Application security overview

441 views

Published on

  • Be the first to comment

  • Be the first to like this

Application security overview

  1. 1. Application Security Dilan Warnakulasooriya Asanka Fernandopulle Information Security Engineer Senior Software Engineer 99X Technology 99X Technology1/1/2013 99X Technology(c) 1
  2. 2. Basics of Application Security • HTTP and HTTPS • Symmetric key • Asymmetric key • Session key • Analyzing a certificate • Sniffing HTTP and HTTPS • Calomel plugin1/1/2013 99X Technology(c) 2
  3. 3. Basics of Application Security • Man in the middle • Analyzing browser requests • Analyzing server response • https communication • https and s-http1/1/2013 99X Technology(c) 3
  4. 4. Basics of Application Security • What OWASP does • Builders , Breakers and Defenders1/1/2013 99X Technology(c) 4
  5. 5. Web Application penetration testing • Basic web testing methodology • Vulnerability, Threat and Exploit • Developer level application security overview - Asanka1/1/2013 99X Technology(c) 5
  6. 6. Web Application penetration testing • Application Security frameworks • Before development begins • During definition and design • During development • During deployment • Maintenance and operations1/1/2013 99X Technology(c) 6
  7. 7. Web Application penetration testing • Web application security review frameworks • Samurai WTF • Websecurify • Wapiti • Skiffish • Acunetix • Webscarab • W3af1/1/2013 99X Technology(c) 7
  8. 8. Secure Authentication • Authentication/Access control methods1/1/2013 99X Technology(c) 8
  9. 9. Secure Authentication • Authentication bypass techniques • Direct page request • Parameter modification • Session ID prediction • Sql injection Session predictability - webscarab/burpsuite1/1/2013 99X Technology(c) 9
  10. 10. Secure Authentication • Bypass authentication matrix • Basic authentication • Multi-Level login 1 • Multi-Level login 21/1/2013 99X Technology(c) 10
  11. 11. Secure Authentication • Password remember • Password strength • Forgot password • Browser cache management1/1/2013 99X Technology(c) 11
  12. 12. Secure Authentication • Parameter tampering • Bypass HTML Field restrictions • Exploit hidden fields • Bypass client side JavaScript validation • Coding controls for Parameter Tampering1/1/2013 99X Technology(c) 12
  13. 13. Secure Authentication • Access control flaws • Using an Access control matrix • Bypass a path based access control scheme • Bypass data layer access control1/1/2013 99X Technology(c) 13
  14. 14. Injections • SQL injection classes • In band • Out of band • Inferential1/1/2013 99X Technology(c) 14
  15. 15. Injections • Techniques to exploit sql injections • Union operator • Boolean • Error based • Out of band • Time delay1/1/2013 99X Technology(c) 15
  16. 16. Injections • Standard SQL injection testing • SELECT * FROM Users WHERE Username=$username AND Password=$password • Numeric sql injection1/1/2013 99X Technology(c) 16
  17. 17. Injections • Union Exploitation technique • Xpath injection • String sql injection1/1/2013 99X Technology(c) 17
  18. 18. Injections • Boolean Exploitation technique • Sql injection : stage 1 : String sql injection • Stage 3 : Numeric sql injection1/1/2013 99X Technology(c) 18
  19. 19. Injections • Error based Exploitation technique • Modify data with sql injection • Add data with sql injection1/1/2013 99X Technology(c) 19
  20. 20. Injections • Out of band Exploitation technique1/1/2013 99X Technology(c) 20
  21. 21. Injections • Time delay Exploitation technique • Stored procedure Exploitation technique • Automated Exploitation technique1/1/2013 99X Technology(c) 21
  22. 22. Injections • How developers work on SQL injection • Automate your injection • sqlmap1/1/2013 99X Technology(c) 22
  23. 23. Session Management • Session management techniques • Session management vulnerability • insufficient session id length • Session fixation • Session variable overloading1/1/2013 99X Technology(c) 23
  24. 24. Session Management • Check your cookies • Cookie collection • Cookie reverse engineering • Cookie manipulation • Hijack a session • Hijack a session • Spoof an authentication cookie • Session fixation1/1/2013 99X Technology(c) 24
  25. 25. Session Management • How developers work on session handling1/1/2013 99X Technology(c) 25
  26. 26. Code Quality • Code quality breach • Discover clues in the HTML1/1/2013 99X Technology(c) 26
  27. 27. Cross Site Scripting • Scripting types • Reflected cross site scripting (non-persistent XSS) • Stored cross site scripting (second-order XSS) • DOM based cross site scripting (type 0 xss)1/1/2013 99X Technology(c) 27
  28. 28. Cross Site Scripting • Reflected cross site scripting (non-persistent XSS) • Testing for reflected XSS • Reflected xss1/1/2013 99X Technology(c) 28
  29. 29. Cross Site Scripting • Bypass XSS filters • Tag Attribute Value • Different syntax or enconding • Bypassing non-recursive filtering1/1/2013 99X Technology(c) 29
  30. 30. Cross Site Scripting • Stored cross site scripting (second-order XSS) • XSS attack scenario • Stored XSS1/1/2013 99X Technology(c) 30
  31. 31. Cross Site Scripting • Testing for Stored cross site scripting • Input forms • Analyze HTML code • Exploitation framework • File upload1/1/2013 99X Technology(c) 31
  32. 32. Cross Site Scripting • How developer handle XSS and CSRF1/1/2013 99X Technology(c) 32
  33. 33. Testing Tools • Proxy • How to write secure programs1/1/2013 99X Technology(c) 33
  34. 34. Thank you1/1/2013 99X Technology(c) 34

×