Your SlideShare is downloading. ×
Enterprise portals, gate to the gold
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Enterprise portals, gate to the gold

743

Published on

Presentation by Ian de Villiers at ZaCon 1 in 2009. …

Presentation by Ian de Villiers at ZaCon 1 in 2009.

The presentation begins by naming a few enterprise portal vendors followed by a brief overview of enterprise portals. Common shortcomings of EP's are discussed, which leads on to discussions about using custom applications to expose the full functionality of a portal.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
743
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. Enterprise PortalsGate to the Gold
  • 2. `whoami`•  SensePost –  Specialist Security firm based in Pretoria –  Customers all over the globe –  Talks / Papers / Books•  ian@sensepost.com –  Associate security analyst –  I break stuff and write reports about breaking stuff•  Why this talk?
  • 3. EP Vendors•  IBM WebSphere Portal•  SAP NetWeaver Portal•  Oracle Portal Products (PlumTree, BEA, SUN, ∞)•  OpenText Portal (Formerly Vignette)•  JBoss Portal•  Microsoft SharePoint Server•  Apache Jetspeed, Interwoven TeamPortal, …, ∞
  • 4. EP Overview•  Frequent on intranets.•  Also frequent on the Internet… :)•  Framework for integrating information, people and processes**•  Consolidate and summarise diverse sources of information•  Provide customisable home-page for registered users**
  • 5. EP Overview•  Popular platform for deployment of applications due to framework and built-in functionality•  Provide SDK’s for customisation and deployment of custom applications•  Support pluggable components called portlets•  Generally J2EE-based, but there are some alternate platforms (i.e.: .NET, PHP, ∞)
  • 6. Portlet Overview •  Pluggable user interface components which are managed and displayed in a portal** •  Fragments of markup code (i.e: HTML / XML etc) which are aggregated in a portal page** •  Adhere to various standards –  WSRP (web services for remote portlets) –  Java Portlet SpecificationGET /moo?portlet=id&URI=http%3A%2F%2FHR%2Fbaa •  JSR168 HTTP 200 OK •  JSR268 •  Proprietary **
  • 7. Functionality++•  User Registration•  Portals are generally designed to share information – provide functionality for searching documents, users, ..., ∞•  Workflow components•  Messaging / Social networking•  Configuration and administrative components
  • 8. Common Shortcomings•  Generally cater for multiple portal applications –  May expose intranet applications to the Internet•  Frequently allow registration for public users – Functionality++•  Due to complex installation of J2EE application servers and lazy sys-admins, frequently run with elevated privileges
  • 9. Common Shortcomings•  Diverse log-in capabilities –  LDAP, XML, Database, ..., ∞, * == SSO•  Developers of custom applications deployed on portal platforms frequently have not considered the underlying functionality of the platform•  Custom error pages defined for platform•  Complexity++
  • 10. Breaking Out•  Custom applications frequently exploit functionality of portal framework but don’t allow users direct access to framework functions…•  … or do they ?
  • 11. Breaking Out•  Direct object access•  Google is your friend… :>•  Forcing errors to display generic portal error messages•  Accessing site-registration•  HTML source comments and JavaScript•  Once we can break out of the custom application, we expose the full functionality of the portal…
  • 12. Finding Portals•  Google Hacks (nods at Johnny Long…)•  site:, insite:, inurl:, …, ∞•  Demo… –  site:za –  inurl:/portal/site –  inurl:/template.REGISTER
  • 13. Abusing Portlets•  Original Advisory pertaining to IBM WebSphere –  WebSphere – 2006/01/24 – EPAM Systems•  Port Scanning•  Accessing protected resources•  Attacks at third parties•  Blended Attack Scenarios –  Denial Of Service –  Brute-Force –  Attacks against other protocols
  • 14. PortletSuite.tgz•  PortletScan.py –  Scan for open ports by abusing portlets•  Pikto.py –  Scan for common virtual directory names and web server misconfigurations•  PorProx.py –  Provides proxy server functionality tunnelling HTTP requests through remote portlets
  • 15. PortletSuite.tgz•  http://www.sensepost.com/blog•  Demo… –  Breaking out –  Portlet-scanning –  Pikto –  Accessing protected resources –  PortletProx
  • 16. Questions ?ian@sensepost.com

×