Web application
Upcoming SlideShare
Loading in...5
×
 

Web application

on

  • 554 views

Web Application

Web Application
by Accounting 31 @Intrachai Commercial College

Statistics

Views

Total Views
554
Slideshare-icon Views on SlideShare
554
Embed Views
0

Actions

Likes
0
Downloads
6
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Web application Web application Presentation Transcript

    • Web Application
    • Web Application HTTP(s) agentWeb Application ApplicationServerWeb ServerApplication Server Web ApplicationDatabase Server Web Application
    • 1 Web Architecture
    • Firewall, Load Balancer, Reverse Proxy Server, CacheSystem web client database sever LayerHTTP Client / User Cross-Site Scripting Spoofing Javascript Injection Browser
    • LayerTransport Layer HTTP(s) Passive Monitoring) Man-in- the-Middle Attack) Session (Session Hijack)Firewall SSL SessionWeb Server Buffer Overflow Format String Directory Traversal Default Accounts Default Applications
    • LayerWeb Applications Meracharacters Null Characters Buffer OverflowFirewall Internet Network FirewallDatabase Direct SQL Commands SQL Injection Query Restricted Database Database Exploit
    • MS IIS
    • Hidden Field ManipulationCookie PoisoningBackdoors and debug optionsApplication buffer overflowsStealth commanding3rd party misconfigurationsKnown vulnerabilitiesParameter tempering
    • Cross site scriptingForceful browsingHacking over SSLSourcecode DisclosureWeb Server Architecture AttackSQL InjectionJava Script Injection
    • Hidden Field hidden fieldhidden fieldView Source) Tag HIDDEN Application
    • 2 Hidden Field
    • Cookie Poisoning Cookie Sessioncookie Session ID cookie
    • Back Door & Bebug OptionsDeveloping Environment debug Debug Debug Debug back door
    • disable debug modeback door
    • Application Bugger OverflowBuffer Overflow text box
    • Stealth Commanding SQL Command Command SQL Command
    • 3th Party Misconfiguration Defaultpassword
    • Know Vulnerabilities Microsoft IIS Patch patch) patchpatch
    • Microsoft IIS
    • Parameter Tempering
    • Cross Site Script cross site scriptscript script sends anemail javascript
    • 3 Cross Site Script
    • Forceful Browsing Default file
    • Hacking Over SSLSSL content SSL SSL
    • Source Code Disclosures Source Code Disclosure configuration file Source Code Disclosures WebLogic / WebSpere JSPJHTML jsp” URL
    • Source Code DisclosuresMicrosoft IIS HTR” ASA ASP URLhttp://10.0.0.1/global.asa+.htr URL htr ISM.DLLURL ISM.DLLMicrosoft IIS showcode.aspshowcode.asp bundled IISWindows NT Option Pack 4.0URL
    • Web Server Architecture Attack bypass built-in procedure
    • handler html handler html cgihandler cgi default handler handler default handler cgi html jsphandler html java compiler java run-timehandler forcing Sun Java Web Server URL
    • http://10.0.0.2/servlet/com.sun.server.http.pagecompile.jsp.runtime.JspServlet/path/to/file.html servlet path/servlet/ PageCompile handler (Servlet)handle path handle java run-time root
    • SQL Poisoning & Injections sql statement sql statement DBMS SQL Query) sql statement databaseDim sql_con , result, sql_qryConst CONNECT_STRING =“Provider=SQLOLEDB;SERVER=WEB_DB;UID=sa;PWD=xyzzy”sql_qry = “SELECT * FROM PRODUCT WHERE ID =”
    • Set objCon = Server.CreateObject(“ADODB.Connection”) ObjCon.Open CONNECT_STRING Set objRS – objCon.Execute(strSQL);http://10.0.0.3/showtable.asp?ID=3+OR+1=1
    • Query StatementSELECT * FROM PRODUCT WHERE ID=3OR 1=1 PRODUCThttp://10.0.0.3/showtable.asp?ID=3%01DROP+TABLE+PRODUCT SELECT * FROM PRODUCT WHERE ID=3 DROP TABLE PRODUCT SQL statement
    • http://10.0.0.3/showtable.asp?ID=3%01EXEC+master..xp_cmdshell+’copy+winntsystem32cmd.exe+inetpubscripts’Copy winntsystem32winntcmd.exe inetpubscripts SQLInjection Inject Backdoor Inject
    • Java Script Injection Javascript InjectionJavascript Java ScriptInjection Session Hidden Field Session Invalid Javascript HTML Javascript Cookiesjavascript:alert(document.cookie)
    • System Scanner and Security InfrastructureSoftwareSecure Coding
    • System Scanner and Securiry Infrastructure Software System Scanner permission ScannerWhisker , Nikto , Stealth , Twwwscan AppScan
    • reject AppShield
    • Secure Codinginput & output validationSSLHTML forms
    • Input & Output validation NEVER TRUST CLIENTSIDE DATA) Client Side Script JavaScript , VBScript , JavaApplets , Flash , Active X , CSS XML/XSL script script
    • Sanity Checking YES NO drop system call directorytraversal NULL character HTML HTML
    • HTMLtag webmail,message board chat HTML Allow List HTML tag drop HTML tag tag HTML <APPLET> , <BASE> , <BODY> ,<EMBED> , <FRAME> , <FRAMESET> , <HTML> , <IFRAME>,<IMG> , <LAYER> , <META> , <OBJECT> , <P> , <SCRIPT> ,<STYLE> HTML tag attributes STYLE> ,<SRC> , <HREF> , < TYPE> HTML
    • SSL HTTP HTTP Plaintext SnifferHTTP HTTP SSL(Secure Socket Layer) Web Client Web Server SSL transport Client & Server Authentication
    • SSL SSLWeb Browser Public Key Server Browser Server Server SSL SSL Server Certificate) Public Key)
    • HTML forms hidden form element hidden hidden element password elementSSL plain text password element methodHTTP/GET HTTP/POST MaxSize Attribute (<input MaxSize=”##”>)
    • Cookies Cookies Cookiepersistent : Cookie non-persistent : Cookie Cookies User Authentication State Management Saving user preference Cookies• Cookies Plaintext
    • • restrictive path Cookies• Authentication valid• Cookies• Token ID• Cookies Timeout Cookies• Authentication Business Intranet authentication• Authentication header User-Agent , Accept-Language , Etc.
    • HTTP REFERER Header script attack script attack HTTP REFERERheader HTTPREFERER
    • POST & GET method method GET ProxyServer, Firewall , Web Servers log POST POST method client side script POST method GET
    • logout logout Cookies Cookiessession session Cookies
    • Error Handing Mechanism Error Handling Error Description ErrorDescriptionError Desciption Error DesciptionUsername PasswordPassword
    • The End