SlideShare a Scribd company logo

Ch10 Hacking Web Servers http://ouo.io/2Bt7X

Download as PPT, PDF
P
phanleson

Ch 10: Hacking Web Servers http://ouo.io/2Bt7X

EducationTechnologyNews & Politics
1 of 56
Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers http://it-slideshares.blogspot.com
Objectives Describe Web applications Explain Web application vulnerabilities Describe the tools used to attack Web servers 2 http://it-slideshares.blogspot.com
Web Server IIS or Apache HTTPS HTTP Client’s Browser Internet Explorer or Firefox 3 http://it-slideshares.blogspot.com
Web Servers The two main Web servers are Apache (Open source) and IIS (Microsoft) Image from netcraft.com (link Ch 10c) 4 http://it-slideshares.blogspot.com
Understanding Web Applications It is nearly impossible to write a program without bugs  Some bugs create security vulnerabilities Web applications also have bugs  Web applications have a larger user base than standalone applications  Bugs are a bigger problem for Web applications 5 http://it-slideshares.blogspot.com
Web Application Components Static Web pages  Created using HTML Dynamic Web pages  Need special components <form> tags Common Gateway Interface (CGI) scripts Active Server Pages (ASP) PHP ColdFusion Scripting languages like JavaScript ODBC (Open Database connector) 6 http://it-slideshares.blogspot.com
Web Forms Use the <form> element or tag in an HTML document  Allows customer to submit information to the Web server Web servers process information from a Web form by using a Web application Easy way for attackers to intercept data that users submit to a Web server 7 http://it-slideshares.blogspot.com
Web Forms (continued) Web form example <html><body> <form> Enter your username: <input type="text" name="username"> <br> Enter your password: <input type="text" name="password"> </form></body></html> 8 http://it-slideshares.blogspot.com
9
Web Server CGI Scripts HTTPS HTTP Client’s Browser HTML Forms JavaScript 10
Common Gateway Interface (CGI) Handles moving data from a Web server to a Web browser The majority of dynamic Web pages are created with CGI and scripting languages Describes how a Web server passes data to a Web browser  Relies on Perl or another scripting language to create dynamic Web pages 11
CGI Languages CGI programs can be written in different programming and scripting languages  C or C++  Perl  Unix shell scripting  Visual Basic  FORTRAN 12
Common Gateway Interface (CGI) (continued) CGI example  Written in Perl  Hello.pl  Should be placed in the cgi-bin directory on the Web server #!/usr/bin/perl print "Content-type: text/htmlnn"; print "Hello Security Testers!"; 13
Another CGI Example Link Ch 10a: Sam’s Feedback Form Link Ch 10b: CGI Script in Perl that processes the data from the form 14
Active Server Pages (ASP) Microsoft’s server-side script engine  HTML pages are static—always the same  ASP creates HTML pages as needed. They are not static ASP uses scripting languages such as JScript or VBScript Not all Web servers support ASP  IIS supports ASP  Apache doesn’t support ASP as well 15
Active Server Pages (ASP) You can’t see the source of an ASP page from a browser This makes it harder to hack into, although not impossible ASP examples at links Ch 10d, e, f 16
Apache Web Server Apache is the most popular Web Server program Advantages  Stable and reliable  Works on just about any *NIX and Windows platform  It is free and open source See links Ch 10g, 10h 17
Using Scripting Languages Dynamic Web pages can be developed using scripting languages  VBScript  JavaScript  PHP 18
PHP: Hypertext Processor (PHP) Enables Web developers to create dynamic Web pages  Similar to ASP Open-source server-side scripting language  Can be embedded in an HTML Web page using PHP tags <?php and ?> Users cannot see PHP code in their Web browser Used primarily on UNIX systems  Also supported on Macintosh and Microsoft platforms 19
PHP Example <html><head><title>Example</title></head> <body> <?php echo 'Hello, World!'; ?> </body></html>  See links Ch 10k, 10l PHP has known vulnerabilities  See links Ch 10m, 10n PHP is often used with MySQL Databases 20
ColdFusion Server-side scripting language used to develop dynamic Web pages Created by the Allaire Corporation  Purchased by Macromedia, now owned by Adobe -- Expensive Uses its own proprietary tags written in ColdFusion Markup Language (CFML) CFML Web applications can contain other technologies, such as HTML or JavaScript 21
ColdFusion Example <html><head><title>Ex</title></head> <body> <CFLOCATION URL="www.isecom.org/cf/index.htm" ADDTOKEN="NO"> </body> </html>  See links Ch 10o 22
ColdFusion Vulnerabilities See links Ch 10p, 10q 23
VBScript Visual Basic Script is a scripting language developed by Microsoft You can insert VBScript commands into a static HTML page to make it dynamic  Provides the power of a full programming language  Executed by the client’s browser 24
VBScript Example <html><body> <script type="text/vbscript"> document.write("<h1>Hello!</h1>") document.write("Date Activated: " & date()) </script> </body></html> See link Ch 10r – works in IE, but not in Firefox Firefox does not support VBScript (link Ch 10s) 25
VBScript vulnerabilities  See links Ch 10t, 10u 26
JavaScript Popular scripting language JavaScript also has the power of a programming language  Branching  Looping  Testing 27
JavaScript Example <html><head> <script type="text/javascript"> function chastise_user(){ alert("So, you like breaking rules?") document.getElementByld("cmdButton").focus( )} </script></head> <body><h3>Don't click the button!</h3> <form> <input type="button" value="Don't Click!" name="cmdButton" onClick="chastise_user()" /> </form></body></html>  See link Ch 10v – works in IE and Firefox 28 http://it-slideshares.blogspot.com
JavaScript Vulnerabilities See link Ch 10w 29
ODBC or Web Server OLE DB Database Apache or IIS Or ADO SQL Server or HTML Forms Oracle or CGI Scripts MySQL HTTP or HTTPS Client’s Browser 30
Connecting to Databases Web pages can display information stored on databases There are several technologies used to connect databases with Web applications  Technology depends on the OS used ODBC OLE DB ADO  Theory is the same 31
