Hci01 Humancomputerinteraction Overview 100223032907 Phpapp01
Applicationsecurity Overview 130101022807 Phpapp01
-
Upload
muh-fauzi-natsir -
Category
Documents
-
view
222 -
download
0
description
Transcript of Applicationsecurity Overview 130101022807 Phpapp01
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 1/34
Application Security
Asanka Fernandopulle
Senior Software Engineer99X Technology
Dilan Warnakulasooriya
Information Security Engineer99X Technology
!"#"$ 99X Technology%c&
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 2/34
'asics of Application Security
•
(TT) and (TT)S
• Symmetric key• Asymmetric key• Session key• Analy*ing a certi+cate
• Sni,ng (TT) and (TT)S• -alomel plugin
!"#"$ 99X Technology%c& .
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 3/34
'asics of Application Security
•
/an in the middle
• Analy*ing 0rowser re1uests• Analy*ing ser2er response• https communication
• https and s3http
!"#"$ 99X Technology%c& 4
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 4/34
'asics of Application Security
• What 5WAS) does
• 'uilders 6 'reakers and Defenders
!"#"$ 99X Technology%c& 7
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 5/34
We0 Application penetration testing
•
'asic we0 testing methodology
• 8ulnera0ility6 Threat and Eploit
• De2eloper le2el application security o2er2iew
!"#"$ 99X Technology%c& $
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 6/34
We0 Application penetration testing
•
Application Security frameworks
• 'efore de2elopment 0egins• During de+nition and design• During de2elopment• During deployment• /aintenance and operations
!"#"$ 99X Technology%c& :
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 7/34
We0 Application penetration testing
•
We0 application security re2iew frameworks
• Samurai WTF• We0securify• Wapiti• Ski,sh•
Acuneti• We0scara0• W4af
!"#"$ 99X Technology%c& #
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 8/34
Secure Authentication
•
Authentication"Access control methods
!"#"$ 99X Technology%c& ;
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 9/34
Secure Authentication
•
Authentication 0ypass techni1ues
• Direct page re1uest• )arameter modi+cation• Session ID prediction• S1l in<ection
Session predicta0ility 3 we0scara0"0urpsuite
!"#"$ 99X Technology%c& 9
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 10/34
Secure Authentication
•
'ypass authentication matri
• 'asic authentication• /ulti3=e2el login • /ulti3=e2el login .
!"#"$ 99X Technology%c& !
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 11/34
Secure Authentication
•
)assword remem0er
• )assword strength• Forgot password
•'rowser cache management
!"#"$ 99X Technology%c&
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 12/34
Secure Authentication
•
)arameter tampering
• 'ypass (T/= Field restrictions• Eploit hidden +elds• 'ypass client side >a2aScript 2alidation
• -oding controls for )arameter Tampering
!"#"$ 99X Technology%c& .
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 13/34
Secure Authentication
•
Access control ?aws
• @sing an Access control matri• 'ypass a path 0ased access control scheme• 'ypass data layer access control
!"#"$ 99X Technology%c& 4
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 14/34
In<ections
•
S= in<ection classes
• In 0and• 5ut of 0and• Inferential
!"#"$ 99X Technology%c& 7
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 15/34
In<ections
•
Techni1ues to eploit s1l in<ections
• @nion operator• 'oolean• Error 0ased• 5ut of 0and•
Time delay
!"#"$ 99X Technology%c& $
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 16/34
In<ections
• Standard S= in<ection testing
• SELECT * FROM Users WHEREUsername='$username' ANDPassword='$assword'
• Bumeric s1l in<ection
!"#"$ 99X Technology%c& :
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 17/34
In<ections
•
@nion Eploitation techni1ue
• Xpath in<ection• String s1l in<ection
!"#"$ 99X Technology%c& #
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 18/34
In<ections
•
'oolean Eploitation techni1ue
• S1l in<ection C stage C String s1l in<ection
• Stage 4 C Bumeric s1l in<ection
!"#"$ 99X Technology%c& ;
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 19/34
In<ections
•
Error 0ased Eploitation techni1ue
• /odify data with s1l in<ection
• Add data with s1l in<ection
!"#"$ 99X Technology%c& 9
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 20/34
In<ections
• 5ut of 0and Eploitation techni1ue
!"#"$ 99X Technology%c& .!
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 21/34
In<ections
•
Time delay Eploitation techni1ue
• Stored procedure Eploitation techni1ue
• Automated Eploitation techni1ue
!"#"$ 99X Technology%c& .
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 22/34
In<ections
•
(ow de2elopers work on S= in<ection
• Automate your in<ection
• s1lmap
!"#"$ 99X Technology%c& ..
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 23/34
Session /anagement
• Session management techni1ues
• Session management 2ulnera0ility
• insu,cient session id length• Session +ation• Session 2aria0le o2erloading
!"#"$ 99X Technology%c& .4
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 24/34
Session /anagement
• -heck your cookies
• -ookie collection• -ookie re2erse engineering• -ookie manipulation
• (i<ack a session
• (i<ack a session• Spoof an authentication cookie• Session +ation
!"#"$ 99X Technology%c& .7
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 25/34
Session /anagement
•(ow de2elopers work on session handling
!"#"$ 99X Technology%c& .$
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 26/34
-ode uality
•
-ode 1uality 0reach
• Disco2er clues in the (T/=
!"#"$ 99X Technology%c& .:
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 27/34
-ross Site Scripting
•
Scripting types
• e?ected cross site scripting %non3persistent XSS&• Stored cross site scripting %second3order XSS&• D5/ 0ased cross site scripting %type ! ss&
!"#"$ 99X Technology%c& .#
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 28/34
-ross Site Scripting
•
e?ected cross site scripting %non3persistentXSS&
• Testing for re?ected XSS
• e?ected ss
!"#"$ 99X Technology%c& .;
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 29/34
-ross Site Scripting
•
'ypass XSS +lters
• Tag Attri0ute 8alue• Dierent synta or enconding• 'ypassing non3recursi2e +ltering
!"#"$ 99X Technology%c& .9
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 30/34
-ross Site Scripting
• Stored cross site scripting %second3order XSS&
• XSS attack scenario
• Stored XSS
!"#"$ 99X Technology%c& 4!
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 31/34
-ross Site Scripting
• Testing for Stored cross site scripting
• Input forms• Analy*e (T/= code• Eploitation framework• File upload
!"#"$ 99X Technology%c& 4
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 32/34
-ross Site Scripting
•
(ow de2eloper handle XSS and -SF
!"#"$ 99X Technology%c& 4.
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 33/34
Testing Tools
•
)roy
• (ow to write secure programs
!"#"$ 99X Technology%c& 44
7/17/2019 Applicationsecurity Overview 130101022807 Phpapp01
http://slidepdf.com/reader/full/applicationsecurity-overview-130101022807-phpapp01 34/34
Thank you
!"#"$ 99X Technology%c& 47