SlideShare a Scribd company logo

Top 10 Security Vulnerabilities (2006)

Susam Pal
Susam Pal

A talk on top 10 Security Vulnerabilities based on OWASP Top Ten Project: https://www.owasp.org/index.php/OWASP_Top_Ten_Project. The presentation is available under Creative Commons Attribution-ShareAlike 2.5 Generic License: https://creativecommons.org/licenses/by-sa/2.5/.

Technology
1 of 61
Download to read offline
Top 10 Security Vulnerabilities Susam Pal Based on OWASP Top Ten Project (2006) http://www.owasp.org/index.php/OWASP_Top_Ten_Project Content is available under Creative Commons Attribution-ShareAlike 2.5 License
Agenda  Unvalidated Input  Broken Access Control  Broken Authentication  Cross Site Scripting  Buffer Overflows  Injection Flaws  Improper Error Handling  Insecure Storage  Denial of Service  Insecure Configuration
Unvalidated Input All input is evil …. .... until proven otherwise. Types of Input:  HTTP Requests  Commands  Network packets (TCP/IP, UDP, etc.)
Unvalidated Input Common Input Tampering Attacks:  Forced Browsing  Command Insertion  Cross Site Scripting  Buffer Overflows  SQL Injection  Hidden Field Manipulation
Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Web Root: C:Inetpubwwwroot Unsafe Procedure: map [URL] to [path of the resource] on the hard disk; if [path of the resource] starts with [C:Inetpubwwwroot] then allow access; else deny access;
Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Exploit: http://www.example.com/../../windows/system32/cmd.exe URL Mapped to Resource on Hard Disk: C:Inetpubwwwroot....windowssystem32cmd.exe What IIS/PWS forgot to check: C:Inetpubwwwroot....windowssystem32cmd.exe = C:Inetpub..windowssystem32cmd.exe = C:windowssystem32cmd.exe
Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Safe Procedure: map [URL] to [path of the resource] on the hard disk; canonicalize [path of the resource]; if [path of the resource] starts with [C:Inetpubwwwroot] then allow access; else deny access; Reference: http://www.securityfocus.com/bid/1806
Unvalidated Input Prevention:  Canonicalization: Input should be converted to the simplest form before they are validated.  Server Side Validation: It is must. First code Server Side Validation, then code Client Side Validation.  Validate against a positive (not negative) specification.  Detailed code review for tainted parameters.
Broken Access Control Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. Features:  Access control is closely associated with the content and functions of the application.  Users are generally managed by putting them under various groups/roles with various priveleges.
Broken Access Control Common Mistakes:  Administrative interfaces that allow site administrators to manage a site over the Internet.  Insertion of access control rules in various locations all over the code on an ad hoc basis. Common Attacks:  Exploiting Insecure Id’s  Forced Browsing Past Access Control Checks  Path traversals  Exploiting browser cache
Broken Access Control How to disable Browser Cache: HTML <meta> Tag <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Cache" content="no-cache"> <meta http-equiv="Expires" content="thu, 01 Jan 1980 12:00:00 GMT"> ASP <% Response.AddHeader "Pragma", "no-cache" %> <% Response.Expires = -1 %> <% Response.CacheControl="private" %> <% Response.CacheControl = "no-cache" %> <% Response.CacheControl = "no-store" %>
Broken Access Control How to disable Browser Cache: JSP <% response.setHeader("Pragma","no-cache"); %> <% response.setHeader("Cache-Control","no-cache"); %> <% response.setDateHeader ("Expires", 0); %> <% response.setHeader("Cache-Control","no-store"); %> PHP <?php Header("Pragma: no-cache"); Header("Cache-control: private, no-cache, no-store"); Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ?>
Broken Authentication Types of Authentication:  User ID and Password  Software & Hardware based cryptographic tokens  Biometrics Session Management:  Web applications must establish sessions to keep track of the stream of requests from each user.  HTTP doesn’t provide this capability, so web applications must create it themselves.  Generally developers create session tokens to manage sessions.
Broken Authentication Common Attacks:  “Walk by” Attacks  Session Hijacking Prevention:  Re-authentication for critical functionalities.  Use of SSL to protect authentication credentials and session identifiers.  Code review and penetration testing  POST method to submit authentication & session data.  Use autocomplete=“off” with <form> and <input> tags.  Avoid implicit trust between components.
Cross Site Scripting XSS occurs when an attacker uses a web application to send malicious code, generally in the form of a script, to a different end user. Types of XSS attacks:  Stored - Injected code is permanently stored on the target servers, such as in a database, forum, visitor log, comment field, etc.  Reflected – Injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.
Cross Site Scripting Common Attacks:  Annoyance to the end user.  Redirecting the user to some other page or site  Disclosure of the user’s session cookie.  Session hijacking. Prevention:  Code review of all places where input from an HTTP request could possibly make its way into the HTML output.  Validate all headers, cookies, query strings, form fields and all such inputs against a rigorous positive specification.
Cross Site Scripting Community Architect Guestbook XSS (SA19742) When the attacker is in a good mood:
Cross Site Scripting Community Architect Guestbook XSS (SA19742) Where the input goes:
Cross Site Scripting Community Architect Guestbook XSS (SA19742) The Output:
