Sites Under Attack

2,497 views

Published on

A web Security Presentation.
Talking about common web attacks and how to avoid.

Published in: Technology, Design
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
2,497
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
23
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide

Sites Under Attack

  1. 2. <ul><li>[mmf@devent2~]# </li></ul><ul><li>Connecting to agenda… </li></ul><ul><li>Reply from agenda [127.0.0.1] topics=4 time=45min </li></ul><ul><li>- Introduction </li></ul><ul><li>Famous Attacks & How 2 avoid ? </li></ul><ul><li>- Best Practices while coding </li></ul><ul><li>- End! </li></ul>2 / 27 show agenda
  2. 3. 3 / 27
  3. 4. HTML CSS JavaScript PHP / MySQL 4 / 27
  4. 5. HTML CSS JavaScript PHP / MySQL 5 / 27
  5. 6. HTML CSS JavaScript PHP / MySQL 6 / 27
  6. 7. HTML CSS JavaScript PHP / MySQL 7 / 27
  7. 8. <ul><li>Military Reasons </li></ul><ul><li>4 Money </li></ul><ul><li>Steal sensitive data </li></ul><ul><li>4 Fun! </li></ul><ul><li>4 nothing </li></ul><ul><li>and more… </li></ul>8 / 27
  8. 9. لا يوجد نـظــام أمـنــى خــالى من الثــغـــرات أدهم صبرى رجل جامد جداا , داخل ع الستين من عمره يرمز له بالرمز ( م – 404) , حرف الميم يعنى أنه من المنصورة ,, أما الكود 404 فيعنى أنه يدمر جميع أعداه و يجلعهم غير موجدين !, كما أنه قادر على قيادة كل أنواع المواصلات ( الموتيسكلات , السيارات , السوبرجيت وحتى التوك توك ),, و يجيد استخدام جميع أنواع الأسلحة من المسداسات وبمب العيد ! القنابل الهيدوجينية , ويجيد 66 لغة بالصلاة ع النبى اتعلم معظمهم وهو نايم لذا استحق لقب ”رجل المستحيل“ 9 / 27
  9. 10. Vulnerability Exploit A weakness in the system that allow attacker to attack the system Successful implementation or attack that takes advantage of vulnerability 10 / 27
  10. 11. Find latest exploits on www.exploit-db.com 11 / 27
  11. 12. 12 / 27 Random Attack!
  12. 13. 13 / 27 Get information about website www.netcraft.com www.whois.net
  13. 14. http://www.yougetsignal.com/tools/web-sites-on-web-server/ http://domainsbyip.com/ 14 / 27
  14. 15. 15 / 27
  15. 16. # Don’t trust user input # User can write a malicious so, you must sanitize every input. 16 / 27
  16. 17. # a technique used to take advantage of non-validated input vulnerabilities to pass SQL commands through a Web application for execution by a backend database. 17 / 27
  17. 18. found in Web applications that enables attackers to inject client-side script into Web pages viewed by other users 18 / 27
  18. 19. It is a vulnerability that may allow an attacker to execute arbitrary scripts on a host server by causing an existing script to include an arbitrary file 19 / 27
  19. 20. <ul><li>Session Hijacking </li></ul><ul><li>Cookie Hijacking </li></ul><ul><li>Spoofed Form Submission </li></ul><ul><li>Cookie Poisoning </li></ul><ul><li>Command Execution </li></ul><ul><li>Cross-Site Request Forgeries </li></ul><ul><li>Clickjacking </li></ul><ul><li>Likejacking </li></ul><ul><li>Form Grabbing </li></ul><ul><li>HTTP Header Injection </li></ul><ul><li>and more… </li></ul>20 / 27
  20. 21. 21 / 27
  21. 22. <ul><li>A directory-level configuration file supported by several web servers. </li></ul><ul><li>You can use it for: </li></ul><ul><li>Authentication </li></ul><ul><li>Customize Response Errors </li></ul><ul><li>URL Rewriting </li></ul><ul><li>Cache Control </li></ul><ul><li>Deny IP </li></ul><ul><li>and more… </li></ul>22 / 27
  22. 23. <ul><li>File Upload is a big risk to your app. </li></ul><ul><li>Don’t use $_FILES[‘fname’][‘type’] </li></ul>23 / 27
  23. 24. <ul><li>It is a technique use to ensure that the response is generated by Human Not a computer! </li></ul><ul><li>Some Application </li></ul><ul><li>Prevent comment spam </li></ul><ul><li>registration pages </li></ul><ul><li>online poll </li></ul><ul><li>prevent Dictionary Attacks </li></ul>24 / 27
  24. 25. 25 / 27
  25. 26. 26 / 27
  26. 27. Mohamed Mahmoud Fouad www.eng-mmf.com @mmf /eng.mmf

×