3. Aplicacionesseguras B A for each if customerId>1 … endif endfor for each where customerId>1 … endfor SELECT SUM(salary) FROM employeesWHERE salary > 25000 SELECT salary FROM employees; OPEN cursor; FETCH NEXT FROM cursor; WHILE …. IF salary > 25000 x = x + salary; FETCH NEXT FROM cursor; …
5. OWASP - Ataques A Account lockout attack ArgumentInjectionorModification Asymmetricresourceconsumption (amplification) B Binaryplanting Blind SQL Injection BlindXPathInjection Bruteforceattack Buffer overflowattack C CSRF Cache Poisoning Cash Overflow CodeInjection CommandInjection CommentInjectionAttack Cross Frame Scripting Cross SiteHistoryManipulation (XSHM) Cross SiteTracing Cross-SiteRequestForgery (CSRF) Cross-UserDefacement Cross-site Scripting (XSS) Cryptanalysis C cont. CustomSpecialCharacterInjection D Denial of Service DirectDynamicCodeEvaluation ('EvalInjection') DirectStaticCodeInjection DoubleEncoding F Forcedbrowsing Formatstringattack Full PathDisclosure H HTTP RequestSmuggling HTTP Response Splitting L LDAP injection M Man-in-the-browser attack Man-in-the-middleattack Mobile code: invokinguntrustedmobilecode Mobile code: non-final publicfield Mobile code: objecthijack N Network Eavesdropping O One-ClickAttack OverflowBinaryResource File P Page Hijacking ParameterDelimiter P cont. PathManipulation PathTraversal R Regular expressionDenial of Service - ReDoS RelativePathTraversal RepudiationAttack ResourceInjection S SQL Injection Server-SideIncludes (SSI) Injection SessionPrediction Sessionfixation Sessionhijackingattack SettingManipulation SpecialElementInjection Spyware T Trafficflood TrojanHorse U Unicode Encoding W Web ParameterTampering Windows ::DATA alternate data stream X XPATH Injection XSRF
6. OWASP - Vulnerabilidades ASP.NET Misconfigurations Access control enforced by presentation layer Addition of data-structure sentinel Allowing Domains or Accounts to Expire Allowing password aging Assigning instead of comparing Authentication Bypass via Assumed-Immutable Data B Buffer Overflow Buffer underwrite Business logic vulnerability C CRLF Injection Capture-replay Catch NullPointerException Comparing classes by name Comparing instead of assigning Comprehensive list of Threats to Authentication Procedures and Data Covert timing channel Cross Site Scripting Flaw D Dangerous Function Deletion of data-structure sentinel Deserialization of untrusted data Directory Restriction Error Double Free Doubly freeing memory Duplicate key in associative list (alist) E Empty Catch Block Empty String Password F Failure of true random number generator Failure to account for default case in switch Failure to add integrity check value Failure to check for certificate revocation Failure to check integrity check value Failure to check whether privileges were dropped successfully Failure to deallocate data Failure to drop privileges when reasonable Failure to encrypt data Failure to follow chain of trust in certificate validation Failure to follow guideline/specification Failure to protect stored data from modification Failure to provide confidentiality for stored data Failure to validate certificate expiration Failure to validate host-specific certificate data File Access Race Condition: TOCTOU Format String G Guessed or visible temporary file H Hard-Coded Password Heap Inspection Heap overflow I Ignored function return value Illegal Pointer Value Improper Data Validation Improper cleanup on thrown exception Improper error handling Improper string length checking Improper temp file opening Incorrect block delimitation Information Leakage Information leak through class cloning Information leak through serialization Insecure Compiler Optimization Insecure Randomness Insecure Temporary File Insecure Third Party Domain Access Insecure Transport Insufficient Entropy Insufficient Session-ID Length Insufficient entropy in pseudo-random number generator Integer coercion error Integer overflow Invoking untrusted mobile code J J2EE Misconfiguration: Unsafe Bean Declaration K Key exchange without entity authentication L Least Privilege Violation Leftover Debug Code Log Forging Log injection M Member Field Race Condition Memory leak Miscalculated null termination Misinterpreted function return value Missing Error Handling Missing XML Validation Missing parameter Multiple admin levels Mutable object returned N Non-cryptographic pseudo-random number generator Not allowing password aging Not using a random initialization vector with cipher block chaining mode Null Dereference O OWASP .NET Vulnerability Research Object Model Violation: Just One of equals() and hashCode() Defined Often Misused: Authentication Often Misused: Exception Handling Often Misused: File System Often Misused: Privilege Management Often Misused: String Management Omitted break statement Open forward Open redirect Overflow of static internal buffer Overly-Broad Catch Block Overly-Broad Throws Declaration P PHP File Inclusion PRNG Seed Error Passing mutable objects to an untrusted method Password Management: Hardcoded Password Password Management: Weak Cryptography Password Plaintext Storage Poor Logging Practice Portability Flaw Privacy Violation Process Control Publicizing of private data when using inner classes R Race Conditions Reflection attack in an auth protocol Reflection injection Relative path library search Reliance on data layout Relying on package-level scope Resource exhaustion Return Inside Finally Block Reusing a nonce, key pair in encryption S Session Fixation Sign extension error Signed to unsigned conversion error Stack overflow State synchronization error Storing passwords in a recoverable format String Termination Error Symbolic name not mapping to correct object T Template:Vulnerability Truncation error Trust Boundary Violation Trust of system event data Trusting self-reported DNS name Trusting self-reported IP address U Uncaught exception Unchecked Error Condition Unchecked Return Value: Missing Check against Null Unchecked array indexing Undefined Behavior Uninitialized Variable Unintentional pointer scaling Unreleased Resource Unrestricted File Upload Unsafe JNI Unsafe Mobile Code Unsafe Reflection Unsafe function call from a signal handler Unsigned to signed conversion error Use of Obsolete Methods Use of hard-coded password Use of sizeof() on a pointer type Using a broken or risky cryptographic algorithm Using a key past its expiration date Using freed memory Using password systems Using referer field for authentication or authorization Using single-factor authentication Using the wrong operator V Validation performed in client Vulnerability template W Wrap-around error Write-what-where condition
Mejorarseguridad en aplicaciones.Hacer visible el temaseguridad.Principios:caracteristicas, comportamiento, implementacionqueintentanreducirlasamenazas y el impactoqueestaspudierantener. Ej: fail securely, fail-safe defaults, don’t trust infrastructure, don’t trust services, etc.Ataques: Tecnicasqueexplotanvulnerabilidades.Vulnerabilidades: debilidad en el sistemaquecompromete la informacion o funcionamiento de la aplicacion, permitiendo a un atacantegeneraralguntipo de daño.Top 10: Concensosobre los 10 riesgos mas altos queexisten hoy en aplicaciones web.
Proyecto:Herramientas y metodologiaEvaluacionde riesgoTests de penetracion