Open Database Connectivity (ODBC) Standard database access method developed by the SQL Access Group ODBC interface allows an application to access  Data stored in a database management system (DBMS)  Can use Oracle, SQL, or any DBMS that understands and can issue ODBC commands Interoperability among back-end DBMS is a key feature of the ODBC interface 32
Open Database Connectivity (ODBC) (continued) ODBC defines  Standardized representation of data types  A library of ODBC functions  Standard methods of connecting to and logging on to a DBMS 33
OLE DB and ADO Object Linking and Embedding Database (OLE DB) and ActiveX Data Objects (ADO)  These two more modern, complex technologies replace ODBC and make up"Microsoft’s Universal Data Access“  See link Ch 10x 34
Understanding Web Application Vulnerabilities Many platforms and programming languages can be used to design a Web site Application security is as important as network security 35
Attackers controlling a Web server can  Deface the Web site  Destroy or steal company’s data  Gain control of user accounts  Perform secondary attacks from the Web site  Gain root access to other applications or servers 36
Open Web Application Security Project (OWASP)  Open, not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications  Publishes the Ten Most Critical Web Application Security Vulnerabilities 37
Top-10 Web application vulnerabilities Unvalidated parameters  HTTP requests from browsers that are not validated by the Web server  Inserted form fields, cookies, headers, etc. (See link Ch 10y) Broken access control  Developers implement access controls but fail to test them properly For example, letting an authenticated user read another user’s files 38
Top-10 Web application vulnerabilities (continued) Broken account and session management  Enables attackers to compromise passwords or session cookies to gain access to accounts Cross-site scripting (XSS) flaws  Attackers inject code into a web page, such as a forum or guestbook  When others user view the page, confidential information is stolen  See link Ch 10za Buffer overflows  It is possible for an attacker to use C or C++ code that includes a buffer overflow 39
Top-10 Web application vulnerabilities (continued) Command injection flaws  An attacker can embed malicious code and run a program on the database server  Example: SQL Injection Error-handling problems  Error messages may reveal information that an attacker can use Insecure use of cryptography  Storing keys, certificates, and passwords on a Web server can be dangerous 40
Top-10 Web application vulnerabilities (continued) Remote administration flaws  Attacker can gain access to the Web server through the remote administration interface Web and application server misconfiguration  Any Web server software out of the box is usually vulnerable to attack Default accounts and passwords Overly informative error messages 41
Application Vulnerabilities Countermeasures (continued) WebGoat project  Helps security testers learn how to perform vulnerabilities testing on Web applications  Developed by OWASP It’s like HackThisSite without the helpful forum  Tutorials for WebGoat are being made, but they aren’t yet ready 42
Assessing Web Applications Issues to consider  Dynamic Web pages  Connection to a backend database server  User authentication  What platform was used? 43 http://it-slideshares.blogspot.com
Does the Web Application Use Dynamic Web Pages? Static Web pages do not create a secure environment IIS attack example: Directory Traversal  Adding .. to a URL refers to a directory above the Web page directory  Early versions of IIS filtered out , but not %c1%9c, which is a Unicode version of the same character  See link Ch 10 zh 44
Connection to a Backend Database Server Security testers should check for the possibility of SQL injection being used to attack the system SQL injection involves the attacker supplying SQL commands on a Web application field 45
SQL Injection Example HTML form collects name and pw SQL then uses those fields: SELECT * FROM customer WHERE username = ‘name' AND password = ‘pw' If a hacker enters a name of ’ OR 1=1 -- The SQL becomes: SELECT * FROM customer WHERE username = ‘’ OR 1=1 --' AND password = ‘pw‘ Which is always true, and returns all the records 46
HackThisSite 47
Connection to a Backend Database Server Basic testing should look for  Whether you can enter text with punctuation marks  Whether you can enter a single quotation mark followed by any SQL keywords  Whether you can get any sort of database error when attempting to inject SQL 48
User Authentication Many Web applications require another server to authenticate users Examine how information is passed between the two servers  Encrypted channels Verify that logon and password information is stored on secure places Authentication servers introduce a second target 49
What Platform Was Used? Popular platforms include:  IIS with ASP and SQL Server (Microsoft)  Linux, Apache, MySQL, and PHP (LAMP) Footprinting is used to find out the platform  The more you know about a system the easier it is to gather information about its vulnerabilities 50
Tools of Web Attackers and Security Testers Choose the right tools for the job Attackers look for tools that enable them to attack the system  They choose their tools based on the vulnerabilities found on a target system or application 51
Web Tools Cgiscan.c: CGI scanning tool  Written in C in 1999 by Bronc Buster  Tool for searching Web sites for CGI scripts that can be exploited  One of the best tools for scanning the Web for systems with CGI vulnerabilities See link Ch 10zi 52
cgiscan and WebGoat 53
Web Tools (continued) Phfscan.c  Written to scan Web sites looking for hosts that could be exploited by the PHF bug  The PHF bug enables an attacker to download the victim’s /etc/passwd file  It also allows attackers to run programs on the victim’s Web server by using a particular URL See links Ch 10zj, 10 zk 54 http://it-slideshares.blogspot.com
Web Tools (continued) Wfetch: GUI tool from Microsoft  Displays information that is not normally shown in a browser, such as HTTP headers  It also attempts authentication using Multiple HTTP methods Configuration of host name and TCP port HTTP 1.0 and HTTP 1.1 support Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiation authentication types Multiple connection types Proxy support Client-certificate support  See link Ch 10zl 55 http://it-slideshares.blogspot.com
56 http://it-slideshares.blogspot.com

