• Save
Practical Web Attacks
Upcoming SlideShare
Loading in...5
×
 

Practical Web Attacks

on

  • 2,303 views

 

Statistics

Views

Total Views
2,303
Views on SlideShare
2,039
Embed Views
264

Actions

Likes
1
Downloads
0
Comments
0

2 Embeds 264

http://blog.synopsi.com 259
http://www.linkedin.com 5

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Practical Web Attacks Practical Web Attacks Presentation Transcript

  • Web application attacks – practical demonstration Ing. Pavol Lupták, CISSP, CEH          www.nethemba.com             www.nethemba.com      
  • Agenda Unvalidates Parameters  Access Control Flaws  Session Management Flaws  Cross Site Scripting (XSS)  Injection flaws  Improper Error Handling  AJAX Security           www.nethemba.com       
  • Unvalidated Parameters Exploit Hidden Fields  Exploit Unchecked Email  Bypass Client Side JavaScript Validation           www.nethemba.com       
  • Access Controls Flaws Bypass a Path Based Access Control Scheme  Bypass Business Layer Access Control  Bypass Data Layer Access Control           www.nethemba.com       
  • Session Management Flaws Spoof an Authentication Cookie  Hijack a Session           www.nethemba.com       
  • Cross Site Scripting (XSS) Stored XSS  Reflected XSS  Cross Site Request Forgery (CSRF)           www.nethemba.com       
  • Injection flaws Blind SQL injection  Numeric SQL injection  String SQL injection  XPATH injection           www.nethemba.com       
  • Improper Error Handling Fail Open Authentication Scheme           www.nethemba.com       
  • AJAX Security Client Side Filtering  Same Origin Policy (SOP) Protection  XML Injection  JSON Injection  Dangerous Use of Eval           www.nethemba.com       
  • Used tools WebGoat project   http://www.owasp.org/index.php/Category:OWASP_WebGoat_P WebScarab   http://www.owasp.org/index.php/Category:OWASP_WebScarab Tamperdata http://tamperdata.mozdev.org/  LiveHTTPHeaders http://livehttpheaders.mozdev.org/  Add N Edit Cookies   https://addons.mozilla.org/en­US/firefox/addon/573          www.nethemba.com       
  • References New Web Applications Attacks   http://www.nethemba.com/new_web_attacks­nethe LAMP and PHP security hardening (in Slovak   language)   http://www.nethemba.com/php­sec.pdf          www.nethemba.com       
  • Thank you for listening! Ing. Pavol Lupták, CISSP, CEH pavol.luptak@nethemba.com          www.nethemba.com