• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
Practical Web Attacks
 

Practical Web Attacks

on

  • 2,238 views

 

Statistics

Views

Total Views
2,238
Views on SlideShare
1,975
Embed Views
263

Actions

Likes
1
Downloads
0
Comments
0

2 Embeds 263

http://blog.synopsi.com 258
http://www.linkedin.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    Practical Web Attacks Practical Web Attacks Presentation Transcript

    • Web application attacks – practical demonstration Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
    • Agenda Unvalidates Parameters  Access Control Flaws  Session Management Flaws  Cross Site Scripting (XSS)  Injection flaws  Improper Error Handling  AJAX Security           www.nethemba.com       
    • Unvalidated Parameters Exploit Hidden Fields  Exploit Unchecked Email  Bypass Client Side JavaScript Validation           www.nethemba.com       
    • Access Controls Flaws Bypass a Path Based Access Control Scheme  Bypass Business Layer Access Control  Bypass Data Layer Access Control           www.nethemba.com       
    • Session Management Flaws Spoof an Authentication Cookie  Hijack a Session           www.nethemba.com       
    • Cross Site Scripting (XSS) Stored XSS  Reflected XSS  Cross Site Request Forgery (CSRF)           www.nethemba.com       
    • Injection flaws Blind SQL injection  Numeric SQL injection  String SQL injection  XPATH injection           www.nethemba.com       
    • Improper Error Handling Fail Open Authentication Scheme           www.nethemba.com       
    • AJAX Security Client Side Filtering  Same Origin Policy (SOP) Protection  XML Injection  JSON Injection  Dangerous Use of Eval           www.nethemba.com       
    • Used tools WebGoat project   http://www.owasp.org/index.php/Category:OWASP_WebGoat_P WebScarab   http://www.owasp.org/index.php/Category:OWASP_WebScarab Tamperdata http://tamperdata.mozdev.org/  LiveHTTPHeaders http://livehttpheaders.mozdev.org/  Add N Edit Cookies   https://addons.mozilla.org/en­US/firefox/addon/573          www.nethemba.com       
    • References New Web Applications Attacks   http://www.nethemba.com/new_web_attacks­nethe LAMP and PHP security hardening (in Slovak   language)   http://www.nethemba.com/php­sec.pdf          www.nethemba.com       
    • Thank you for listening! Ing. Pavol Lupták, CISSP, CEH pavol.luptak@nethemba.com          www.nethemba.com