Recommended

Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Top security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themTop security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themElad Elrom
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
Server-side Java Programming
Server-side Java ProgrammingServer-side Java Programming
Server-side Java ProgrammingChris Schalk
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 

Recommended

Ethical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEthical hacking Chapter 10 - Exploiting Web Servers - Eric Vanderburg
Ethical hacking Chapter 10 - Exploiting Web Servers - Eric VanderburgEric Vanderburg
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsAdeel Javaid
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Top security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themTop security threats to Flash/Flex applications and how to avoid them
Top security threats to Flash/Flex applications and how to avoid themElad Elrom
 
Security Model in .NET Framework
Security Model in .NET FrameworkSecurity Model in .NET Framework
Security Model in .NET FrameworkMikhail Shcherbakov
 
Server-side Java Programming
Server-side Java ProgrammingServer-side Java Programming
Server-side Java ProgrammingChris Schalk
 
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Don't Drop the SOAP: Real World Web Service Testing for Web Hackers
Don't Drop the SOAP: Real World Web Service Testing for Web Hackers Tom Eston
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 
CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 
Concepts of Asp.Net
Concepts of Asp.NetConcepts of Asp.Net
Concepts of Asp.Netvidyamittal
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
Asp net
Asp netAsp net
Asp netDr. C.V. Suresh Babu
 
A Bit of REST
A Bit of RESTA Bit of REST
A Bit of RESTColdFusionConference
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1Kumar S
 
Web Security
Web SecurityWeb Security
Web SecurityChatree Kunjai
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobileBlueinfy Solutions
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
Tutorial asp.net
Tutorial asp.netTutorial asp.net
Tutorial asp.netVivek K. Singh
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Introduction to the web
Introduction to the webIntroduction to the web
Introduction to the webSAMIR BHOGAYTA
 
Asp net
Asp netAsp net
Asp netMohitKumar1985
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacksamiable_indian
 
Web api
Web apiWeb api
Web apiSudhakar Sharma
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruMichele Orru
 
01 asp.net session01
01 asp.net session0101 asp.net session01
01 asp.net session01Mani Chaubey
 
Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web ServersSam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 

More Related Content

What's hot

CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsSam Bowne
 
Concepts of Asp.Net
Concepts of Asp.NetConcepts of Asp.Net
Concepts of Asp.Netvidyamittal
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)Sam Bowne
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectBlueinfy Solutions
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1Kumar S
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack PresentationKhoa Nguyen
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)Sam Bowne
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingShreeraj Shah
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesSam Bowne
 
Introduction to the web
Introduction to the webIntroduction to the web
Introduction to the webSAMIR BHOGAYTA
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacksamiable_indian
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruMichele Orru
 
01 asp.net session01
01 asp.net session0101 asp.net session01
01 asp.net session01Mani Chaubey
 

What's hot (20)

CNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side ControlsCNIT 129S: Ch 5: Bypassing Client-Side Controls
CNIT 129S: Ch 5: Bypassing Client-Side Controls
 
Concepts of Asp.Net
Concepts of Asp.NetConcepts of Asp.Net
Concepts of Asp.Net
 
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
CNIT 129S: 12: Attacking Users: Cross-Site Scripting (Part 1 of 2)
 
CSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open RedirectCSRF, ClickJacking & Open Redirect
CSRF, ClickJacking & Open Redirect
 
Asp net
Asp netAsp net
Asp net
 
A Bit of REST
A Bit of RESTA Bit of REST
A Bit of REST
 
ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1ASP.NET Tutorial - Presentation 1
ASP.NET Tutorial - Presentation 1
 
Web Security
Web SecurityWeb Security
Web Security
 
Html5 on mobile
Html5 on mobileHtml5 on mobile
Html5 on mobile
 
Web application attack Presentation
Web application attack PresentationWeb application attack Presentation
Web application attack Presentation
 
Tutorial asp.net
Tutorial asp.netTutorial asp.net
Tutorial asp.net
 
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
CNIT 129S: 13: Attacking Users: Other Techniques (Part 1 of 2)
 
AppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services HackingAppSec 2007 - .NET Web Services Hacking
AppSec 2007 - .NET Web Services Hacking
 
CNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application TechnologiesCNIT 129S: Ch 3: Web Application Technologies
CNIT 129S: Ch 3: Web Application Technologies
 
Introduction to the web
Introduction to the webIntroduction to the web
Introduction to the web
 
Asp net
Asp netAsp net
Asp net
 
Hackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection AttacksHackers Paradise SQL Injection Attacks
Hackers Paradise SQL Injection Attacks
 
Web api
Web apiWeb api
Web api
 
BeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-OrruBeEF_EUSecWest-2012_Michele-Orru
BeEF_EUSecWest-2012_Michele-Orru
 
01 asp.net session01
01 asp.net session0101 asp.net session01
01 asp.net session01
 

Similar to Ch10 Hacking Web Servers http://ouo.io/2Bt7X

Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web ServersSam Bowne
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersSam Bowne
 
Introduction to asp.net
Introduction to asp.netIntroduction to asp.net
Introduction to asp.netSHADAB ALI
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development PresentationTurnToTech
 
DevNext - Web Programming Concepts Using Asp Net
DevNext - Web Programming Concepts Using Asp NetDevNext - Web Programming Concepts Using Asp Net
DevNext - Web Programming Concepts Using Asp NetAdil Mughal
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web ApplicationSachin Walvekar
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer home
 
01 asp.net session01
01 asp.net session0101 asp.net session01
01 asp.net session01Vivek chan
 
Web development concepts using microsoft technologies
Web development concepts using microsoft technologiesWeb development concepts using microsoft technologies
Web development concepts using microsoft technologiesHosam Kamel
 
Css Founder.com | Cssfounder Net
Css Founder.com | Cssfounder NetCss Founder.com | Cssfounder Net
Css Founder.com | Cssfounder NetCss Founder
 

Similar to Ch10 Hacking Web Servers http://ouo.io/2Bt7X (20)

Ch 10: Hacking Web Servers
Ch 10: Hacking Web ServersCh 10: Hacking Web Servers
Ch 10: Hacking Web Servers
 
CNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web ServersCNIT 123 Ch 10: Hacking Web Servers
CNIT 123 Ch 10: Hacking Web Servers
 
Asp
AspAsp
Asp
 
Introduction to asp.net
Introduction to asp.netIntroduction to asp.net
Introduction to asp.net
 
Web Development Presentation
Web Development PresentationWeb Development Presentation
Web Development Presentation
 