Cross Site Scripting Community Architect Guestbook XSS (SA19742) If the attacker attacks:
Cross Site Scripting Community Architect Guestbook XSS (SA19742) Where the input goes:
Cross Site Scripting Community Architect Guestbook XSS (SA19742) The Output: Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2003
Cross Site Scripting Potential Harmful Tags: <script> <object> <embed> <applet> <form> Decision to be taken for XSS prevention:  Whether tags should appear in the output as a tags.  Whether tags should not appear in the output at all.  Whether text formatting is to be allowed.
Cross Site Scripting If tags should appear in the output. Convert special characters to HTML entities
Cross Site Scripting If tags should appear in the output. Convert special characters to HTML entities: Special Character HTML Entity < &lt; > &rt; “ &quot; & &amp; ( &#40; ) &#41; # &#35;
Cross Site Scripting If tags should not appear in the output. Filter out all tags
Cross Site Scripting If text formatting should be allowed Allow necessary tags only.
Cross Site Scripting If text formatting should be allowed. Tags that can be allowed: <p> <b> <u> <i> <strike> <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
Buffer Overflows Attackers use buffer overflows to corrupt the execution stack of an application. Buffer overflows are easy to avoid, difficult to discover and extremely difficult to exploit. Types of Attacks:  Attackers send carefully crafted input to a web application, an attacker can cause the application to execute arbitrary code.  When difficult to exploit, the attackers can crash the application thereby leading to DoS (Denial of Service).
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte Return Address indicates what ESP is pointing to indicates what EBP is pointing to
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte buffer[3] buffer[2] buffer[1] buffer[0] Return Address indicates what ESP is pointing to indicates what EBP is pointing to
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte ‘0’ ‘!’ ‘i’ ‘H’ Return Address indicates what ESP is pointing to indicates what EBP is pointing to
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte buffer[3] buffer[2] buffer[1] buffer[0] Return Address indicates what ESP is pointing to indicates what EBP is pointing to
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str – 4th byte *str – 3rd byte 0 ! g n i n r o M d o o G Return Address indicates what ESP is pointing to indicates what EBP is pointing to
#include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str - 4th byte *str - 3rd byte 0 00H ! 21H g 67H n 6EH i 69H n 6EH r 72H o 6FH M 4DH 20H d 64H o 6FH o 6FH G 47H Return Address Returns to offset 676E696EH indicates what ESP is pointing to indicates what EBP is pointing to
Buffer Overflows Major Attacks: Code Red Virus Attacked a buffer overflow weakness in the Microsoft IIS Server API on July 19, 2001. Damage: $2.6 billion Sasser Worm Attacked the Microsoft LSAS buffer overflow vulnerability on April 30, 2004. Damage: $3.5 billion
Buffer Overflows Prevention:  C Programmers now refrain from using strcpy(), strcat() in their programs. They use strncpy(), strncat() instead which perform bound checking. Never use gets().  Programmers now write their applications in languages like Java, Visual Basic which has better stack and memory management features.  Sun Microsystems is trying to make their Sparc processor immune to stack overflow attack by introducing new feature to protect the return address during a subroutine call.
Injection Flaws Injection flaw lets you inject executable code at places where it is not allowed in a secure system which might lead to execution of the code and compromise of the system. Common Attacks:  Relay malicious through a web application to another system.  Calls to operating system via system calls.  Use of external programs via shell commands.  Calls to backend databases via SQL.  Complete script injection into web applications.
Injection Flaws SQL Injection:  SQL injection is particularly widespread and dangerous form of injection.  SQL Injection is possible if the value of any parameter is used in SQL queries and the parameter is not sanitised properly.  The attacker can retrieve, modify, corrupt or destroy database contents.
Injection Flaws Bloggage SQL Injection: SELECT <some_column> FROM <some_table> WHERE Account_Name = '<user>' AND Password ='<password>' SELECT <some_column> FROM <some_table> WHERE Account_Name ='blackhathacker'' AND Password =''
Injection Flaws Bloggage SQL Injection: SELECT <some_column> FROM <some_table> WHERE Account_Name = '<user>' AND Password ='<password>' SELECT <some_column> FROM <some_table> WHERE Account_Name = 'blackhathacker' AND Password = 'a' OR 'a' = 'a' (Always a true condition) Account Name: blackhathacker Password: a' OR 'a' = 'a
Injection Flaws Bloggage SQL Injection:
Injection Flaws Prevention:  Avoid accessing external interpreters wherever possible.  For calls to backend databases, carefully validate the data provided to ensure that it does not contain any malicious content.  Structure requests in a manner that ensures that all supplied parameters are treated as data, rather than potentially executable content.  Convert special characters to the correct form.  Run the application with minimum priveleges required.
Improper Error Handling Improper handling of errors can introduce a variety of security problems. Common Problems:  Inconsistencies in error messages which can reveal important clues on how the system works.  Stack traces, database dumps and error codes are displayed on error.  Syntax errors are displayed along with portions of the codes.
