• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
SQL Injection & Cross Site Scripting, by Stefano Santomauro
 

SQL Injection & Cross Site Scripting, by Stefano Santomauro

on

  • 2,325 views

Le due vulnerabilità più diffuse sul web. Perché vengono così sottovalutate? Sono davvero così pericolose? Si può contrastarle efficacemente? Simuliamo degli attachi analizzandone potenzialità ...

Le due vulnerabilità più diffuse sul web. Perché vengono così sottovalutate? Sono davvero così pericolose? Si può contrastarle efficacemente? Simuliamo degli attachi analizzandone potenzialità e possibili soluzioni

Statistics

Views

Total Views
2,325
Views on SlideShare
2,110
Embed Views
215

Actions

Likes
0
Downloads
18
Comments
0

7 Embeds 215

http://www.codemotion.it 152
http://presentz.org 34
http://local.host 13
http://roma2012.codemotion.it 10
http://codemotion.loc 3
http://www.slashdocs.com 2
http://dev.presentz.org 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

CC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike LicenseCC Attribution-NonCommercial-ShareAlike License

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE
  • AUTORE

SQL Injection & Cross Site Scripting, by Stefano Santomauro SQL Injection & Cross Site Scripting, by Stefano Santomauro Presentation Transcript

  • SQL Injection & Cross Site ScriptingStefano Santomaurosfn.santomauro@gmail.com
  • Chi sono• Hacker? Macché• Security engineer? Non so cosa sia• Appassionato? Forse• Esperto? Magari!• ??? Stefano Santomauro sfn.santomauro@gmail.com
  • Perché questo talk• Sappiamo da cosa proteggerci?• Conosciamo il modo in cui difenderci?• Perché difenderci?• Quanto costa?• … Stefano Santomauro sfn.santomauro@gmail.com
  • Le vulnerabilità più diffuse sul WEBOWASP Top Ten Project•A1 - Injection (SQLi e XPATHi)•A2 - Cross Site Scripting (XSS)•A3: Broken Authentication and Session Management•A4: Insecure Direct Object References•A5: Cross-Site Request Forgery (CSRF)•A6: Security Misconfiguration•A7: Insecure Cryptographic Storage•A8: Failure to Restrict URL Access•A9: Insufficient Transport Layer Protection•A10: Unvalidated Redirects and Forwards Stefano Santomauro sfn.santomauro@gmail.com
  • SQL Injection: cos’è«A SQL injection attack consists ofinsertion or "injection" of a SQL query viathe input data from the client to theapplication»Fonte OWASPhttps://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
  • SQL Injection: come (1/2)String username =request.getParameter("username");String password =request.getParameter("password");String sql = "select * from users whereusername = " +username+" and password =md5(" +password+")"; Stefano Santomauro sfn.santomauro@gmail.com
  • SQL Injection: come (2/2)select * from users where username = ‘tiziousr’and password = md5(‘tiziopwd’)select * from users where username =‘xxx’ or 1=1 --’ and password = md5(‘tiziopwd’) Commento MySQLSQL eseguitaselect * from users where username = ‘xxx’ or 1=1 Stefano Santomauro sfn.santomauro@gmail.com
  • SQL Injection: potenzialità«A successful SQL injection exploit can read sensitive datafrom the database, modify database data(Insert/Update/Delete), execute administration operations onthe database (such as shutdown the DBMS), recover thecontent of a given file present on the DBMS file system andin some cases issue commands to the operating system»Fonte OWASPhttps://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
  • Cross Site Scripting: cos’è«XSS attacks are a type of injection problem, in whichmalicious scripts are injected into the otherwise benignand trusted web sites. XSS attacks occur when anattacker uses a web application to send malicious code,generally in the form of a browser side script, to adifferent end user»Fonte OWASPhttps://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
  • Cross Site Scripting: comeJSP input<input type="text" name="username"/>ServletString username = request.getParameter("username");request.setAttribute("username", username);JSP output<span><%=request.getAttribute("username")%></span>HTML output<span><script>alert(123)</script></span> Stefano Santomauro sfn.santomauro@gmail.com
  • Cross Site Scripting: potenzialità«[…] the malicious script can access anycookies, session tokens, or other sensitiveinformation retained by your browser and usedwith that site. These scripts can even rewrite thecontent of the HTML page»Fonte OWASPhttps://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
  • DIMOSTRAZIONE… Stefano Santomauro sfn.santomauro@gmail.com
  • La dimostrazione continua… a casaAdesso sta a voi condurre un attacco di tipo XSS.Scaricate il progetto al link chetrovate nei Riferimenti e, dopoaver seguito le istruzioni, provatea trovare le vostre varianti! Stefano Santomauro sfn.santomauro@gmail.com
  • Conclusioni (1/4)La nostra è stata soltanto una semplice “simulazione” di un caso reale… Stefano Santomauro sfn.santomauro@gmail.com
  • Conclusioni (2/4)…ma se anche non volete credere a me, spero crediate a questo… Stefano Santomauro sfn.santomauro@gmail.com
  • Conclusioni (3/4) Stefano Santomauro sfn.santomauro@gmail.com
  • Conclusioni (4/4) Stefano Santomauro sfn.santomauro@gmail.com
  • Riferimenti• OWASP (https://www.owasp.org/index.php/Main_Page)• md5decrypter (http://www.md5decrypter.co.uk)• Notizia dell’attacco alla SONY (http://www.itwire.com/business-it-news/security/47605-sony-falls-victim-to-another-simple-sql-injection-atta)• Notizia dell’attacco a Skype (https://superevr.com/blog/2011/xss-in-skype-for-ios/)• OWASP WebGoat (https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project)• DOWNLOAD progetto dimostrativo (http://www.divshare.com/download/17108200-6e1) Stefano Santomauro sfn.santomauro@gmail.com