Asp.netrole
Asp.netroleAsp.netrole
Asp.netrole
 
DevNext - Web Programming Concepts Using Asp Net
DevNext - Web Programming Concepts Using Asp NetDevNext - Web Programming Concepts Using Asp Net
DevNext - Web Programming Concepts Using Asp Net
 
Making Of PHP Based Web Application
Making Of PHP Based Web ApplicationMaking Of PHP Based Web Application
Making Of PHP Based Web Application
 
Asp interview Question and Answer
Asp interview Question and Answer Asp interview Question and Answer
Asp interview Question and Answer
 
01 asp.net session01
01 asp.net session0101 asp.net session01
01 asp.net session01
 
Chapter 1
Chapter 1Chapter 1
Chapter 1
 
CODE IGNITER
CODE IGNITERCODE IGNITER
CODE IGNITER
 
A comprehensive software infrastructure of .Net
A comprehensive software infrastructure of .Net A comprehensive software infrastructure of .Net
A comprehensive software infrastructure of .Net
 
Web development concepts using microsoft technologies
Web development concepts using microsoft technologiesWeb development concepts using microsoft technologies
Web development concepts using microsoft technologies
 
Assignment3.2
Assignment3.2Assignment3.2
Assignment3.2
 
web devs ppt.ppsx
web devs ppt.ppsxweb devs ppt.ppsx
web devs ppt.ppsx
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
Rutgers - Active Server Pages
Rutgers - Active Server PagesRutgers - Active Server Pages
Rutgers - Active Server Pages
 
Introduction To CodeIgniter
Introduction To CodeIgniterIntroduction To CodeIgniter
Introduction To CodeIgniter
 
Css Founder.com | Cssfounder Net
Css Founder.com | Cssfounder NetCss Founder.com | Cssfounder Net
Css Founder.com | Cssfounder Net
 

More from phanleson

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewallsphanleson
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hackingphanleson
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocolsphanleson
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacksphanleson
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applicationsphanleson
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designphanleson
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operationsphanleson
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBasephanleson
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibphanleson
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streamingphanleson
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLphanleson
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Clusterphanleson
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programmingphanleson
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Dataphanleson
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairsphanleson
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Sparkphanleson
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagiaphanleson
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLphanleson
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Webphanleson
 

More from phanleson (20)

Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Firewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth FirewallsFirewall - Network Defense in Depth Firewalls
Firewall - Network Defense in Depth Firewalls
 
Mobile Security - Wireless hacking
Mobile Security - Wireless hackingMobile Security - Wireless hacking
Mobile Security - Wireless hacking
 
Authentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless ProtocolsAuthentication in wireless - Security in Wireless Protocols
Authentication in wireless - Security in Wireless Protocols
 
E-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server AttacksE-Commerce Security - Application attacks - Server Attacks
E-Commerce Security - Application attacks - Server Attacks
 
Hacking web applications
Hacking web applicationsHacking web applications
Hacking web applications
 
HBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table designHBase In Action - Chapter 04: HBase table design
HBase In Action - Chapter 04: HBase table design
 
HBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - OperationsHBase In Action - Chapter 10 - Operations
HBase In Action - Chapter 10 - Operations
 
Hbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBaseHbase in action - Chapter 09: Deploying HBase
Hbase in action - Chapter 09: Deploying HBase
 
Learning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlibLearning spark ch11 - Machine Learning with MLlib
Learning spark ch11 - Machine Learning with MLlib
 
Learning spark ch10 - Spark Streaming
Learning spark ch10 - Spark StreamingLearning spark ch10 - Spark Streaming
Learning spark ch10 - Spark Streaming
 
Learning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQLLearning spark ch09 - Spark SQL
Learning spark ch09 - Spark SQL
 
Learning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a ClusterLearning spark ch07 - Running on a Cluster
Learning spark ch07 - Running on a Cluster
 
Learning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark ProgrammingLearning spark ch06 - Advanced Spark Programming
Learning spark ch06 - Advanced Spark Programming
 
Learning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your DataLearning spark ch05 - Loading and Saving Your Data
Learning spark ch05 - Loading and Saving Your Data
 
Learning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value PairsLearning spark ch04 - Working with Key/Value Pairs
Learning spark ch04 - Working with Key/Value Pairs
 
Learning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with SparkLearning spark ch01 - Introduction to Data Analysis with Spark
Learning spark ch01 - Introduction to Data Analysis with Spark
 
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about LibertagiaHướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
Hướng Dẫn Đăng Ký LibertaGia - A guide and introduciton about Libertagia
 
Lecture 1 - Getting to know XML
Lecture 1 - Getting to know XMLLecture 1 - Getting to know XML
Lecture 1 - Getting to know XML
 
Lecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the WebLecture 4 - Adding XTHML for the Web
Lecture 4 - Adding XTHML for the Web
 

Recently uploaded

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Krashi Coaching
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Pooja Nehwal
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionSafetyChain Software
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxVS Mahajan Coaching Centre
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfchloefrazer622
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpinRaunakKeshri1
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Sapana Sha
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...anjaliyadav012327
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxSayali Powar
 

Recently uploaded (20)

1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
Kisan Call Centre - To harness potential of ICT in Agriculture by answer farm...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
Russian Call Girls in Andheri Airport Mumbai WhatsApp 9167673311 💞 Full Nigh...
 
Mastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory InspectionMastering the Unannounced Regulatory Inspection
Mastering the Unannounced Regulatory Inspection
 
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptxOrganic Name Reactions for the students and aspirants of Chemistry12th.pptx
Organic Name Reactions for the students and aspirants of Chemistry12th.pptx
 
Disha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdfDisha NEET Physics Guide for classes 11 and 12.pdf
Disha NEET Physics Guide for classes 11 and 12.pdf
 
Student login on Anyboli platform.helpin
Student login on Anyboli platform.helpinStudent login on Anyboli platform.helpin
Student login on Anyboli platform.helpin
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111Call Girls in Dwarka Mor Delhi Contact Us 9654467111
Call Girls in Dwarka Mor Delhi Contact Us 9654467111
 
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
JAPAN: ORGANISATION OF PMDA, PHARMACEUTICAL LAWS & REGULATIONS, TYPES OF REGI...
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptxPOINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
POINT- BIOCHEMISTRY SEM 2 ENZYMES UNIT 5.pptx
 

Ch10 Hacking Web Servers http://ouo.io/2Bt7X

  • 1. Hands-On Ethical Hacking and Network Defense Chapter 10 Hacking Web Servers http://it-slideshares.blogspot.com
  • 2. Objectives Describe Web applications Explain Web application vulnerabilities Describe the tools used to attack Web servers 2 http://it-slideshares.blogspot.com
  • 3. Web Server IIS or Apache HTTPS HTTP Client’s Browser Internet Explorer or Firefox 3 http://it-slideshares.blogspot.com
  • 4. Web Servers The two main Web servers are Apache (Open source) and IIS (Microsoft) Image from netcraft.com (link Ch 10c) 4 http://it-slideshares.blogspot.com
  • 5. Understanding Web Applications It is nearly impossible to write a program without bugs  Some bugs create security vulnerabilities Web applications also have bugs  Web applications have a larger user base than standalone applications  Bugs are a bigger problem for Web applications 5 http://it-slideshares.blogspot.com
  • 6. Web Application Components Static Web pages  Created using HTML Dynamic Web pages  Need special components <form> tags Common Gateway Interface (CGI) scripts Active Server Pages (ASP) PHP ColdFusion Scripting languages like JavaScript ODBC (Open Database connector) 6 http://it-slideshares.blogspot.com
  • 7. Web Forms Use the <form> element or tag in an HTML document  Allows customer to submit information to the Web server Web servers process information from a Web form by using a Web application Easy way for attackers to intercept data that users submit to a Web server 7 http://it-slideshares.blogspot.com
  • 8. Web Forms (continued) Web form example <html><body> <form> Enter your username: <input type="text" name="username"> <br> Enter your password: <input type="text" name="password"> </form></body></html> 8 http://it-slideshares.blogspot.com
  • 9. 9
  • 10. Web Server CGI Scripts HTTPS HTTP Client’s Browser HTML Forms JavaScript 10
  • 11. Common Gateway Interface (CGI) Handles moving data from a Web server to a Web browser The majority of dynamic Web pages are created with CGI and scripting languages Describes how a Web server passes data to a Web browser  Relies on Perl or another scripting language to create dynamic Web pages 11
  • 12. CGI Languages CGI programs can be written in different programming and scripting languages  C or C++  Perl  Unix shell scripting  Visual Basic  FORTRAN 12
  • 13. Common Gateway Interface (CGI) (continued) CGI example  Written in Perl  Hello.pl  Should be placed in the cgi-bin directory on the Web server #!/usr/bin/perl print "Content-type: text/htmlnn"; print "Hello Security Testers!"; 13
  • 14. Another CGI Example Link Ch 10a: Sam’s Feedback Form Link Ch 10b: CGI Script in Perl that processes the data from the form 14
  • 15. Active Server Pages (ASP) Microsoft’s server-side script engine  HTML pages are static—always the same  ASP creates HTML pages as needed. They are not static ASP uses scripting languages such as JScript or VBScript Not all Web servers support ASP  IIS supports ASP  Apache doesn’t support ASP as well 15
  • 16. Active Server Pages (ASP) You can’t see the source of an ASP page from a browser This makes it harder to hack into, although not impossible ASP examples at links Ch 10d, e, f 16
  • 17. Apache Web Server Apache is the most popular Web Server program Advantages  Stable and reliable  Works on just about any *NIX and Windows platform  It is free and open source See links Ch 10g, 10h 17
