop Strategy to Drive IT Security Decision and Action
Compliance what does security have to do with it
Compliance what does security have to do with it
Security on a budget
Security on a budget
Real world security webinar (v2012-05-30)
Real world security webinar (v2012-05-30)
Último
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
Call Girls In Delhi Whatsup 9873940964 Enjoy Unlimited Pleasure
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
Michael W. Hawkins
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
anilsa9823
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Renandantas16
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Lviv Startup Club
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
Call Girls in Delhi
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
NZSG
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Delhi Call girls
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Tina Ji
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
discovermytutordmt
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
tbatkhuu1
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Dipal Arora
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
anilsa9823
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
Aggregage
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
Neil Kimberley
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
ritikaroy0888
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
Ravindra Nath Shukla
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
Ethan lee
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
Roland Driesen
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Apsara Of India
Último
(20)
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
HONOR Veterans Event Keynote by Michael Hawkins
HONOR Veterans Event Keynote by Michael Hawkins
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
VIP Call Girls In Saharaganj ( Lucknow ) 🔝 8923113531 🔝 Cash Payment (COD) 👒
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
0183760ssssssssssssssssssssssssssss00101011 (27).pdf
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
9599632723 Top Call Girls in Delhi at your Door Step Available 24x7 Delhi
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Russian Faridabad Call Girls(Badarpur) : ☎ 8168257667, @4999
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
Event mailer assignment progress report .pdf
Event mailer assignment progress report .pdf
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Sales & Marketing Alignment: How to Synergize for Success
Sales & Marketing Alignment: How to Synergize for Success
Mondelez State of Snacking and Future Trends 2023
Mondelez State of Snacking and Future Trends 2023
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
Regression analysis: Simple Linear Regression Multiple Linear Regression
Regression analysis: Simple Linear Regression Multiple Linear Regression
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
The Coffee Bean & Tea Leaf(CBTL), Business strategy case study
Ensure the security of your HCL environment by applying the Zero Trust princi...
Ensure the security of your HCL environment by applying the Zero Trust princi...
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
Cash Payment 9602870969 Escort Service in Udaipur Call Girls
nCircle Webinar: Get your Black Belt
1.
Get Your Black
Belt in Web Application Security 26 April 2012 © 2012 nCircle. All rights reserved.
2.
Web Server and
Web Applications Security 2 © 2012 nCircle. All rights reserved.
3.
Why Web Servers
and Web Applications are hard to Defend Why is attacking a web server or web applications one of the easiest attack methods? – On the perimeter – Accessible by anyone on the Internet – Need to balance functionality with security – Port 80 and port 443 (can‟t just block them) – Lack of security awareness of many web developers – High level of traffic. Hard to distinguish an attack from high volumes of legitimate traffic 3 © 2012 nCircle. All rights reserved.
4.
Typical Attack Steps
against a Web Server 1. Reconnaissance (passive) 2. Scanning and enumeration (active) 3. Gaining Access (exploit) 4. Escalation of privilege 5. Maintain access 6. Covering tracks and placing backdoors 4 © 2012 nCircle. All rights reserved.
5.
Two Methods of
Attack: The Web Server and Web Applications • Web Server Attacks – Vulnerabilities in the web server or web server configuration • Examples: Buffer Overflows, Traversals • Web Application Attacks – Vulnerabilities in web applications • Command Injection • XSS (Cross Site Scripting) 5 © 2012 nCircle. All rights reserved.
6.
Ichi (one)
With respect to defending against web attacks what is problem with port 80 with respect to security? a. It is the default TFTP port b. It can be closed c. It is not a well-known port d. It can‟t be blocked Difficulty: Easy/Medium 6 © 2012 nCircle. All rights reserved.
7.
Ni (two)
For an attack to work on a web server or a web application what does it need to have? a. An exploit b. A risk c. A vulnerability d. A configuration Difficulty: Easy/Medium 7 © 2012 nCircle. All rights reserved.
8.
Congratulations on your
new Yellow Belt! You have attained the WebApp rank of 7th Kyu. 8 © 2012 nCircle. All rights reserved.
9.
Web Server Attacks 9
© 2012 nCircle. All rights reserved.
10.
Buffer Overflow Attack
A buffer overflow attack allows an attacker to overwrite code in the program‟s execution path and thus take control of the program to execute the attacker‟s code. Cause: Poor boundary checking (checking whether a variable is within some bounds before its use) Example: IISHack.exe Exploits the IIS http daemon buffer. Below is a sample: c: iishack www.WebserverA.com 80 www.hackserver.com/mal.exe 10 © 2012 nCircle. All rights reserved.
11.
Web Server File
System Traversal Attacks • Clients are permitted access to only a specific partition of the server file system, known as the web document root directory. • By modifying a website URL, a hacker can perform a file system traversal and obtain access to files on other parts of the server. • Attack is initiated by inserting special characters in URLs, for example, ../ sequence. • Encoding can be used to bypass Web server filtering. 11 © 2012 nCircle. All rights reserved.
