Graph Visualization - OWASP NYC Chapter

289
-1

Published on

The presentation that was given by Maty Siman, Checkmarx's CTO during the OWASP NYC/NJ local chapter meeting held on the 11th of April 2013.

Published in: Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
289
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
0
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • That’s a data flow and how each step is reflected at the source code.
  • And then we might have dozens of paths. How can we gain some more information?
  • Let’s combine them together
  • So this place is probably better. More paths get fixed
  • If I fixed that point, what parts will be OK?
  • And what about this one in here?
  • So by fixing only three places in the code, we were able to fix…
  • So by fixing only three places in the code, we were able to fix…
  • So by fixing only three places in the code, we were able to fix…
  • So by fixing only three places in the code, we were able to fix…
  • So by fixing only three places in the code, we were able to fix…
  • … this.
  • Graph Visualization - OWASP NYC Chapter

    1. 1. OWASP NYC MatyTitle in white and bold Siman
    2. 2. AboutMaty Siman, CISSPCTO, Founder – Checkmarx: Leading SAST (“Source Code Analysis”) Vendor Hundreds of customers WW Secures SalesForce AppExchange market Title in white and bold “Visionary” by Gartner
    3. 3. Graph VisualizationTitle in white and bold
    4. 4. Issues at hand – size, complexity, volume The biggest challenge of current source code analysis solutions is size- How to deliver: 1. Usable results 2. Automatically Title in white and bold 3. Out-of-the-box 4. Actionable for extra large code bases with thousands+ of results
    5. 5. Issue• Findings thousands accurate results, does not make us happy …• Webgoat, for example, has hundreds of XSS• We’ll narrow this down to 10 fixing placesTitle in white and bold
    6. 6. Current situation• Each result has a data flow, presented independently from other findings.Title in white and bold
    7. 7. Single Data Flow Path - XSS Request.QueryString*“param1”+;String s = Request.QueryString*“param1”+; … s Response.Write(s); Response.Write(s); Title in white and bold
    8. 8. Current situation• One is easy.• And 14?Title in white and bold
    9. 9. Many Single-Path – XSS – a lot of workTitle in white and bold
    10. 10. But …• What do they have in common?Title in white and bold
    11. 11. Combined pathsTitle in white and bold
    12. 12. Can we …• Point, click and check without even READING the source code?• “What if I fix here? Or here?”Title in white and bold
    13. 13. Here it is more effectiveTitle in white and bold
    14. 14. What-If I fix here?Title in white and bold
    15. 15. And here?Title in white and bold
    16. 16. Automatic “What-if” => Best Fix LocationMax-Flow-Min-Cut (http://en.wikipedia.org/wiki/Max-flow_min-cut_theorem_Title in white and bold
    17. 17. Simplifying the graph – step 1 - groupingTitle in white and bold
    18. 18. Simplifying the graph – step 2 –homeograph’ing (http://enc.tfode.com/Homeomorphism_(graph_theory))Title in white and bold
    19. 19. Simplifying the graph - outputTitle in white and bold
    20. 20. Simplifying the graph - outputTitle in white and bold
    21. 21. Compare the three Title in white and boldSpace Invader
    22. 22. Benefits• Gives you the correlation between findings of the same type (SQLi) and different types.• You are not dealing with individual findings – but with a complete system•Title inyour time bold Use white and better
    23. 23. Thank youTitle in white and bold maty@checkmarx.com

    ×