Introduction to Security Vulnerabilities
-
Upload
vodqa -
Category
Technology
-
view
354 -
download
0
Transcript of Introduction to Security Vulnerabilities
AGENDA
▫︎ Some vocabulary
▫︎ Introduction to OWASP
▫︎OWASP top 10
▫︎ Some demos
▫︎ Tools
▫︎ References
3
Vulnerability refers to the inability of a system to withstand the effects of a
hostile environment.
6
In computer security:
A vulnerability is a weakness which allows an attacker to reduce a system's
information assurance.
7
Exploit means to take advantage of something for one's own end, especially
unethically or unjustifiably.
9
An exploit is a piece of software that takes advantage of a bug or
vulnerability in order to cause unintended behaviour to occur on computer software or hardware
10
OWASP
▫︎Open Web Application Security Project
▫︎Not-for-profit charitable organisation
▫︎ Focused on improving the security of software
▫︎All materials are available under a FOSS license
▫︎Currently has over 142 active projects
12
OWASP TOP 10
▫︎ List of the 10 most critical web application security risks
▫︎A powerful awareness document
▫︎ Reference document for project security analysis
▫︎ Published at regular intervals
▫︎Approximately once in 3 years
▫︎ Last published in 2013
14
OWASP TOP 10, 2013
1. Injection
2. Broken authentication and session management
3. Cross site scripting (XSS)
4. Insecure direct object references
5. Security misconfiguration
6. Sensitive data exposure
7. Missing function level access control
8. Cross site request forgery (CSRF)
9. Using components with known vulnerability
10.Unvalidated redirects and forwards15
OWASP TOP 10, 2013
1. Injection
2. Broken authentication and session management
3. Cross site scripting (XSS)
4. Insecure direct object references
5. Security misconfiguration
6. Sensitive data exposure
7. Missing function level access control
8. Cross site request forgery (CSRF)
9. Using components with known vulnerability
10.Unvalidated redirects and forwards16
INJECTION
▫︎ SQL Injection
▫︎Most prevalent
▫︎Databases like Oracle, MySQL
▫︎NoSQL Injection
▫︎Comparatively recent
▫︎Databases like MongoDB
▫︎Command Injection
▫︎ LDAP Injection
18
BROKEN AUTHENTICATION
▫︎ Session ID in URL or in the referrer header
▫︎ PHPSESSID
▫︎ JSESSIONID
▫︎Unencrypted passwords in storage or transit
▫︎ Login over HTTP
▫︎ Email password in plain text (BSNL?)
▫︎ Predictable session IDs
▫︎ Reusing same session IDs
23
CROSS SITE SCRIPTING (XSS)
▫︎ Inject client-side script into pages viewed by other users
▫︎No HTML or Javascript escaping
▫︎Can steal cookies, change page location, etc.
▫︎ Script executes with same permission as current page
25
XSS TYPES
▫︎Reflected
▫︎Non-persistent
▫︎ The most common type
▫︎ Is typically delivered via email or a neutral web site
▫︎Display a page of results for a user, without properly sanitising the request.
▫︎ Ex. Search result with search term without sanitisation
26
XSS TYPES
▫︎ Stored
▫︎ Persistent
▫︎A more devastating variant
▫︎ Permanently displayed on "normal" pages returned to other users
▫︎ Example: Online message boards / Forums, Post on Facebook wall
27
INSECURE DIRECT OBJECT REFERENCES
▫︎Actual name or key of an object when generating web pages
▫︎Don’t verify the user is authorised for the target object
▫︎Attackers can easily manipulate parameter values to access another object
▫︎ http://photos.com/download.php?file=personal.jpg
▫︎ http://mybank.com/accountInfo?accNumber=123456
32
SECURITY MISCONFIGURATION
▫︎ Running the application with debug enabled in production.
▫︎Directory listing enabled on the server
▫︎ Running outdated software
▫︎Unnecessary services running on the machine
▫︎Not changing default keys and passwords
▫︎ Revealing error handling information to the attackers, such as stack traces.
34
OWASP TOP 10, 2013
1. Injection
2. Broken authentication and session management
3. Cross site scripting (XSS)
4. Insecure direct object references
5. Security misconfiguration
6. Sensitive data exposure
7. Missing function level access control
8. Cross site request forgery (CSRF)
9. Using components with known vulnerability
10.Unvalidated redirects and forwards35
SECURITY TESTING - ZAP
39https://blog.codecentric.de/files/2013/10/zap-screenshot.png
RESOURCES
▫︎ https://www.owasp.org/index.php
▫︎ https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project
▫︎ https://en.wikipedia.org/wiki/Cross-site_scripting
▫︎ http://www.toptal.com/security/10-most-common-web-security-vulnerabilities
42
ThoughtWorks is hiring.
http://www.thoughtworks.com/join
THANK YOU!