12.
San (three)
Which one of the following is NOT one of the typical attacks used against a web server like Apache? a. ARP poisoning b. Buffer overflow c. Source disclosure d. File system traversal Difficulty: Easy/Medium 12 © 2012 nCircle. All rights reserved.
13.
Shi (four)
A web server attack that involves a hacker gaining access to restricted areas and files on a web server is known as which type of attack? a. Buffer boundary b. File system traversal c. Encryption d. File overflow Difficulty: Easy/Medium 13 © 2012 nCircle. All rights reserved.
14.
Congratulations on your
new Blue Belt! You have attained the WebApp rank of 4th Kyu. 14 © 2012 nCircle. All rights reserved.
15.
Web Application Attacks 15
© 2012 nCircle. All rights reserved.
16.
OWASP Top 10
(2010 List) – www.owasp.org OWASP Top 10 Categories A1-Injection A2-Cross Site Scripting (XSS) A3-Broken Authentication/Session Management A4-Insecure Direct Object References A5-Cross Site Request Forgery (CSRF) A6-Security Misconfiguration A7-Insecure Cryptographic Storage A8-Failure to Restrict URL Access A9-Insufficient Transport Layer Encryption A10-Unvalidated Redirects and Forwards 16 © 2012 nCircle. All rights reserved.
17.
Injection (Command Injection
– OWASP A1) • Occurs when untrusted data is sent to a command interpreter as part of a command or query. • Cleverly formed data can trick the command interpreter to performing unintended commands or revealing unintended information • Examples of command injection: – SQL Injection – Script Injection – Any web application that accepts input is potentially vulnerable to injection attacks. Injection is usually done by changing the data in the parameters that are passed into a program 17 © 2012 nCircle. All rights reserved.
18.
SQL Injection (Valid
Data) As an example the user enters Jill and Brown into two input fields on a web page The program takes this input into the CustID variable and dynamically creates the query string : „SELECT * FROM accounts WHERE customerID = Jill_Brown‟ The program then sends this SQL query to the SQL database and the SQL database then retrieves and displays Jill Brown‟s record as expected. 18 © 2012 nCircle. All rights reserved.
19.
SQL Injection (Invalid
Data) The user enters Jane and Doe‟ OR „1‟=„1 on the web page The program takes this input and dynamically creates the query string : „SELECT * FROM accounts WHERE customerID = Jane_Doe‟ OR „1‟=„1‟ The program send this SQL query to the SQL database and it then retrieves ALL of the records in the database accounts table – NOT as expected 19 © 2012 nCircle. All rights reserved.
20.
Defenses Against SQL
Injection • Prepared Statements (parameterized queries) • Stored Procedures • Escaping all user supplied input • Least privilege • White list input validation Reference: OWASP SQL Injection Prevention Cheat Sheet (www.owasp.org) 20 © 2012 nCircle. All rights reserved.
21.
Cross Site Scripting
(XSS – OWASP A2) • Cross-Site Scripting attacks are a type of injection attack, in which malicious scripts are injected into the otherwise benign and trusted web sites. Injection occurs usually by inserting untrusted data in a user‟s browser via a web page request. Untrusted data 21 © 2012 nCircle. All rights reserved.
22.
Defenses Against XSS
Primary defense: Escaping untrusted data “Escaping” is a technique used to ensure that characters are treated as data, not as characters that are relevant to the interpreter's parser. Rule #0 : Never put untrusted data (in a web page) Except in Allowed Locations Rule #1 : HTML Escape Before Inserting Untrusted Data Except into HTML Element Content Rules #2 - #7 : These rules deal with exceptions if you put untrusted data in “Unallowed” locations Reference: OWASP XSS Prevention Cheat Sheet (www.owasp.org) 22 © 2012 nCircle. All rights reserved.
23.
Broken Authentication and
Session Management (OWASP A3) • Web Application functions related to authentication and/or session management (passwords, keys, cookies, tokens, session ids) are poorly implemented allowing an attacker to assume someone else's identity. 23 © 2012 nCircle. All rights reserved.
24.
Defenses Against Broken
Authentication and Session Management • Secure management of session identifiers – Do not put session identifiers in the URL – Session IDs should have a timeout feature • Do not allow the login process to execute from an unencrypted page • Password Change Controls • Password use / strength / storage • Reference: OWASP Session Management and Authentication Cheat Sheets (www.owasp.org) 24 © 2012 nCircle. All rights reserved.
25.
Go (five)
An web application attack that focuses on the database application of a web server and enables a hacker to acquire sensitive information stored in the database is which one of the following? a. Sequence infiltration b. SQL injection c. Cookie poisoning d. Hidden parameter exploit Difficulty: Easy/Medium 25 © 2012 nCircle. All rights reserved.
