Your SlideShare is downloading. ×
0
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Sites Under Attack
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Sites Under Attack

1,923

Published on

A web Security Presentation. …

A web Security Presentation.
Talking about common web attacks and how to avoid.

Published in: Technology, Design
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
1,923
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
20
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1.  
  • 2. <ul><li>[mmf@devent2~]# </li></ul><ul><li>Connecting to agenda… </li></ul><ul><li>Reply from agenda [127.0.0.1] topics=4 time=45min </li></ul><ul><li>- Introduction </li></ul><ul><li>Famous Attacks & How 2 avoid ? </li></ul><ul><li>- Best Practices while coding </li></ul><ul><li>- End! </li></ul>2 / 27 show agenda
  • 3. 3 / 27
  • 4. HTML CSS JavaScript PHP / MySQL 4 / 27
  • 5. HTML CSS JavaScript PHP / MySQL 5 / 27
  • 6. HTML CSS JavaScript PHP / MySQL 6 / 27
  • 7. HTML CSS JavaScript PHP / MySQL 7 / 27
  • 8. <ul><li>Military Reasons </li></ul><ul><li>4 Money </li></ul><ul><li>Steal sensitive data </li></ul><ul><li>4 Fun! </li></ul><ul><li>4 nothing </li></ul><ul><li>and more… </li></ul>8 / 27
  • 9. لا يوجد نـظــام أمـنــى خــالى من الثــغـــرات أدهم صبرى رجل جامد جداا , داخل ع الستين من عمره يرمز له بالرمز ( م – 404) , حرف الميم يعنى أنه من المنصورة ,, أما الكود 404 فيعنى أنه يدمر جميع أعداه و يجلعهم غير موجدين !, كما أنه قادر على قيادة كل أنواع المواصلات ( الموتيسكلات , السيارات , السوبرجيت وحتى التوك توك ),, و يجيد استخدام جميع أنواع الأسلحة من المسداسات وبمب العيد ! القنابل الهيدوجينية , ويجيد 66 لغة بالصلاة ع النبى اتعلم معظمهم وهو نايم لذا استحق لقب ”رجل المستحيل“ 9 / 27
  • 10. Vulnerability Exploit A weakness in the system that allow attacker to attack the system Successful implementation or attack that takes advantage of vulnerability 10 / 27
  • 11. Find latest exploits on www.exploit-db.com 11 / 27
  • 12. 12 / 27 Random Attack!
  • 13. 13 / 27 Get information about website www.netcraft.com www.whois.net
  • 14. http://www.yougetsignal.com/tools/web-sites-on-web-server/ http://domainsbyip.com/ 14 / 27
  • 15. 15 / 27
  • 16. # Don’t trust user input # User can write a malicious so, you must sanitize every input. 16 / 27
  • 17. # a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. 17 / 27
  • 18. found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users 18 / 27
  • 19. It is a vulnerability that may allow an attacker to execute arbitrary scripts on a host server by causing an existing script to include an arbitrary file 19 / 27
  • 20. <ul><li>Session Hijacking </li></ul><ul><li>Cookie Hijacking </li></ul><ul><li>Spoofed Form Submission </li></ul><ul><li>Cookie Poisoning </li></ul><ul><li>Command Execution </li></ul><ul><li>Cross-Site Request Forgeries </li></ul><ul><li>Clickjacking </li></ul><ul><li>Likejacking </li></ul><ul><li>Form Grabbing </li></ul><ul><li>HTTP Header Injection </li></ul><ul><li>and more… </li></ul>20 / 27
  • 21. 21 / 27
  • 22. <ul><li>A directory-level configuration file supported by several web servers. </li></ul><ul><li>You can use it for: </li></ul><ul><li>Authentication </li></ul><ul><li>Customize Response Errors </li></ul><ul><li>URL Rewriting </li></ul><ul><li>Cache Control </li></ul><ul><li>Deny IP </li></ul><ul><li>and more… </li></ul>22 / 27
  • 23. <ul><li>File Upload is a big risk to your app. </li></ul><ul><li>Don’t use $_FILES[‘fname’][‘type’] </li></ul>23 / 27
  • 24. <ul><li>It is a technique use to ensure that the response is generated by Human Not a computer! </li></ul><ul><li>Some Application </li></ul><ul><li>Prevent comment spam </li></ul><ul><li>registration pages </li></ul><ul><li>online poll </li></ul><ul><li>prevent Dictionary Attacks </li></ul>24 / 27
  • 25. 25 / 27
  • 26. 26 / 27
  • 27. Mohamed Mahmoud Fouad www.eng-mmf.com @mmf /eng.mmf

×