SlideShare a Scribd company logo

MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter Wong

Download as PPTX, PDF
Quek Lilian
Quek Lilian

A live hacking session demonstrating the different tools and techniques used by hackers and an in-depth understanding of the problems of insecure application and the solutions to solve the vulnerability.

Technology
1 of 36
Lap Around Web Application Vulnerabilities Walter Wong MVP – Visual Developer (Security) walter_wws@hotmail.com http://spaces.live.com/walterwws
Top 10 Web Application vulnerabilities in 2007 1 • Cross-site Scripting (XSS) 2 • Injection Flaws 3 • Malicious File Execution 4 • Insecure Direct Object Reference 5 • Cross Site Request Forgery 6 • Information Leakage and Improper Error Handling 7 • Broken Authentication and Session Management 8 • Insecure Cryptographic Storage 9 • Insecure Communications 10 • Failure to Restrict URL Access Source: http://www.owasp.org/index.php/top_10_2007
Agenda The foundation of attack Advance attack techniques Obfuscation Automated Testing
Foundation of attack Application attack also known as “layer 7 attack” Program is just a set of instruction. Developer is the key protector All input is evil (Writing Secure Code by Michael Howard and David LeBlanc)
SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
SQL Injection Build SQL statement using string concatenation Attacker change the semantics of SQL query Developer prefer string concatenation because is easy but they also known the safer method but requires more thought
Scenario #1 Attacker submit specially crafted input when performing search
SQL Injection
http://www.lowyat.net Date : 12 June 2008
SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
Cross-site Scripting (XSS) How it works? 1. Take input from user 2. Fails to validate input 3. Echoes input directly to web page 4. Done!
Scenario #2 When developer using <%# DataBinder.Eval(Container.DataItem, “Column1”) %> to bind data in Datalist.
Cross-Site Scripting (XSS)
SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
Path Traversal Access files that application not intend to access To read any files in the system Using “dot-dot-slash” to backtrack the folder Example: http://app.com/GetImage.aspx?file=....windowsrepairsam
Scenario #3 To prevent “Resource cannot be found”, developer create a page to check whether the picture file it exist or not. If doesn’t exist it will show the generic image.
Path Traversal
Advance Technique Utilizing the basic attack techniques Able to unveil a lot of privacy information of servers Example: WMI Attack Host File Hijacking
WMI Attack WMI = Windows Management Instrumentation WMI is a essential tools for IT Administrator to manage the servers and workstations Damages: Retrieve server’s information Remotely uninstall application
Scenario #4 Attack retrieve the software installed in web server and uninstall the software.
WMI Attack
Host File Hijacking Windows rely on DNS and Host file to resolve the target IP address Host file location : %windir%system32driversetchosts Damages: Corrupt the host file so it can redirect the data to malicious server
Scenario #5 Attacker redirect the traffic for www.abc.com to different IP address. Imagine a antivirus application refer the wrong IP address to download the latest signature file.
Host File Hijacking
Obfuscation The default .Net assembly format allow developer to disassemble and decompile. Obfuscate is a process to rebuilds the .Net assembly into a new format that is impossible to dissemble, decompile and difficult to understand. Prevent competitors and hackers from getting your source code.
Scenario #6 Attacker download the .Net assembly through Path Traversal attack. He successfully dissemble and decompile the assembly. Attacker now able to view all the logic behind the source code.
Obfuscator
Automated Testing Develop your own testing tools Automate your testing process Visual Studio Tester Edition have a capability to do automated testing
The Dark Side…… Brutal Force attack are using the same technique It is a common attack to “try” out password To prevent such attack, identify the source. MAC Address IP Address Login username
Scenario #7 Develop a simple application to automate the brutal force attack on wireless router.
Automate the task
Steps to Defense Against Attackers Validate both client-side and server-side input Duplicated the validation functions in both client-side and server side NO SQL Injection – use Parameter class in .Net NO XSS – Validate Input, Validate Output (VIVO) Obfuscate your code TODAY! Be innovative and creative in testing
Walter_wws@hotmail.com
Resources Visit My Blog at http://spaces.live.com/walterwws
Resources Visit My Pagecast at http://www.pageflakes.com/walterw
© 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Recommended

BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NET
Mikhail Shcherbakov
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
Shawn Gorrell
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
IMMUNIO
 

Recommended

BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYANBEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
BEST PRACTICES OF WEB APPLICATION SECURITY By SAMVEL GEVORGYAN
Samvel Gevorgyan
 
