SlideShare uma empresa Scribd logo

Fortifying Ruby On Rails Web Application Security

OWASP Nagpur
OWASP Nagpur

OWASP Chapters All Day Hours 19 - OWASP Nagpur Session 2

Internet
1 de 13
Baixar para ler offline
Chapters All DayTM Fortifying Ruby On Rails Web Application Framework Security By Sahil Tembhare OWASP Nagpur
Chapters All DayTM About Me Sahil Tembhare ● Engineering Student (Computer Science and Engineering) ● Part Time Bug Bounty Hunter ● Likes to code in Ruby and Rust ● One of the OWASP Nagpur Chapter Leader peeper35 on and
Chapters All DayTM Some of the Tech Giants are using Rails Application Development and configuration is such an ease, and therefore sometimes not easy to secure Why care about Rails?
Chapters All DayTM Sessions Goal 1. Securing your Rails Application 2. Keep a track of some of the CVE’s and patch them
Chapters All DayTM SQL Injection in Rails ● ORM’s does not completely prevents SQLi’s There are some methods in ActiveRecord (The ORM which Rails use) which can cause SQLi’s, one must know these methods and use them safely. One of these methods are - 1. delete_all() -> params[:id] = "1) OR 1=1--" User.delete_all(“id = #{params[:id]}”) This will become -> DELETE from “users” WHERE (id = 1) OR 1=1--) Which will result in deletion fo all the records from users table The delete_all() method takes string, array or hash argument. Strings are not escaped at all which causes the SQL Injection, the string needs to be escaped first.
Chapters All DayTM Ruby 2.x Universal RCE Deserialization Gadget Chain Ruby uses a gem (library) named Marshal for serialization and deserialization of objects Deserializing untrusted data can be dangerous ActiveSupport and ERB must be loaded already - these conditions are already satisfied by Ruby On Rails Now with all these conditions are satisfied we can hunt for the Gadget Chain There are some available gadget chains found by researchers require and autoload Complete research about the topic: https://www.elttam.com//blog/ruby-deserialization/
Chapters All DayTM Easy RCE in MiniMagick gem Vulnerable version - before 4.9.4 Fetching a remote image could cause a Remote Code Execution just using a single | (pipe) The Image.open from MiniMagick library takes input and passes it directly to Kernel#open And Kernel#open accepts a pipe character | followed by a command. Reference to CVE: https://twitter.com/VulmonFeeds/status/1149556950364856320
Chapters All DayTM CVE 2019-5418 - File Content Disclosure Affected Version: All Fixed in: 6.0.0.beta3 File Content Disclosure in ActionView The render function in ActionView causes this vulnerability render file: does not takes a proper file accept format The impact is only limited to the calls to render CVE Reference: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails-file-content-disclosure-cve-2019-5418/
Chapters All DayTM SSRF in Ruby’s native Resolver CVE 2017-0904 SSRF filters can be bypassed using resolv::getaddresses resolv::getaddresses is completely OS Dependent Playing around with IP’s can give blank values Resolv.getaddresses("127.0.0.1") -> ["127.0.0.1"] ~ expected result Resolv.getaddresses("127.000.000.1") -> [] ~ unexpected result require 'resolv' uri = "0x7f.1" # "0x7f.1" server_ips = Resolv.getaddresses(uri) # [] ~ The bug here blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] # ["127.0.0.1", "::1", "0.0.0.0"] (Code Snippets took from the reference site) (blocked_ips & server_ips).any? # false ~ Bypassed the filter Full reference: https://edoverflow.com/2017/ruby-resolv-bug/
Chapters All DayTM Demo Time CVE 2019-5418 - File Content Disclosure
Chapters All DayTM References and Further Reading ● https://rails-sqli.org/ ● https://www.elttam.com//blog/ruby-deserialization/ ● https://twitter.com/VulmonFeeds/status/1149556950364856320 ● https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails- file-content-disclosure-cve-2019-5418/ ● https://www.youtube.com/watch?v=HNyrUS1lsIE ● https://edoverflow.com/2017/ruby-resolv-bug/ ● https://hackerone.com/rails/hacktivity ● https://www.youtube.com/watch?v=AFOlxqQCTxs ● http://guides.rubyonrails.org/security.html ● https://github.com/OWASP/railsgoat
Chapters All DayTM Rails Security Checklist Let CanCanCan handle the authorization model in your app - https://github.com/CanCanCommunity/cancancan Devise for authentication part https://github.com/heartcombo/devise protect_from_forgery with: :exception on sensitive controller actions etc... Further Reading: https://guides.rubyonrails.org/security.html
Chapters All DayTM THANK YOU! Questions? peeper35 on and

Recomendados

What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0Matt Raible
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Java frameworks
Java frameworksJava frameworks
Java frameworksMurat Can ALPAY
 
Spring framework
Spring frameworkSpring framework
Spring frameworksrmelody
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 

Recomendados

What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0Matt Raible
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Java frameworks
Java frameworksJava frameworks
Java frameworksMurat Can ALPAY
 
Spring framework
Spring frameworkSpring framework
Spring frameworksrmelody
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Robert Scholte
 
Codemotion 2015 spock_workshop
Codemotion 2015 spock_workshopCodemotion 2015 spock_workshop
Codemotion 2015 spock_workshopFernando Redondo Ramírez
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingKnoldus Inc.
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Franz Allan See
 
Spring Tutorial
Spring TutorialSpring Tutorial
Spring TutorialeMexo Technologies
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Robot framework
Robot frameworkRobot framework
Robot frameworkKushan Shalindra Amarasiri - Technical QE Specialist
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Edureka!
 