  • 18. Using Scripting Languages Dynamic Web pages can be developed using scripting languages  VBScript  JavaScript  PHP 18
  • 19. PHP: Hypertext Processor (PHP) Enables Web developers to create dynamic Web pages  Similar to ASP Open-source server-side scripting language  Can be embedded in an HTML Web page using PHP tags <?php and ?> Users cannot see PHP code in their Web browser Used primarily on UNIX systems  Also supported on Macintosh and Microsoft platforms 19
  • 20. PHP Example <html><head><title>Example</title></head> <body> <?php echo 'Hello, World!'; ?> </body></html>  See links Ch 10k, 10l PHP has known vulnerabilities  See links Ch 10m, 10n PHP is often used with MySQL Databases 20
  • 21. ColdFusion Server-side scripting language used to develop dynamic Web pages Created by the Allaire Corporation  Purchased by Macromedia, now owned by Adobe -- Expensive Uses its own proprietary tags written in ColdFusion Markup Language (CFML) CFML Web applications can contain other technologies, such as HTML or JavaScript 21
  • 22. ColdFusion Example <html><head><title>Ex</title></head> <body> <CFLOCATION URL="www.isecom.org/cf/index.htm" ADDTOKEN="NO"> </body> </html>  See links Ch 10o 22
  • 24. VBScript Visual Basic Script is a scripting language developed by Microsoft You can insert VBScript commands into a static HTML page to make it dynamic  Provides the power of a full programming language  Executed by the client’s browser 24
  • 25. VBScript Example <html><body> <script type="text/vbscript"> document.write("<h1>Hello!</h1>") document.write("Date Activated: " & date()) </script> </body></html> See link Ch 10r – works in IE, but not in Firefox Firefox does not support VBScript (link Ch 10s) 25
  • 26. VBScript vulnerabilities  See links Ch 10t, 10u 26
  • 27. JavaScript Popular scripting language JavaScript also has the power of a programming language  Branching  Looping  Testing 27
  • 28. JavaScript Example <html><head> <script type="text/javascript"> function chastise_user(){ alert("So, you like breaking rules?") document.getElementByld("cmdButton").focus( )} </script></head> <body><h3>Don't click the button!</h3> <form> <input type="button" value="Don't Click!" name="cmdButton" onClick="chastise_user()" /> </form></body></html>  See link Ch 10v – works in IE and Firefox 28 http://it-slideshares.blogspot.com
  • 30. ODBC or Web Server OLE DB Database Apache or IIS Or ADO SQL Server or HTML Forms Oracle or CGI Scripts MySQL HTTP or HTTPS Client’s Browser 30
  • 31. Connecting to Databases Web pages can display information stored on databases There are several technologies used to connect databases with Web applications  Technology depends on the OS used ODBC OLE DB ADO  Theory is the same 31
  • 32. Open Database Connectivity (ODBC) Standard database access method developed by the SQL Access Group ODBC interface allows an application to access  Data stored in a database management system (DBMS)  Can use Oracle, SQL, or any DBMS that understands and can issue ODBC commands Interoperability among back-end DBMS is a key feature of the ODBC interface 32
  • 33. Open Database Connectivity (ODBC) (continued) ODBC defines  Standardized representation of data types  A library of ODBC functions  Standard methods of connecting to and logging on to a DBMS 33
  • 34. OLE DB and ADO Object Linking and Embedding Database (OLE DB) and ActiveX Data Objects (ADO)  These two more modern, complex technologies replace ODBC and make up"Microsoft’s Universal Data Access“  See link Ch 10x 34
  • 35. Understanding Web Application Vulnerabilities Many platforms and programming languages can be used to design a Web site Application security is as important as network security 35
  • 36. Attackers controlling a Web server can  Deface the Web site  Destroy or steal company’s data  Gain control of user accounts  Perform secondary attacks from the Web site  Gain root access to other applications or servers 36
  • 37. Open Web Application Security Project (OWASP)  Open, not-for-profit organization dedicated to finding and fighting vulnerabilities in Web applications  Publishes the Ten Most Critical Web Application Security Vulnerabilities 37
  • 38. Top-10 Web application vulnerabilities Unvalidated parameters  HTTP requests from browsers that are not validated by the Web server  Inserted form fields, cookies, headers, etc. (See link Ch 10y) Broken access control  Developers implement access controls but fail to test them properly For example, letting an authenticated user read another user’s files 38
