HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Download HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.

Post on 01-Apr-2015

212 views

Category:

Documents

0 download

TRANSCRIPT

<ul><li>Slide 1</li></ul> <p>HI-TEC 2011 SQL Injection Slide 2 Clients Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC or OLE DB Or ADO Slide 3 Common Web Application Vulnerabilities Slide 4 Cross-Site Scripting (XSS) SQL Injection Cross-Site Request Forgery (CSRF) Slide 5%22 instead of ""&gt; Cross-Site Scripting (XSS) Attacks One user injects code that attacks another user Common on guestbooks, comment pages, forums, etc. Caused by failure to filter out HTML tags These characters " &amp; Also watch out for hex-encoded versions %3c instead of &lt; %3e instead of &gt; %22 instead of " Slide 6 Cross-Site Scripting (XSS) One client posts active content, with tags or other programming content When another client reads the messages, the scripts are executed in his or her browser One user attacks another user, using the vulnerable Web application as a weapon 6 Slide 7 alert("XSS vulnerability!") alert("XSS vulnerability!") alert(document.cookie) alert(document.cookie) window.location="http://www.ccsf.edu" window.location="http://www.ccsf.edu" 7 Slide 8 XSS Scripting Effects Steal another user's authentication cookie Hijack session Harvest stored passwords from the target's browser Take over machine through browser vulnerability Redirect Webpage Many, many other evil things 8 Slide 9 Common XSS Payloads See link Ch 12z06 Slide 10 Cross-Site Scripting Countermeasures Filter out ( ) # &amp; and the variants of them HTML-encode output, so a character like &lt; becomes &lt; -- that will stop scripts from running In IE 6 SP1 or later, an application can set HttpOnly Cookies, which prevents them from being accessed by scripts Analyze your applications for XSS vulnerabilities Fix the errors you find Slide 11 Common Web Application Vulnerabilities SQL Injection Slide 12 SQL Injection Comic xkcd.org a great comic Link Ch 11i Slide 13 SQL Injection Example HTML form collects name and pw SQL then uses those fields: SELECT * FROM customer WHERE username = name' AND password = pw' If a hacker enters a name of OR 1=1 -- The SQL becomes: SELECT * FROM customer WHERE username = OR 1=1 --' AND password = pw Which is always true, and returns all the records Slide 14 HackThisSite Slide 15 WebGoat Demo Slide 16 Web App Vulnerability Scanner Slide 17 Finding Vulnerable Web Apps with Google Inurl:SELECT%20FROM Slide 18 Expensive Commercial Tools HP WebInspect and Security Toolkit Rational AppScan Cenzic Hailstorm Slide 19 Highly rated commercial Web applicaion vulnerability scanner Links Ch 11o, 11p Slide 20 Other Web Vulnerabilities Slide 21 Nikto Slide 22 Tamper Data Demo Vulnerable Message Board Slide 23 Acts like a proxy server You can see POST data and alter it This will defeat client-side validation Slide 24 Cold Calls </p>

Recommended

View more >