Predrag Cujanovic from OWASP Serbia talking about Cross site scripting, SQL injection and insecure cryptographic storage. Presentation was held on 9.7.2012. on faculty of Electrical Engineering, University of Belgrade.
10. Kako sprečiti XSS napad?
• Filtriranjem podataka preko već predefinisanih php
funkcija:
strip_tags, htmlspecialchars, htmlentities
• Izbegavati pisanje sopstvenih funkcija samo za ovu
namenu
11. SQL injection (SQLi) napad
Šta je SQLi napad?
Tipovi SQLi napada
Opasnost SQLi napada
Kako sprečiti SQLi napad?
13. Tipovi SQLi napada
Incorrectly filtered escape characters
(SELECT * FROM users WHERE name = '' OR '1'='1' -- ';)
Incorrect type handling
(SELECT * FROM userinfo WHERE id=1;DROP TABLE users;)
Blind SQL injection
(SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND '1'='1';)
Time Based SQL injection
(download_key=1' AND 6424=BENCHMARK(5000000,MD5(CHAR(102,100,78,99))) AND 'uzOQ'='uzOQ)
14. Opasnost SQLi napada
Pristup podacima u bazi (UNION SELECT 1,2,3,4--)
Izmena, brisanje podataka u bazi – DROP users;
Čitanje fajlova - load_file('/etc/passwd') ili
load_file(0x2f6574632f706173737764) funkcija
Pravnjenje novih fajlova - INTO OUTFILE
'/var/www/victim.com/shell.php'
15. Kako sprečiti SQLi napad?
mysql_real_escape_string funkcija
is_numeric funkcija
cast to int – (int)
17. Insecure cryptographic storage
0. koristiti neki hash algoritam
1. ne korisiti zastrarele hash algoritme
(md5 je zvanično mrtav)
2. korisiti salt, najbolje ih ne čuvati u bazi
(primer Wordpress)
3. korisiti dva različita hash algoritma
(sha1($salt.(des($salt.$pass.$salt))))