  • 39. Top-10 Web application vulnerabilities (continued) Broken account and session management  Enables attackers to compromise passwords or session cookies to gain access to accounts Cross-site scripting (XSS) flaws  Attackers inject code into a web page, such as a forum or guestbook  When others user view the page, confidential information is stolen  See link Ch 10za Buffer overflows  It is possible for an attacker to use C or C++ code that includes a buffer overflow 39
  • 40. Top-10 Web application vulnerabilities (continued) Command injection flaws  An attacker can embed malicious code and run a program on the database server  Example: SQL Injection Error-handling problems  Error messages may reveal information that an attacker can use Insecure use of cryptography  Storing keys, certificates, and passwords on a Web server can be dangerous 40
  • 41. Top-10 Web application vulnerabilities (continued) Remote administration flaws  Attacker can gain access to the Web server through the remote administration interface Web and application server misconfiguration  Any Web server software out of the box is usually vulnerable to attack Default accounts and passwords Overly informative error messages 41
  • 42. Application Vulnerabilities Countermeasures (continued) WebGoat project  Helps security testers learn how to perform vulnerabilities testing on Web applications  Developed by OWASP It’s like HackThisSite without the helpful forum  Tutorials for WebGoat are being made, but they aren’t yet ready 42
  • 43. Assessing Web Applications Issues to consider  Dynamic Web pages  Connection to a backend database server  User authentication  What platform was used? 43 http://it-slideshares.blogspot.com
  • 44. Does the Web Application Use Dynamic Web Pages? Static Web pages do not create a secure environment IIS attack example: Directory Traversal  Adding .. to a URL refers to a directory above the Web page directory  Early versions of IIS filtered out , but not %c1%9c, which is a Unicode version of the same character  See link Ch 10 zh 44
  • 45. Connection to a Backend Database Server Security testers should check for the possibility of SQL injection being used to attack the system SQL injection involves the attacker supplying SQL commands on a Web application field 45
  • 46. SQL Injection Example HTML form collects name and pw SQL then uses those fields: SELECT * FROM customer WHERE username = ‘name' AND password = ‘pw' If a hacker enters a name of ’ OR 1=1 -- The SQL becomes: SELECT * FROM customer WHERE username = ‘’ OR 1=1 --' AND password = ‘pw‘ Which is always true, and returns all the records 46
  • 48. Connection to a Backend Database Server Basic testing should look for  Whether you can enter text with punctuation marks  Whether you can enter a single quotation mark followed by any SQL keywords  Whether you can get any sort of database error when attempting to inject SQL 48
  • 49. User Authentication Many Web applications require another server to authenticate users Examine how information is passed between the two servers  Encrypted channels Verify that logon and password information is stored on secure places Authentication servers introduce a second target 49
  • 50. What Platform Was Used? Popular platforms include:  IIS with ASP and SQL Server (Microsoft)  Linux, Apache, MySQL, and PHP (LAMP) Footprinting is used to find out the platform  The more you know about a system the easier it is to gather information about its vulnerabilities 50
  • 51. Tools of Web Attackers and Security Testers Choose the right tools for the job Attackers look for tools that enable them to attack the system  They choose their tools based on the vulnerabilities found on a target system or application 51
  • 52. Web Tools Cgiscan.c: CGI scanning tool  Written in C in 1999 by Bronc Buster  Tool for searching Web sites for CGI scripts that can be exploited  One of the best tools for scanning the Web for systems with CGI vulnerabilities See link Ch 10zi 52
  • 54. Web Tools (continued) Phfscan.c  Written to scan Web sites looking for hosts that could be exploited by the PHF bug  The PHF bug enables an attacker to download the victim’s /etc/passwd file  It also allows attackers to run programs on the victim’s Web server by using a particular URL See links Ch 10zj, 10 zk 54 http://it-slideshares.blogspot.com
  • 55. Web Tools (continued) Wfetch: GUI tool from Microsoft  Displays information that is not normally shown in a browser, such as HTTP headers  It also attempts authentication using Multiple HTTP methods Configuration of host name and TCP port HTTP 1.0 and HTTP 1.1 support Anonymous, Basic, NTLM, Kerberos, Digest, and Negotiation authentication types Multiple connection types Proxy support Client-certificate support  See link Ch 10zl 55 http://it-slideshares.blogspot.com