Selenium
SeleniumSelenium
SeleniumMayuresh Wadekar
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaEdureka!
 
SpringBoot
SpringBootSpringBoot
SpringBootJaran Flaath
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration TestNicole Gaehle, MSIST
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Spring Boot
Spring BootSpring Boot
Spring BootJaran Flaath
 
Owasp lapse
Owasp lapseOwasp lapse
Owasp lapsen|u - The Open Security Community
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...Eric Smalling
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuningJerry Kurian
 

Mais conteúdo relacionado

Mais procurados

Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Robert Scholte
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingKnoldus Inc.
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Franz Allan See
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Edureka!
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaEdureka!
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...Eric Smalling
 

Mais procurados (20)

Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)
 
Codemotion 2015 spock_workshop
Codemotion 2015 spock_workshopCodemotion 2015 spock_workshop
Codemotion 2015 spock_workshop
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal Understanding
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introduction
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualization
 
The history of selenium
The history of seleniumThe history of selenium
The history of selenium
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12
 
Spring Tutorial
Spring TutorialSpring Tutorial
Spring Tutorial
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
 
Robot framework
Robot frameworkRobot framework
Robot framework
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
 
Selenium
SeleniumSelenium
Selenium
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | Edureka
 
SpringBoot
SpringBootSpringBoot
SpringBoot
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Owasp lapse
Owasp lapseOwasp lapse
Owasp lapse
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
 

Semelhante a Fortifying Ruby On Rails Web Application Security

Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuningJerry Kurian
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEDavid Jorm
 
GraalVM Overview Compact version
GraalVM Overview Compact versionGraalVM Overview Compact version
GraalVM Overview Compact versionscalaconfjp
 
A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!Muhammad Ghazali
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoringOracle Korea
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringDonghuKIM2
 
Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Untung D Saptoto
 
Selenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolSelenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolAtsushi Sano
 
Selenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzSelenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzTraining Institute
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5Soheil Khodayari
 
selenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfselenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfAnuragMourya8
 
Mobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMichael Palotas
 
Java online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingJava online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingVyshnavi Reddy
 

Semelhante a Fortifying Ruby On Rails Web Application Security (20)

Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuning
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCE
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptx
 
GraalVM Overview Compact version
GraalVM Overview Compact versionGraalVM Overview Compact version
GraalVM Overview Compact version
 
A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoring
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics Monitoring
 
Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Web application development with laravel php framework version 4
Web application development with laravel php framework version 4
 
oraclewls-jrebel
oraclewls-jrebeloraclewls-jrebel
oraclewls-jrebel
 
Selenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolSelenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing Tool
 
Selenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzSelenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemz
 
.net Framework
.net Framework.net Framework
.net Framework
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5
 
selenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfselenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdf
 
Speedy TDD with Rails
Speedy TDD with RailsSpeedy TDD with Rails
Speedy TDD with Rails
 
Mobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructure
 
Java online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingJava online training, java training in bangalore, java training
Java online training, java training in bangalore, java training
 

Mais de OWASP Nagpur

Open Source Everything
Open Source EverythingOpen Source Everything
Open Source EverythingOWASP Nagpur
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur
 
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019OWASP Nagpur
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur
 

Mais de OWASP Nagpur (7)

Open Source Everything
Open Source EverythingOpen Source Everything
Open Source Everything
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
 
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android RE
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 

Último

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsstephieert
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607dollysharma2066
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneCall girls in Ahmedabad High profile
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$kojalkojal131
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersDamian Radcliffe
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGAPNIC
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...aditipandeya
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Dana Luther
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)Damian Radcliffe
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsstephieert
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girladitipandeya
 

Último (20)

Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Jamuna Vihar Delhi reach out to us at 🔝9953056974🔝
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
Russian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girlsRussian Call girls in Dubai +971563133746 Dubai Call girls
Russian Call girls in Dubai +971563133746 Dubai Call girls
 
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
FULL ENJOY Call Girls In Mayur Vihar Delhi Contact Us 8377087607
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service PuneVIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
VIP Call Girls Pune Madhuri 8617697112 Independent Escort Service Pune
 
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
Call Girls Dubai Prolapsed O525547819 Call Girls In Dubai Princes$
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providersMoving Beyond Twitter/X and Facebook - Social Media for local news providers
Moving Beyond Twitter/X and Facebook - Social Media for local news providers
 
Networking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOGNetworking in the Penumbra presented by Geoff Huston at NZNOG
Networking in the Penumbra presented by Geoff Huston at NZNOG
 
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
VIP 7001035870 Find & Meet Hyderabad Call Girls Dilsukhnagar high-profile Cal...
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
Packaging the Monolith - PHP Tek 2024 (Breaking it down one bite at a time)
 