26.
Roku (six)
What is one of the defenses against SQL Injection? a. Least Privilege b. Black list input validation c. Sanitization d. Proxy manipulation Difficulty: Easy/Medium 26 © 2012 nCircle. All rights reserved.
27.
Congratulations on your
new advanced Blue Belt rank! You have attained the WebApp rank of 2nd Kyu. 27 © 2012 nCircle. All rights reserved.
28.
Web Server and
Web Application Defense Tools 28 © 2012 nCircle. All rights reserved.
29.
Web Server and
Application Defense Tools (1 of 2) • Scanning and mapping tools • Ping, Nping, Nmap, Amap, SuperScan, … • Vulnerability and Web vulnerability scanners • Nikto, Wikto, Nessus, w3af, IP360, WebInspect, Sentinel, WebApp360, Cenzic, Fortify, … • Web proxy tools • WebScarab, Paros Proxy, Burp Proxy, … • Web mapping/ripping tools • Black Widow, Wget, skipfish, … • Communication/data transfer tools • Ncat, telnet, ftp, …. • Exploits, Exploit Kits, and Exploit Frameworks • Program for a specific exploit • Pen Test frameworks: Metasploit, Core Impact, CANVAS 29 © 2012 nCircle. All rights reserved.
30.
Web Server and
Application Defense Tools (2 of 2) • Password cracking tools • John the Ripper, Cain and Abel, PRTK, ophcrack, … • Web Source Code examination tools: • Instant Source, Firebug, …. • SQL Injection Tools • BSQL Hacker, The Mole, sqlmap, Pangolin, … 30 © 2012 nCircle. All rights reserved.
31.
Network Defense Tools
(Protecting the Web Server) • Routers • Firewalls (network layer) • Web Application Firewalls (application layer) • Web Application Proxies • Honeypots/Honeynets • Logging • Intrusion Detection/Prevention System (IDS/IPS) • Host-based Intrusion Detection (HIDS), e.g. file integrity detection • Backups • Computer Forensic Tools 31 © 2012 nCircle. All rights reserved.
32.
Web Server Protection
• Protect the Web Server • Vulnerability Assessment • Harden the Web Server – Host (OS) – Web Server – Web Services • Logging • Backups and recovery 32 © 2012 nCircle. All rights reserved.
33.
Place the Web
Sever in an Untrusted Zone 33 © 2012 nCircle. All rights reserved.
34.
Security Harden the
Web Server (1 of 2) • Use Security Hardening Guides (Vendor documentation, OWASP, SANS, NIST, WASC) • Host (OS) hardening • Web Server hardening – Use tools like IIS Lockdown and URLscan – Harden each service you offer on your Web Server – Disable / remove anything you don‟t use or need: accounts, ports, services, accounts, plug-ins – Configuration settings – Permissions 34 © 2012 nCircle. All rights reserved.
35.
Security Harden the
Web Server (2 of 2) • Authentication and Access Control – File and directory permissions – Account password and lockout policies • Logging and Audit Policies • Vulnerability and Compliance Assessments – Vulnerability scanner – Web application vulnerability scanner – Configuration scanner – Audits for compliance assessments – Penetration testing / manual testing 35 © 2012 nCircle. All rights reserved.
36.
Web Server Attack
Countermeasures • Buffer Overflow – Can be mitigated by conducting frequent scans for server vulnerabilities – Prompting acquiring and installing patches and service packs – Implementing effective firewalls – Applying web configuration lockdown utilities • File System Traversal – Promptly apply patches and updates to the web server – Restrict privileges to executable programs such as cmd.exe – Set file and directory permissions – Locate the system software on a different disk drive from the web site software and content directory. 36 © 2012 nCircle. All rights reserved.
37.
Shichi (seven)
Tools such as Nmap and Amap are used primarily for which one of the following Web attack steps? a. Banner grabbing b. Defeating authentication c. Scanning d. Password Cracking Difficulty: Medium/Hard 37 © 2012 nCircle. All rights reserved.
38.
Hachi (eight)
What is a good tool to help harden an IIS web server? (choose the best answer) a. Cain and Abel b. URLscan c. ncat d. WebScarab Difficulty: Medium/Hard 38 © 2012 nCircle. All rights reserved.
39.
Congratulations on your
new Black Belt! You have attained the WebApp rank of 1st Dan 39 © 2012 nCircle. All rights reserved.
40.
Resources
• OWASP (Open Web Application Security Project) www.owasp.org • NIST (National Institute of Standards and Technology) www.nist.gov • SANS www.sans.org • Web Application Security Consortium (WASC) www.webappsec.org • SecTools.org http://sectools.org 40 © 2012 nCircle. All rights reserved.
41.
Questions? 41
© 2012 nCircle. All rights reserved.
Baixar agora