Web application Security tools
Web application Security toolsWeb application Security tools
Web application Security tools
Nico Penaredondo
 
Practice of AppSec .NET
Practice of AppSec .NETPractice of AppSec .NET
Practice of AppSec .NET
Mikhail Shcherbakov
 
.NET Security Topics
.NET Security Topics.NET Security Topics
.NET Security Topics
Shawn Gorrell
 
Browser Exploit Framework
Browser Exploit FrameworkBrowser Exploit Framework
Browser Exploit Framework
n|u - The Open Security Community
 
Flashack
FlashackFlashack
Flashack
n|u - The Open Security Community
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
Nahidul Kibria
 
State of Web Security RailsConf 2016
State of Web Security RailsConf 2016State of Web Security RailsConf 2016
State of Web Security RailsConf 2016
IMMUNIO
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
Raghunath G
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
Vishal Kumar
 
Web Security: A Primer for Developers
Web Security: A Primer for DevelopersWeb Security: A Primer for Developers
Web Security: A Primer for Developers
Mike North
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
karthik menon
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
Information Technology
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
IMMUNIO
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
IMMUNIO
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
n|u - The Open Security Community
 
Widespread security flaws in web application development 2015
Widespread security flaws in web application development 2015Widespread security flaws in web application development 2015
Widespread security flaws in web application development 2015
mahchiev
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
Samvel Gevorgyan
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
Rashid Khatmey
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
Yassine Aboukir
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
Sorina Chirilă
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Anant Shrivastava
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
drewz lin
 
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedHacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques Used
Siddharth Bhattacharya
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 
Help AG spot light - social engineering
Help AG spot light - social engineeringHelp AG spot light - social engineering
Help AG spot light - social engineering
Michael Hendrickx
 
4.Xss
4.Xss4.Xss
4.Xss
phanleson
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
Alan Kan
 

More Related Content

What's hot

Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
Raghunath G
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
HackerOne
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
drewz lin
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
Nikola Milosevic
 

What's hot (20)

Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
Owasp top 10 security threats
Owasp top 10 security threatsOwasp top 10 security threats
Owasp top 10 security threats
 
Web Security: A Primer for Developers
Web Security: A Primer for DevelopersWeb Security: A Primer for Developers
Web Security: A Primer for Developers
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
Web Hacking
Web HackingWeb Hacking
Web Hacking
 
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching VulnerabilitiesRailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
RailsConf 2015 - Metasecurity: Beyond Patching Vulnerabilities
 
GoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from withinGoSec 2015 - Protecting the web from within
GoSec 2015 - Protecting the web from within
 
OWASP Top 10 - 2017
OWASP Top 10 - 2017OWASP Top 10 - 2017
OWASP Top 10 - 2017
 
Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014 Secuirty News Bytes-Bangalore may 2014
Secuirty News Bytes-Bangalore may 2014
 
Widespread security flaws in web application development 2015
Widespread security flaws in web application development 2015Widespread security flaws in web application development 2015
Widespread security flaws in web application development 2015
 
Content Management System Security
Content Management System SecurityContent Management System Security
Content Management System Security
 
3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed3. backup file artifacts - mazin ahmed
3. backup file artifacts - mazin ahmed
 
Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?Hacking WebApps for fun and profit : how to approach a target?
Hacking WebApps for fun and profit : how to approach a target?
 
A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013 A5-Security misconfiguration-OWASP 2013
A5-Security misconfiguration-OWASP 2013
 
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known VulnerabilitiesUnderstanding The Known: OWASP A9 Using Components With Known Vulnerabilities
Understanding The Known: OWASP A9 Using Components With Known Vulnerabilities
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Csrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equalCsrf not-all-defenses-are-created-equal
Csrf not-all-defenses-are-created-equal
 
Hacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques UsedHacking A Web Site And Secure Web Server Techniques Used
Hacking A Web Site And Secure Web Server Techniques Used
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 
Help AG spot light - social engineering
Help AG spot light - social engineeringHelp AG spot light - social engineering
Help AG spot light - social engineering
 

Similar to MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter Wong

Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
Jeremiah Grossman
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
Marco Morana
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok Chern
Quek Lilian
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
IBM Security
 

Similar to MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter Wong (20)

4.Xss
4.Xss4.Xss
4.Xss
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security Testing
 
Web Application Vulnerabilities
Web Application VulnerabilitiesWeb Application Vulnerabilities
Web Application Vulnerabilities
 