How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)How is AI changing journalism? (v. April 2024)
How is AI changing journalism? (v. April 2024)
 
Radiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girlsRadiant Call girls in Dubai O56338O268 Dubai Call girls
Radiant Call girls in Dubai O56338O268 Dubai Call girls
 
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call GirlVIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
VIP 7001035870 Find & Meet Hyderabad Call Girls LB Nagar high-profile Call Girl
 
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICECall Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
Call Girls In South Ex 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SERVICE
 

Fortifying Ruby On Rails Web Application Security

  • 1. Chapters All DayTM Fortifying Ruby On Rails Web Application Framework Security By Sahil Tembhare OWASP Nagpur
  • 2. Chapters All DayTM About Me Sahil Tembhare ● Engineering Student (Computer Science and Engineering) ● Part Time Bug Bounty Hunter ● Likes to code in Ruby and Rust ● One of the OWASP Nagpur Chapter Leader peeper35 on and
  • 3. Chapters All DayTM Some of the Tech Giants are using Rails Application Development and configuration is such an ease, and therefore sometimes not easy to secure Why care about Rails?
  • 4. Chapters All DayTM Sessions Goal 1. Securing your Rails Application 2. Keep a track of some of the CVE’s and patch them
  • 5. Chapters All DayTM SQL Injection in Rails ● ORM’s does not completely prevents SQLi’s There are some methods in ActiveRecord (The ORM which Rails use) which can cause SQLi’s, one must know these methods and use them safely. One of these methods are - 1. delete_all() -> params[:id] = "1) OR 1=1--" User.delete_all(“id = #{params[:id]}”) This will become -> DELETE from “users” WHERE (id = 1) OR 1=1--) Which will result in deletion fo all the records from users table The delete_all() method takes string, array or hash argument. Strings are not escaped at all which causes the SQL Injection, the string needs to be escaped first.
  • 6. Chapters All DayTM Ruby 2.x Universal RCE Deserialization Gadget Chain Ruby uses a gem (library) named Marshal for serialization and deserialization of objects Deserializing untrusted data can be dangerous ActiveSupport and ERB must be loaded already - these conditions are already satisfied by Ruby On Rails Now with all these conditions are satisfied we can hunt for the Gadget Chain There are some available gadget chains found by researchers require and autoload Complete research about the topic: https://www.elttam.com//blog/ruby-deserialization/
  • 7. Chapters All DayTM Easy RCE in MiniMagick gem Vulnerable version - before 4.9.4 Fetching a remote image could cause a Remote Code Execution just using a single | (pipe) The Image.open from MiniMagick library takes input and passes it directly to Kernel#open And Kernel#open accepts a pipe character | followed by a command. Reference to CVE: https://twitter.com/VulmonFeeds/status/1149556950364856320
  • 8. Chapters All DayTM CVE 2019-5418 - File Content Disclosure Affected Version: All Fixed in: 6.0.0.beta3 File Content Disclosure in ActionView The render function in ActionView causes this vulnerability render file: does not takes a proper file accept format The impact is only limited to the calls to render CVE Reference: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails-file-content-disclosure-cve-2019-5418/
  • 9. Chapters All DayTM SSRF in Ruby’s native Resolver CVE 2017-0904 SSRF filters can be bypassed using resolv::getaddresses resolv::getaddresses is completely OS Dependent Playing around with IP’s can give blank values Resolv.getaddresses("127.0.0.1") -> ["127.0.0.1"] ~ expected result Resolv.getaddresses("127.000.000.1") -> [] ~ unexpected result require 'resolv' uri = "0x7f.1" # "0x7f.1" server_ips = Resolv.getaddresses(uri) # [] ~ The bug here blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] # ["127.0.0.1", "::1", "0.0.0.0"] (Code Snippets took from the reference site) (blocked_ips & server_ips).any? # false ~ Bypassed the filter Full reference: https://edoverflow.com/2017/ruby-resolv-bug/
  • 10. Chapters All DayTM Demo Time CVE 2019-5418 - File Content Disclosure
  • 11. Chapters All DayTM References and Further Reading ● https://rails-sqli.org/ ● https://www.elttam.com//blog/ruby-deserialization/ ● https://twitter.com/VulmonFeeds/status/1149556950364856320 ● https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails- file-content-disclosure-cve-2019-5418/ ● https://www.youtube.com/watch?v=HNyrUS1lsIE ● https://edoverflow.com/2017/ruby-resolv-bug/ ● https://hackerone.com/rails/hacktivity ● https://www.youtube.com/watch?v=AFOlxqQCTxs ● http://guides.rubyonrails.org/security.html ● https://github.com/OWASP/railsgoat
  • 12. Chapters All DayTM Rails Security Checklist Let CanCanCan handle the authorization model in your app - https://github.com/CanCanCommunity/cancancan Devise for authentication part https://github.com/heartcombo/devise protect_from_forgery with: :exception on sensitive controller actions etc... Further Reading: https://guides.rubyonrails.org/security.html
  • 13. Chapters All DayTM THANK YOU! Questions? peeper35 on and