Web app security part  1
Upcoming SlideShare
Loading in...5
×
 

Web app security part 1

on

  • 454 views

 

Statistics

Views

Total Views
454
Views on SlideShare
454
Embed Views
0

Actions

Likes
0
Downloads
36
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Web app security part  1 Web app security part 1 Presentation Transcript

  • Web Application Security By Noah Franklin J
  • Session Flow• What is Web Application Security?• Security Misconceptions• Reasons for Attacking Web Applications• OWASP Top 10 Vulnerabilities• Security guidelines• Web Application Security checklist Copy Rights to Noah Franklin J
  • Web Application Setup Copy Rights to Noah Franklin J
  • Web Application Setup Application Layer • Attacker sends attacks Knowledge Mgmt inside valid HTTPApplication Layer Communication Administration Bus. Functions Legacy Systems Human Resrcs E-Commerce Transactions Web Services Directories Databases Accounts Finance requests Billing APPLICATION • Your custom code is ATTACK tricked into doing Custom Code something it should not • Security requires software development expertise, not signatures App Server Web Server •Network Layer • Firewall, hardening,Network Layer Hardened OS patching, IDS, and SSL cannot detect or stop Firewall Firewall attacks inside HTTP requests. Insider • Security relies on signature databases Copy Rights to Noah Franklin J
  • Reasons for Attacking Web Apps Copy Rights to Noah Franklin J
  • Web Application threads Copy Rights to Noah Franklin J
  • Web Application Threads Copy Rights to Noah Franklin J
  • Web Application Working 1 Attacker sends data containing SQL Knowledge Mgmt Communication Administration Bus. Functions E-Commerce Transactions fragments Accounts Finance Custom Code Attacker enters SQL fragments into a web page that uses input in a query Database 2 Application sends modified query to 3 Attacker views unauthorized data database, which executes it EXAMPLE: $sql = "SELECT * FROM table WHERE id = " . $_REQUEST[id’] . "’"; Copy Rights to Noah Franklin J
  • Injection Flaw Account Summary “SELECT * FROM Account: Account: accounts WHERE SKU: Knowledge Mgmt Communication Administration Bus. Functions Legacy Systems DB Acct:5424-6066-2134- Human Resrcs E-CommerceApplication Layer Transactions Web Services HTTP SKU: acct=„‟ OR 1=1-- Directories Databases Accounts Finance HTTP SQL Billing respon Table 4334 ‟” request query  APPLICATION se    ATTACK Custom Code  1. Application presents a form to the attacker all via SSL 2. Attacker sends an attack in the form data App Server 3. Application forwards attack Web Server to the database in a SQL query Hardened OS 4.Database runs queryNetwork Layer containing attack and sends encrypted results back to Firewall Firewall application 5. Application decrypts data as normal and sends results to the user Copy Rights to Noah Franklin J
  • What is SQL Injection?Insertion of SQL statements into application inputs to corrupt, exploit, or otherwise damage an application database.Most commonly done directly through web forms, but can be directed through URL hacking, request hacking using debugging tools, or using bots that emulate browsers and manipulate web requests. Copy Rights to Noah Franklin J
  • What is a SQL Injection Attack?Many web applications take user input from a formA SQL injection attack involves placing SQL statements in the user input Copy Rights to Noah Franklin J
  • SQL Basics• Standard SQL commands such as• "Select“ , "Insert“, "Update“, "Delete“, "Create", and "Drop" can be used to accomplish almost everything that one needs to do with a database. Copy Rights to Noah Franklin J
  • Types of SQL injection• Direct injection Example – ‘ or 1=1– and trueconditions• Indirect injectionInteger basedString basedError basedBlindXml injectionDouble string Copy Rights to Noah Franklin J
  • Program Behind Login Pageif(username==franky) && (password==12345)printf("Welcome to Email ");else{printf("Invalid Username or password");} Copy Rights to Noah Franklin J
  • Program Behind Login Pageif(username== a‘ or 1=1--) && (password==a‘or 1=1- -)printf("Welcome to Email ");else{printf("Invalid Username or password");} Copy Rights to Noah Franklin J
  • SQL Injection SQL Basic Demo Copy Rights to Noah Franklin J
  • SQL Injection Extracting DatabaseExample : www.site.com/index.php?id=1Add ‘ or /* after id= 1 to check whether site isvulnerable or not.if site is giving some error/blank page then site isvulnerable to SQL injection. Copy Rights to Noah Franklin J
  • SQL Injection Extracting Databasewww.site.com/index.php?id=1+union+all+select+1,table_name,3,,5,6,7+from+information_schema.tablesThe above mentioned query gives names of tables stored indatabase.www.site.com/index.php?id=1+union+all+select+1,column_name3,4,5,6,7+from+information_schema.columns+where+table_schea=char()The above mentioned query gives names of tables stored indatabase. Copy Rights to Noah Franklin J
  • SQL Injection Extracting Databasewww.site.com/index.php?id=1+union+all+select+1,table_name,3,,5,6,7+from+information_schema.tablesThe above mentioned query gives names of tables stored indatabase.www.site.com/index.php?id=1+union+all+select+1,column_name3,4,5,6,7+from+information_schema.columnsThe above mentioned query gives names of columns stored indatabase. Copy Rights to Noah Franklin J
  • SQL Injection SQL Demo Copy Rights to Noah Franklin J
  • Countermeasure• Check the input provided to database queries• Validate and sanitize every user variable passed todatabase Copy Rights to Noah Franklin J