Improper Error Handling A Bad Error Message
Improper Error Handling An Ideal Error Message
Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) A valid page: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 Trial 1: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828' Error: Unclosed quotation mark before the character string ' and mncpage.mnccategoryid = mnccategory.mnccategoryid'. Conclusion: Direct SQL Injection is possible. There are 2 tables, 'mncpage' and 'mnccategory'. Both of them have a column called 'mnccategoryid'.
Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 2: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 1-- http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 2-- http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 3-- No error
Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 3: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 4-- Error: The ORDER BY position number 4 is out of range of the number of items in the select list. Conclusion: The table being used by the query selects 3 columns and one of them is an integer.
Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 4: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 union select 'varchar1', 'varchar2', 'varchar3' from mncpage -- Error: Syntax error converting the varchar value 'varchar1' to a column of data type int. Conclusion: The 1st column in the select query is an integer.
Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 5: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 union select mnccategoryid, 'varchar2', 'varchar3' from mncpage-- No Error Conclusion: The column 'mnccategory' is of integer type. Reference: http://www.webappsec.org/projects/whid/list_id_2006-27.shtml
Insecure Storage Most applications need to store sensitive information, either in a database or on a file system. Types of Sensitive Information:  Passwords  Credit Card Numbers  Account Records  Proprietary Information
Insecure Storage Common Mistakes:  Failure to encrypt critical data  Insecure storage of keys and passwords  Improper storage of secrets in memory  Poor sources of randomness  Poor choice of algorithm  Attempting to invent a new encryption algorithm Types of Attacks:  Examining tokens, session IDs, cookies, etc. to see if they are obviously not random.  Finding cryptographic flaws.
Insecure Storage Prevention:  Minimize encryption. Use it to keep information that is absolutely necessary.  Instead of storing encrypted passwords, use a one-way function, such as a SHA-1, to has the passwords  If cryptography must be done, choose a library that has been exposed to public scrutiny and makes sure that there are no open vulnerabilities.  Clear the clear-text sensitive information from the memory as soon as possible.
Denial of Service Denial of Service (DoS) attack is an attempt to make a computer service unavailable to its intended users. Common Attacks:  Consume bandwidth, database connections, disk storage, CPU, memory, threads, or application specific resources.  Locking out a legitimate user by sending invalid credentials until the system locks out the account.  Exploiting buffer overflows & injection flaws to inject code/commands to shut down or stall importand service.
Denial of Service 0verkill recv_packet() UDP Handling Overflow DoS The vulnerability was an integer underflow error in a Linux based gaming daemon called 0verkill. It could be exploited to launch DoS attacks by sending UDP packets of size less than 12 bytes to the 0verkill daemon. Prevention: Load balancing makes these attacks more difficult. Analyse each resource and check if there is a way to exhaust it. Limit resources to any user to bare minimum. Check error handling scheme and ensure that an error can not affect the overall operation of the system.
Insecure Configuration Insecure configuration of a system can itself be a potential vulnerability. Common Configuration Problems: Unpatched security flaws in a software. Server software flaws or misconfigurations that permit directory listing and directory traversal attacks Improper file and directory permissions Unnecessary services enabled Default accounts with default passwords Administrative or debugging functions that are enabled Improper authentication with external systems
Insecure Configuration Apache URL Validation Vulnerability (BID 19447) # Sample Safe Configuration for Unix/Linux DocumentRoot "/home/webmaster/site/docroot/" ScriptAlias /cgi-bin/ "/home/webmaster/site/docroot/cgi-bin" # Sample Unsafe Configuration for Windows DocumentRoot "C:/webmaster/site/docroot" ScriptAlias /cgi-bin/ "C:/webmaster/site/docroot/cgi-bin/" Accessing a script in the cgi-bin directory: http://www.example.com/cgi-bin/somescript Exploit: http://www.example.com/CGI-BIN/somescript
Insecure Configuration Apache URL Validation Vulnerability (BID 19447) # Sample Safe Configuration for Windows DocumentRoot "C:/webmaster/site/docroot" ScriptAlias /cgi-bin/ "C:/webmaster/site/cgi-bin/" Accessing a script in the cgi-bin directory: http://www.example.com/cgi-bin/somescript Exploit URL is now invalid: http://www.example.com/CGI-BIN/somescript Reference: http://www.securityfocus.com/bid/19447
Insecure Configuration Prevention:  Configure all security mechanisms  Turn off all unused services  Set up roles, permissions and accounts  Disable all default accounts or change their passwords  Enable logging and alerts  Monitor the latest security vulnerabilities published  Apply the latest security patches  Update the security configuration guidelines  Scan for vulnerabilities with a vulnerability scanner regulary
Thank You!