Rich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safeRich Web App Security - Keeping your application safe
Rich Web App Security - Keeping your application safe
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
Jan 2008 Allup
Jan 2008 AllupJan 2008 Allup
Jan 2008 Allup
 
Web & Cloud Security in the real world
Web & Cloud Security in the real worldWeb & Cloud Security in the real world
Web & Cloud Security in the real world
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 seba
 
T04505103106
T04505103106T04505103106
T04505103106
 
OWASP App Sec US - 2010
OWASP App Sec US - 2010OWASP App Sec US - 2010
OWASP App Sec US - 2010
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Problems with parameters b sides-msp
Problems with parameters b sides-mspProblems with parameters b sides-msp
Problems with parameters b sides-msp
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
OWASPTop 10
OWASPTop 10OWASPTop 10
OWASPTop 10
 
Web Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok ChernWeb Vulnerabilities_NGAN Seok Chern
Web Vulnerabilities_NGAN Seok Chern
 
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
Avoiding Application Attacks: A Guide to Preventing the OWASP Top 10 from Hap...
 
Web Security
Web SecurityWeb Security
Web Security
 
OWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript DevelopersOWASP Portland - OWASP Top 10 For JavaScript Developers
OWASP Portland - OWASP Top 10 For JavaScript Developers
 
Secure coding guidelines
Secure coding guidelinesSecure coding guidelines
Secure coding guidelines
 

More from Quek Lilian

Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok Chiann
Quek Lilian
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP Padman
Quek Lilian
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP Padman
Quek Lilian
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP Shaminda
Quek Lilian
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath Perera
Quek Lilian
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul Amri
Quek Lilian
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP Fajar
Quek Lilian
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Quek Lilian
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez Gan
Quek Lilian
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
Quek Lilian
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)
Quek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
Quek Lilian
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
Quek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
Quek Lilian
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
Quek Lilian
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez Gan
Quek Lilian
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Quek Lilian
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Quek Lilian
 

More from Quek Lilian (20)

Sgug print copy pdf ll
Sgug print copy pdf llSgug print copy pdf ll
Sgug print copy pdf ll
 
Singapore MVP gazette
Singapore MVP gazetteSingapore MVP gazette
Singapore MVP gazette
 
Expression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok ChiannExpression studio overview_MVP Kok Chiann
Expression studio overview_MVP Kok Chiann
 
Installation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP PadmanInstallation and Adminstration of AD_MVP Padman
Installation and Adminstration of AD_MVP Padman
 
Exchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP PadmanExchange server 2010 overview_MVP Padman
Exchange server 2010 overview_MVP Padman
 
Installing managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP ShamindaInstalling managing windows server 2008 r2_MVP Shaminda
Installing managing windows server 2008 r2_MVP Shaminda
 
SharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath PereraSharePoint 2010 launch_MVP Sampath Perera
SharePoint 2010 launch_MVP Sampath Perera
 
NUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul AmriNUS exam 70-432_MVP Choirul Amri
NUS exam 70-432_MVP Choirul Amri
 
Windows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP FajarWindows server 2008 r2 and web platform_MVP Fajar
Windows server 2008 r2 and web platform_MVP Fajar
 
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
Express web development with visual studio 2010 express_MVP Ronald Rajagukguk
 
Windows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez GanWindows 7 For Students_MVP Jabez Gan
Windows 7 For Students_MVP Jabez Gan
 
Lkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & SanjayLkw Security Part 1_MVPs Azra & Sanjay
Lkw Security Part 1_MVPs Azra & Sanjay
 
Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)Sql2008 R2 Dw (Phua Chiu Kiang)
Sql2008 R2 Dw (Phua Chiu Kiang)
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Commercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev ChalermvongCommercial Launch Win7 Dev Chalermvong
Commercial Launch Win7 Dev Chalermvong
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Unveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy PradeepUnveiling Share Point 2010_MVP Joy Pradeep
Unveiling Share Point 2010_MVP Joy Pradeep
 
Introduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez GanIntroduction To Virtualization_MVP Jabez Gan
Introduction To Virtualization_MVP Jabez Gan
 
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok ChernVs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
Vs2010 Aspnet MSP Bootcamp_MVP Ngan Seok Chern
 
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath PereraWindows 2008 Active Directory Branch office Management_MVP Sampath Perera
Windows 2008 Active Directory Branch office Management_MVP Sampath Perera
 

