Securitatea aplicatiilor online

Vulnerabilitati

Solutii folosite

•Servere WEB (IIS, Apache)

•Database (MySql,Oracle, MSSQL)

• Interpretoare (Php, PERL, ASP)

Codul scris

•SQL injection

•XSS

•CSRF/XSRF

•Email Injection

•Directory traversal

Network

• MITM attack

SQL Injection• Atac asupra bazei de date

http://www.example.com/view.php?id_cat=4

"SELECT * FROM data WHERE id_category = " + $_GET[‘id’] + ";"

http://www.example.com/view.php?id_cat=4 OR 1=1

"SELECT * FROM data WHERE id = 1 OR 1=1;"

OR 1=1

why ?

•Furtul de informatii•Alterarea datelor• Just for the fun of it

•Se intampla si la case mai mari ▫2007 Microsoft UK ▫2007 UN web site▫2008 Kaspersky website

Protectie

•Tot input-ul trebuie verificat

•Criptarea datelor importante

•Backup zilnic

•Update la database server

Demonstratie

XSS

• Input-ul nu este verificat•Este acceptat input-ul de HTML•Tipuri :

▫Non-persistent

▫Persistent

Non-persistent

http://www.example.com?search.php?s=<script>alert(document.cookie)</script>

Rezultatul :

persistent

CSRF/XSRF

• Impotriva site-urilor care folosesc autentificarile din coockie/session

• “Hacker-ul” – are informatii despre site-ul pe care victima are access

<img src=“http://www.other-example.com?deleteuser.php?u=vasile” />

Email injection

Codul din spateNu verificam input-ul

String-ul trimis la serverul de mail :

Directory traversal

HTTP requests

MITM attack

•Transferul datelor

Demonstratie

Concluzii

•Verifica tot input-ul

•Informatii criptate

•Back-up

•Users can’t be trusted

•Fii paranoic