Recommended

Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionBlueinfy Solutions
 
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...adonatwork
 
ieee
ieeeieee
ieeeRadheshyam Dhakad
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
In graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesIn graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
 

Recommended

Static Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingStatic Analysis: The Art of Fighting without Fighting
Static Analysis: The Art of Fighting without FightingRob Ragan
 
Filter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireFilter Evasion: Houdini on the Wire
Filter Evasion: Houdini on the WireRob Ragan
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
XPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionXPATH, LDAP and Path Traversal Injection
XPATH, LDAP and Path Traversal InjectionBlueinfy Solutions
 
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...
Frontend Security: Applying Contextual Escaping Automatically, or How to Stop...adonatwork
 
ieee
ieeeieee
ieeeRadheshyam Dhakad
 
OWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksOWASP Pune Chapter : Dive Into The Profound Web Attacks
OWASP Pune Chapter : Dive Into The Profound Web AttacksNarendra Bhati
 
In graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesIn graph we trust: Microservices, GraphQL and security challenges
In graph we trust: Microservices, GraphQL and security challengesMohammed A. Imran
 
Efficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template EnginesEfficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template Enginesadonatwork
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodann|u - The Open Security Community
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentationowaspsd
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against InjectionsBlueinfy Solutions
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Application security 101
Application security 101Application security 101
Application security 101Vlad Garbuz
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Zack Meyers
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keithm j
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managmentzakieh alizadeh
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & DefenseBlueinfy Solutions
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 
Php manish
Php manishPhp manish
Php manishManish Jain
 
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 

More Related Content

What's hot

Efficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template EnginesEfficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template Enginesadonatwork
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionNarendra Bhati
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentationowaspsd
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at WebvisionsAaron Parecki
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionDaniel Owens
 
Application security 101
Application security 101Application security 101
Application security 101Vlad Garbuz
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Jeremiah Grossman
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservicesMohammed A. Imran
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Zack Meyers
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksStefano Di Paola
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooNahidul Kibria
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keithm j
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation SecurityAman Singh
 
Web API Security
Web API SecurityWeb API Security
Web API SecurityStefaan
 

What's hot (20)

Efficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template EnginesEfficient Context-sensitive Output Escaping for Javascript Template Engines
Efficient Context-sensitive Output Escaping for Javascript Template Engines
 
Abusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF ProtectionAbusing Windows Opener To Bypass CSRF Protection
Abusing Windows Opener To Bypass CSRF Protection
 
Introduction to shodan
Introduction to shodanIntroduction to shodan
Introduction to shodan
 
OWASP San Diego Training Presentation
OWASP San Diego Training PresentationOWASP San Diego Training Presentation
OWASP San Diego Training Presentation
 
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourWAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ Behaviour
 
Defending against Injections
Defending against InjectionsDefending against Injections
Defending against Injections
 
OAuth 2 at Webvisions
OAuth 2 at WebvisionsOAuth 2 at Webvisions
OAuth 2 at Webvisions
 
Application and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental EditionApplication and Website Security -- Fundamental Edition
Application and Website Security -- Fundamental Edition
 
Application security 101
Application security 101Application security 101
Application security 101
 
Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"Web Application Security and Release of "WhiteHat Arsenal"
Web Application Security and Release of "WhiteHat Arsenal"
 
Pentesting RESTful webservices
Pentesting RESTful webservicesPentesting RESTful webservices
Pentesting RESTful webservices
 
Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101Web Hacking With Burp Suite 101
Web Hacking With Burp Suite 101
 
Http Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacksHttp Parameter Pollution, a new category of web attacks
Http Parameter Pollution, a new category of web attacks
 
Everybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs tooEverybody loves html5,h4ck3rs too
Everybody loves html5,h4ck3rs too
 
Better watch your apps - MJ Keith
Better watch your apps - MJ KeithBetter watch your apps - MJ Keith
Better watch your apps - MJ Keith
 
S8-Session Managment
S8-Session ManagmentS8-Session Managment
S8-Session Managment
 
Web Exploitation Security
Web Exploitation SecurityWeb Exploitation Security
Web Exploitation Security
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Web API Security
Web API SecurityWeb API Security
Web API Security
 
Php manish
Php manishPhp manish
Php manish
 

Viewers also liked

Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchLancope, Inc.
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefLancope, Inc.
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)Lancope, Inc.
 
StackOverflow
StackOverflowStackOverflow
StackOverflowSusam Pal
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointLancope, Inc.
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware Lancope, Inc.
 
Cisco Threat Defense (Cisco Stealthwatch)
Cisco Threat Defense (Cisco Stealthwatch)Cisco Threat Defense (Cisco Stealthwatch)
Cisco Threat Defense (Cisco Stealthwatch)Cisco Russia
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is HereLancope, Inc.
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowLancope, Inc.
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Lancope, Inc.
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Informationjenkoon
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
RSA NetWitness Log Decoder
RSA NetWitness Log DecoderRSA NetWitness Log Decoder
RSA NetWitness Log DecoderSusam Pal
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider ThreatLancope, Inc.
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTLee Wei Yeong
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlowLancope, Inc.
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! Prathan Phongthiproek
 

Viewers also liked (20)

Detecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatchDetecting Threats: A Look at the Verizon DBIR and StealthWatch
Detecting Threats: A Look at the Verizon DBIR and StealthWatch
 
SCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber GriefSCADA Security: The Five Stages of Cyber Grief
SCADA Security: The Five Stages of Cyber Grief
 
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)So You Want a Threat Intelligence Function (But Were Afraid to Ask)
So You Want a Threat Intelligence Function (But Were Afraid to Ask)
 
StackOverflow
StackOverflowStackOverflow
StackOverflow
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Extending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the EndpointExtending Network Visibility: Down to the Endpoint
Extending Network Visibility: Down to the Endpoint
 
StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware StealthWatch & Point-of-Sale (POS) Malware
StealthWatch & Point-of-Sale (POS) Malware
 
Cisco Threat Defense (Cisco Stealthwatch)
Cisco Threat Defense (Cisco Stealthwatch)Cisco Threat Defense (Cisco Stealthwatch)
Cisco Threat Defense (Cisco Stealthwatch)
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
The Internet of Everything is Here
The Internet of Everything is HereThe Internet of Everything is Here
The Internet of Everything is Here
 
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlowCisco CSIRT Case Study: Forensic Investigations with NetFlow
Cisco CSIRT Case Study: Forensic Investigations with NetFlow
 
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
Intelligent Segmentation: Protecting the Enterprise with StealthWatch, Cisco ...
 
DDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & InformationDDos Attacks and Web Threats: How to Protect Your Site & Information
DDos Attacks and Web Threats: How to Protect Your Site & Information
 
Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside Out
 
RSA NetWitness Log Decoder
RSA NetWitness Log DecoderRSA NetWitness Log Decoder
RSA NetWitness Log Decoder
 
Fire Eye Appliance Quick Start
Fire Eye Appliance Quick StartFire Eye Appliance Quick Start
Fire Eye Appliance Quick Start
 
5 Signs you have an Insider Threat
5 Signs you have an Insider Threat5 Signs you have an Insider Threat
5 Signs you have an Insider Threat
 
RSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APTRSA: Security Analytics Architecture for APT
RSA: Security Analytics Architecture for APT
 
Network Security and Visibility through NetFlow
Network Security and Visibility through NetFlowNetwork Security and Visibility through NetFlow
Network Security and Visibility through NetFlow
 
OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure! OWASP Day - OWASP Day - Lets secure!
OWASP Day - OWASP Day - Lets secure!
 

Similar to Top 10 Security Vulnerabilities (2006)

04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009ClubHack
 
Web application attacks
Web application attacksWeb application attacks
Web application attackshruth
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalRich Helton
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Php vulnerability presentation
Php vulnerability presentationPhp vulnerability presentation
Php vulnerability presentationSqa Enthusiast
 
Beyond OWASP Top 10 - TASK October 2017
Beyond OWASP Top 10 - TASK October 2017Beyond OWASP Top 10 - TASK October 2017
Beyond OWASP Top 10 - TASK October 2017Aaron Hnatiw
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 

Similar to Top 10 Security Vulnerabilities (2006) (20)

04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
 
Secure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web ApplicationsSecure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web Applications
 
Romulus OWASP
Romulus OWASPRomulus OWASP
Romulus OWASP
 
Web application attacks
Web application attacksWeb application attacks
Web application attacks
 
API SECURITY
API SECURITYAPI SECURITY
API SECURITY
 
C#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 FinalC#Web Sec Oct27 2010 Final
C#Web Sec Oct27 2010 Final
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
Application Security
Application SecurityApplication Security
Application Security
 
Php vulnerability presentation
Php vulnerability presentationPhp vulnerability presentation
Php vulnerability presentation
 
Attques web
Attques webAttques web
Attques web
 
Beyond OWASP Top 10 - TASK October 2017
Beyond OWASP Top 10 - TASK October 2017Beyond OWASP Top 10 - TASK October 2017
Beyond OWASP Top 10 - TASK October 2017
 
Lets Make our Web Applications Secure
Lets Make our Web Applications SecureLets Make our Web Applications Secure
Lets Make our Web Applications Secure
 
Secure Coding
Secure Coding Secure Coding
Secure Coding
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Web Security
Web SecurityWeb Security
Web Security
 

Recently uploaded

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Enterprise Knowledge
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentationphoebematthew05
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationSlibray Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 3652toLead Limited
 

Recently uploaded (20)

Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024Designing IA for AI - Information Architecture Conference 2024
Designing IA for AI - Information Architecture Conference 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
costume and set research powerpoint presentation
costume and set research powerpoint presentationcostume and set research powerpoint presentation
costume and set research powerpoint presentation
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Panjabi Bagh 🔝 9953056974 🔝 Delhi escort Service
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Connect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck PresentationConnect Wave/ connectwave Pitch Deck Presentation
Connect Wave/ connectwave Pitch Deck Presentation
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365Ensuring Technical Readiness For Copilot in Microsoft 365
Ensuring Technical Readiness For Copilot in Microsoft 365
 

Top 10 Security Vulnerabilities (2006)