Recently uploaded

Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
Safe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
UK Journal
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc
 

Recently uploaded (20)

Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 

MS Innovation Day: A Lap Around Web Application Vulnerabilities by MVP Walter Wong

  • 1. Lap Around Web Application Vulnerabilities Walter Wong MVP – Visual Developer (Security) walter_wws@hotmail.com http://spaces.live.com/walterwws
  • 2. Top 10 Web Application vulnerabilities in 2007 1 • Cross-site Scripting (XSS) 2 • Injection Flaws 3 • Malicious File Execution 4 • Insecure Direct Object Reference 5 • Cross Site Request Forgery 6 • Information Leakage and Improper Error Handling 7 • Broken Authentication and Session Management 8 • Insecure Cryptographic Storage 9 • Insecure Communications 10 • Failure to Restrict URL Access Source: http://www.owasp.org/index.php/top_10_2007
  • 3. Agenda The foundation of attack Advance attack techniques Obfuscation Automated Testing
  • 4. Foundation of attack Application attack also known as “layer 7 attack” Program is just a set of instruction. Developer is the key protector All input is evil (Writing Secure Code by Michael Howard and David LeBlanc)
  • 5. SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
  • 6. SQL Injection Build SQL statement using string concatenation Attacker change the semantics of SQL query Developer prefer string concatenation because is easy but they also known the safer method but requires more thought
  • 7. Scenario #1 Attacker submit specially crafted input when performing search
  • 10. SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
  • 11. Cross-site Scripting (XSS) How it works? 1. Take input from user 2. Fails to validate input 3. Echoes input directly to web page 4. Done!
  • 12. Scenario #2 When developer using <%# DataBinder.Eval(Container.DataItem, “Column1”) %> to bind data in Datalist.
  • 14. SQL Cross- Injection site Scripting Path Traversal 3 basic techniques
  • 15. Path Traversal Access files that application not intend to access To read any files in the system Using “dot-dot-slash” to backtrack the folder Example: http://app.com/GetImage.aspx?file=....windowsrepairsam
  • 16. Scenario #3 To prevent “Resource cannot be found”, developer create a page to check whether the picture file it exist or not. If doesn’t exist it will show the generic image.
  • 18. Advance Technique Utilizing the basic attack techniques Able to unveil a lot of privacy information of servers Example: WMI Attack Host File Hijacking
  • 19. WMI Attack WMI = Windows Management Instrumentation WMI is a essential tools for IT Administrator to manage the servers and workstations Damages: Retrieve server’s information Remotely uninstall application
  • 20. Scenario #4 Attack retrieve the software installed in web server and uninstall the software.
  • 22. Host File Hijacking Windows rely on DNS and Host file to resolve the target IP address Host file location : %windir%system32driversetchosts Damages: Corrupt the host file so it can redirect the data to malicious server
  • 23. Scenario #5 Attacker redirect the traffic for www.abc.com to different IP address. Imagine a antivirus application refer the wrong IP address to download the latest signature file.
  • 25. Obfuscation The default .Net assembly format allow developer to disassemble and decompile. Obfuscate is a process to rebuilds the .Net assembly into a new format that is impossible to dissemble, decompile and difficult to understand. Prevent competitors and hackers from getting your source code.
  • 26. Scenario #6 Attacker download the .Net assembly through Path Traversal attack. He successfully dissemble and decompile the assembly. Attacker now able to view all the logic behind the source code.
  • 28. Automated Testing Develop your own testing tools Automate your testing process Visual Studio Tester Edition have a capability to do automated testing
  • 29. The Dark Side…… Brutal Force attack are using the same technique It is a common attack to “try” out password To prevent such attack, identify the source. MAC Address IP Address Login username
  • 30. Scenario #7 Develop a simple application to automate the brutal force attack on wireless router.
  • 32. Steps to Defense Against Attackers Validate both client-side and server-side input Duplicated the validation functions in both client-side and server side NO SQL Injection – use Parameter class in .Net NO XSS – Validate Input, Validate Output (VIVO) Obfuscate your code TODAY! Be innovative and creative in testing
  • 34. Resources Visit My Blog at http://spaces.live.com/walterwws
  • 35. Resources Visit My Pagecast at http://www.pageflakes.com/walterw
  • 36. © 2008 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Editor's Notes

  1. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  2. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  3. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  4. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  5. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  6. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.
  7. If you would like to host your demo on the Virtual Server, please use the myVPC demo slide, not this slide.