  • 1. Top 10 Security Vulnerabilities Susam Pal Based on OWASP Top Ten Project (2006) http://www.owasp.org/index.php/OWASP_Top_Ten_Project Content is available under Creative Commons Attribution-ShareAlike 2.5 License
  • 2. Agenda  Unvalidated Input  Broken Access Control  Broken Authentication  Cross Site Scripting  Buffer Overflows  Injection Flaws  Improper Error Handling  Insecure Storage  Denial of Service  Insecure Configuration
  • 3. Unvalidated Input All input is evil …. .... until proven otherwise. Types of Input:  HTTP Requests  Commands  Network packets (TCP/IP, UDP, etc.)
  • 4. Unvalidated Input Common Input Tampering Attacks:  Forced Browsing  Command Insertion  Cross Site Scripting  Buffer Overflows  SQL Injection  Hidden Field Manipulation
  • 5. Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Web Root: C:Inetpubwwwroot Unsafe Procedure: map [URL] to [path of the resource] on the hard disk; if [path of the resource] starts with [C:Inetpubwwwroot] then allow access; else deny access;
  • 6. Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Exploit: http://www.example.com/../../windows/system32/cmd.exe URL Mapped to Resource on Hard Disk: C:Inetpubwwwroot....windowssystem32cmd.exe What IIS/PWS forgot to check: C:Inetpubwwwroot....windowssystem32cmd.exe = C:Inetpub..windowssystem32cmd.exe = C:windowssystem32cmd.exe
  • 7. Unvalidated Input Microsoft IIS and PWS Extended Unicode Directory Traversal Vulnerability (BID 1806) Safe Procedure: map [URL] to [path of the resource] on the hard disk; canonicalize [path of the resource]; if [path of the resource] starts with [C:Inetpubwwwroot] then allow access; else deny access; Reference: http://www.securityfocus.com/bid/1806
  • 8. Unvalidated Input Prevention:  Canonicalization: Input should be converted to the simplest form before they are validated.  Server Side Validation: It is must. First code Server Side Validation, then code Client Side Validation.  Validate against a positive (not negative) specification.  Detailed code review for tainted parameters.
  • 9. Broken Access Control Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. Features:  Access control is closely associated with the content and functions of the application.  Users are generally managed by putting them under various groups/roles with various priveleges.
  • 10. Broken Access Control Common Mistakes:  Administrative interfaces that allow site administrators to manage a site over the Internet.  Insertion of access control rules in various locations all over the code on an ad hoc basis. Common Attacks:  Exploiting Insecure Id’s  Forced Browsing Past Access Control Checks  Path traversals  Exploiting browser cache
  • 11. Broken Access Control How to disable Browser Cache: HTML <meta> Tag <meta http-equiv="Pragma" content="no-cache"> <meta http-equiv="Expires" content="-1"> <meta http-equiv="Cache-control" content="no-cache"> <meta http-equiv="Cache" content="no-cache"> <meta http-equiv="Expires" content="thu, 01 Jan 1980 12:00:00 GMT"> ASP <% Response.AddHeader "Pragma", "no-cache" %> <% Response.Expires = -1 %> <% Response.CacheControl="private" %> <% Response.CacheControl = "no-cache" %> <% Response.CacheControl = "no-store" %>
  • 12. Broken Access Control How to disable Browser Cache: JSP <% response.setHeader("Pragma","no-cache"); %> <% response.setHeader("Cache-Control","no-cache"); %> <% response.setDateHeader ("Expires", 0); %> <% response.setHeader("Cache-Control","no-store"); %> PHP <?php Header("Pragma: no-cache"); Header("Cache-control: private, no-cache, no-store"); Header("Expires: Mon, 26 Jul 1997 05:00:00 GMT"); ?>
  • 13. Broken Authentication Types of Authentication:  User ID and Password  Software & Hardware based cryptographic tokens  Biometrics Session Management:  Web applications must establish sessions to keep track of the stream of requests from each user.  HTTP doesn’t provide this capability, so web applications must create it themselves.  Generally developers create session tokens to manage sessions.
  • 14. Broken Authentication Common Attacks:  “Walk by” Attacks  Session Hijacking Prevention:  Re-authentication for critical functionalities.  Use of SSL to protect authentication credentials and session identifiers.  Code review and penetration testing  POST method to submit authentication & session data.  Use autocomplete=“off” with <form> and <input> tags.  Avoid implicit trust between components.
  • 15. Cross Site Scripting XSS occurs when an attacker uses a web application to send malicious code, generally in the form of a script, to a different end user. Types of XSS attacks:  Stored - Injected code is permanently stored on the target servers, such as in a database, forum, visitor log, comment field, etc.  Reflected – Injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request.
  • 16. Cross Site Scripting Common Attacks:  Annoyance to the end user.  Redirecting the user to some other page or site  Disclosure of the user’s session cookie.  Session hijacking. Prevention:  Code review of all places where input from an HTTP request could possibly make its way into the HTML output.  Validate all headers, cookies, query strings, form fields and all such inputs against a rigorous positive specification.
  • 17. Cross Site Scripting Community Architect Guestbook XSS (SA19742) When the attacker is in a good mood:
  • 18. Cross Site Scripting Community Architect Guestbook XSS (SA19742) Where the input goes:
  • 19. Cross Site Scripting Community Architect Guestbook XSS (SA19742) The Output:
  • 20. Cross Site Scripting Community Architect Guestbook XSS (SA19742) If the attacker attacks:
  • 21. Cross Site Scripting Community Architect Guestbook XSS (SA19742) Where the input goes:
  • 22. Cross Site Scripting Community Architect Guestbook XSS (SA19742) The Output: Reference: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2003
  • 23. Cross Site Scripting Potential Harmful Tags: <script> <object> <embed> <applet> <form> Decision to be taken for XSS prevention:  Whether tags should appear in the output as a tags.  Whether tags should not appear in the output at all.  Whether text formatting is to be allowed.
  • 24. Cross Site Scripting If tags should appear in the output. Convert special characters to HTML entities
  • 25. Cross Site Scripting If tags should appear in the output. Convert special characters to HTML entities: Special Character HTML Entity < &lt; > &rt; “ &quot; & &amp; ( &#40; ) &#41; # &#35;
  • 26. Cross Site Scripting If tags should not appear in the output. Filter out all tags
  • 27. Cross Site Scripting If text formatting should be allowed Allow necessary tags only.
  • 28. Cross Site Scripting If text formatting should be allowed. Tags that can be allowed: <p> <b> <u> <i> <strike> <h1>, <h2>, <h3>, <h4>, <h5>, <h6>
  • 29. Buffer Overflows Attackers use buffer overflows to corrupt the execution stack of an application. Buffer overflows are easy to avoid, difficult to discover and extremely difficult to exploit. Types of Attacks:  Attackers send carefully crafted input to a web application, an attacker can cause the application to execute arbitrary code.  When difficult to exploit, the attackers can crash the application thereby leading to DoS (Denial of Service).
  • 30. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte Return Address indicates what ESP is pointing to indicates what EBP is pointing to
  • 31. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte buffer[3] buffer[2] buffer[1] buffer[0] Return Address indicates what ESP is pointing to indicates what EBP is pointing to
  • 32. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Hi!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte ‘0’ ‘!’ ‘i’ ‘H’ Return Address indicates what ESP is pointing to indicates what EBP is pointing to
  • 33. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str – 4th Byte *str – 3rd Byte *str – 2nd Byte *str – 1st Byte EIP – 4th Byte EIP – 3rd Byte EIP – 2nd Byte EIP – 1st Byte EBP – 4th Byte EBP – 3rd Byte EBP – 2nd Byte EBP – 1st Byte buffer[3] buffer[2] buffer[1] buffer[0] Return Address indicates what ESP is pointing to indicates what EBP is pointing to
  • 34. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str – 4th byte *str – 3rd byte 0 ! g n i n r o M d o o G Return Address indicates what ESP is pointing to indicates what EBP is pointing to
  • 35. #include <string.h> void function(char *str) { char buffer[4]; strcpy(buffer, str); } main() { char string[]="Good Morning!"; function(string); } Buffer Overflows *str - 4th byte *str - 3rd byte 0 00H ! 21H g 67H n 6EH i 69H n 6EH r 72H o 6FH M 4DH 20H d 64H o 6FH o 6FH G 47H Return Address Returns to offset 676E696EH indicates what ESP is pointing to indicates what EBP is pointing to
  • 36. Buffer Overflows Major Attacks: Code Red Virus Attacked a buffer overflow weakness in the Microsoft IIS Server API on July 19, 2001. Damage: $2.6 billion Sasser Worm Attacked the Microsoft LSAS buffer overflow vulnerability on April 30, 2004. Damage: $3.5 billion
  • 37. Buffer Overflows Prevention:  C Programmers now refrain from using strcpy(), strcat() in their programs. They use strncpy(), strncat() instead which perform bound checking. Never use gets().  Programmers now write their applications in languages like Java, Visual Basic which has better stack and memory management features.  Sun Microsystems is trying to make their Sparc processor immune to stack overflow attack by introducing new feature to protect the return address during a subroutine call.
  • 38. Injection Flaws Injection flaw lets you inject executable code at places where it is not allowed in a secure system which might lead to execution of the code and compromise of the system. Common Attacks:  Relay malicious through a web application to another system.  Calls to operating system via system calls.  Use of external programs via shell commands.  Calls to backend databases via SQL.  Complete script injection into web applications.
  • 39. Injection Flaws SQL Injection:  SQL injection is particularly widespread and dangerous form of injection.  SQL Injection is possible if the value of any parameter is used in SQL queries and the parameter is not sanitised properly.  The attacker can retrieve, modify, corrupt or destroy database contents.
  • 40. Injection Flaws Bloggage SQL Injection: SELECT <some_column> FROM <some_table> WHERE Account_Name = '<user>' AND Password ='<password>' SELECT <some_column> FROM <some_table> WHERE Account_Name ='blackhathacker'' AND Password =''
  • 41. Injection Flaws Bloggage SQL Injection: SELECT <some_column> FROM <some_table> WHERE Account_Name = '<user>' AND Password ='<password>' SELECT <some_column> FROM <some_table> WHERE Account_Name = 'blackhathacker' AND Password = 'a' OR 'a' = 'a' (Always a true condition) Account Name: blackhathacker Password: a' OR 'a' = 'a
  • 43. Injection Flaws Prevention:  Avoid accessing external interpreters wherever possible.  For calls to backend databases, carefully validate the data provided to ensure that it does not contain any malicious content.  Structure requests in a manner that ensures that all supplied parameters are treated as data, rather than potentially executable content.  Convert special characters to the correct form.  Run the application with minimum priveleges required.
  • 44. Improper Error Handling Improper handling of errors can introduce a variety of security problems. Common Problems:  Inconsistencies in error messages which can reveal important clues on how the system works.  Stack traces, database dumps and error codes are displayed on error.  Syntax errors are displayed along with portions of the codes.
  • 45. Improper Error Handling A Bad Error Message
  • 46. Improper Error Handling An Ideal Error Message
  • 47. Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) A valid page: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 Trial 1: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828' Error: Unclosed quotation mark before the character string ' and mncpage.mnccategoryid = mnccategory.mnccategoryid'. Conclusion: Direct SQL Injection is possible. There are 2 tables, 'mncpage' and 'mnccategory'. Both of them have a column called 'mnccategoryid'.
  • 48. Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 2: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 1-- http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 2-- http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 3-- No error
  • 49. Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 3: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 order by 4-- Error: The ORDER BY position number 4 is out of range of the number of items in the select list. Conclusion: The table being used by the query selects 3 columns and one of them is an integer.
  • 50. Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 4: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 union select 'varchar1', 'varchar2', 'varchar3' from mncpage -- Error: Syntax error converting the varchar value 'varchar1' to a column of data type int. Conclusion: The 1st column in the select query is an integer.
  • 51. Improper Error Handling IncredibleIndia.org SQL Injection (WHID 2006-27) Trial 5: http://www.incredibleindia.org/newsite/cms_Page.asp?PageID=828 union select mnccategoryid, 'varchar2', 'varchar3' from mncpage-- No Error Conclusion: The column 'mnccategory' is of integer type. Reference: http://www.webappsec.org/projects/whid/list_id_2006-27.shtml
  • 52. Insecure Storage Most applications need to store sensitive information, either in a database or on a file system. Types of Sensitive Information:  Passwords  Credit Card Numbers  Account Records  Proprietary Information
  • 53. Insecure Storage Common Mistakes:  Failure to encrypt critical data  Insecure storage of keys and passwords  Improper storage of secrets in memory  Poor sources of randomness  Poor choice of algorithm  Attempting to invent a new encryption algorithm Types of Attacks:  Examining tokens, session IDs, cookies, etc. to see if they are obviously not random.  Finding cryptographic flaws.
  • 54. Insecure Storage Prevention:  Minimize encryption. Use it to keep information that is absolutely necessary.  Instead of storing encrypted passwords, use a one-way function, such as a SHA-1, to has the passwords  If cryptography must be done, choose a library that has been exposed to public scrutiny and makes sure that there are no open vulnerabilities.  Clear the clear-text sensitive information from the memory as soon as possible.
  • 55. Denial of Service Denial of Service (DoS) attack is an attempt to make a computer service unavailable to its intended users. Common Attacks:  Consume bandwidth, database connections, disk storage, CPU, memory, threads, or application specific resources.  Locking out a legitimate user by sending invalid credentials until the system locks out the account.  Exploiting buffer overflows & injection flaws to inject code/commands to shut down or stall importand service.
  • 56. Denial of Service 0verkill recv_packet() UDP Handling Overflow DoS The vulnerability was an integer underflow error in a Linux based gaming daemon called 0verkill. It could be exploited to launch DoS attacks by sending UDP packets of size less than 12 bytes to the 0verkill daemon. Prevention: Load balancing makes these attacks more difficult. Analyse each resource and check if there is a way to exhaust it. Limit resources to any user to bare minimum. Check error handling scheme and ensure that an error can not affect the overall operation of the system.
  • 57. Insecure Configuration Insecure configuration of a system can itself be a potential vulnerability. Common Configuration Problems: Unpatched security flaws in a software. Server software flaws or misconfigurations that permit directory listing and directory traversal attacks Improper file and directory permissions Unnecessary services enabled Default accounts with default passwords Administrative or debugging functions that are enabled Improper authentication with external systems
  • 58. Insecure Configuration Apache URL Validation Vulnerability (BID 19447) # Sample Safe Configuration for Unix/Linux DocumentRoot "/home/webmaster/site/docroot/" ScriptAlias /cgi-bin/ "/home/webmaster/site/docroot/cgi-bin" # Sample Unsafe Configuration for Windows DocumentRoot "C:/webmaster/site/docroot" ScriptAlias /cgi-bin/ "C:/webmaster/site/docroot/cgi-bin/" Accessing a script in the cgi-bin directory: http://www.example.com/cgi-bin/somescript Exploit: http://www.example.com/CGI-BIN/somescript
  • 59. Insecure Configuration Apache URL Validation Vulnerability (BID 19447) # Sample Safe Configuration for Windows DocumentRoot "C:/webmaster/site/docroot" ScriptAlias /cgi-bin/ "C:/webmaster/site/cgi-bin/" Accessing a script in the cgi-bin directory: http://www.example.com/cgi-bin/somescript Exploit URL is now invalid: http://www.example.com/CGI-BIN/somescript Reference: http://www.securityfocus.com/bid/19447
  • 60. Insecure Configuration Prevention:  Configure all security mechanisms  Turn off all unused services  Set up roles, permissions and accounts  Disable all default accounts or change their passwords  Enable logging and alerts  Monitor the latest security vulnerabilities published  Apply the latest security patches  Update the security configuration guidelines  Scan for vulnerabilities with a vulnerability scanner regulary