Security Tech Talk


Published on

Describes the most common web vulnerabilities and solutions for the same

Published in: Education, Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Security Tech Talk

  1. 1. Web Security: Tech Talk Mallik March 20 th , 2009
  2. 2. Introduction <ul><li>Web applications are accessible openly on web there by making it more prone to hacking. </li></ul><ul><li>Web Developers are not well versed with security issues because of which the applications are prone to vulnerabilities. </li></ul><ul><li>Web applications run in the browser, any security loop hole in browser will lead to exploiting vulnerability in web application. </li></ul>
  3. 3. Where do security bugs hide ? Functional Bugs Security Bugs Design Implementation
  4. 4. Web Vulnerabilities <ul><li>XSS (Cross Site Scripting) Attack [44%] </li></ul><ul><li>SQL Injection [25%] </li></ul><ul><li>Input Validation [8%] </li></ul><ul><li>Remote File Inclusion [17%] </li></ul><ul><li>Cookie Theft [3%] </li></ul>
  5. 5. XSS (Cross Site Scripting) <ul><li>XSS : code injection by malicious web users into the web pages. </li></ul><ul><li>Non Persistent: These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. </li></ul><ul><li>Ex: Search Engines [exploits using social engineering] </li></ul><ul><li>Example </li></ul><ul><li>Persistent: XSS vulnerability that exists when data provided to a web application by a user is stored persistently on the server </li></ul><ul><li>Ex: Blogger Comments </li></ul><ul><li>Example </li></ul>
  6. 6. XSS (Cross Site Scripting) <ul><li>Exploits </li></ul><ul><li>Session Hijacking / Cookie Theft [ Example ] </li></ul><ul><li>Redirecting the page to hacker’s desired location [persistent] </li></ul><ul><li>[ Example ] </li></ul>
  7. 7. Preventing XSS <ul><li>Escaping/Filtering Some of characters like <,> as we do for Portal Application </li></ul><ul><li>Replacing characters < with &lt; and > with &gt; </li></ul><ul><li>Both the above solutions prevent users from entering rich HTML content which is required for many web 2.0 Products </li></ul><ul><li>Escape HTML tags which can be malicious like <script>, <meta> etc. Blogger, MySpace are some with this kind of implementation. </li></ul>
  8. 8. SQL Injection <ul><li>SQL Injection is a security vulnerability occurring in the DB layer. It is method to inject SQL command/query through the webpage. Hacker can come up with an intelligent input which may cause the application to do what it is not supposed to do. </li></ul><ul><li>Examples: </li></ul><ul><li>Incorrect escaping/Filtering: </li></ul><ul><li>Query: statement = &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; </li></ul><ul><li>Hacker’s input: a’ OR ‘x’=x </li></ul><ul><li>Final Statement = SELECT * FROM users WHERE name = ‘a’ OR ‘x’=x’; </li></ul>
  9. 9. SQL Injection <ul><li>More Serious attack: </li></ul><ul><li>Query: statement = &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; </li></ul><ul><li>Hacker’s input: a’; Drop Table Users; Select * from Users where name like ‘% </li></ul><ul><li>Final Statement = SELECT * FROM users WHERE name = ‘ a’; Drop Table Users; Select * from Users where name like ‘% ’ </li></ul>
  10. 10. Preventing SQL Injection <ul><li>Escaping Special Characters </li></ul><ul><li>Error-prone way to prevent injections is to escape dangerous characters. </li></ul><ul><li>- Replacing ‘ with ‘’ </li></ul><ul><li>- In MYSQL, use mysql_real_escape_string() to escape special characters </li></ul><ul><li>Using Parameterized Statements </li></ul><ul><li>myCommand = new SqlCommand(&quot;SELECT * FROM USERS WHERE USERNAME=@username AND PASSWORD= @password&quot;, myConnection)) { </li></ul><ul><li>myCommand.Parameters.AddWithValue(&quot;@username&quot;, user); myCommand.Parameters.AddWithValue(&quot;@password&quot;, pass); </li></ul>
  11. 11. Remote File Inclusion <ul><li>RFI vulnerabilities allow hackers to run their code on the web servers. </li></ul><ul><li>XSS is code injection on client side, whereas RFI is on server side. </li></ul><ul><li>Bad coding practice where filenames were sent as Query parameters can be used as any normal variable in the code. </li></ul><ul><li>This was one of common PHP vulnerabilities in early days. </li></ul>
  12. 12. RFI Example <ul><li><?php </li></ul><ul><li>$file=$_REQUEST[‘file’]; </li></ul><ul><li>include ($file.&quot;php&quot;); </li></ul><ul><li>?> </li></ul><ul><li>URL: </li></ul><ul><li>The code in hack.php would get executed on the server </li></ul>
  13. 13. Input Validation <ul><li>Most of security vulnerabilities are because of Hacky input. </li></ul><ul><li>Input Validation on Client Side (javascript) alone will not suffice. We need to have check for user input on both Client and Server. </li></ul><ul><li>Hacker can disable the checks on client side and send invalid input to Server Side. ( Example ) </li></ul><ul><li>Example: </li></ul><ul><li>Shopping site example about how serious a attack can be if there is no server side check. </li></ul>
  14. 14. Security Vulnerability Via Browser Bugs <ul><li>Browser bugs can sometimes lead to finding vulnerabilities in the Web Applications </li></ul><ul><li>Example is Cross-Domain XMLHTTP Vulnerability in First version of Chrome </li></ul><ul><li>What is Cross-Domain XMLHTTP ? </li></ul><ul><li>What was bug in Chrome Version 1.0 ? </li></ul><ul><li> Example </li></ul>
  15. 15. Lessons to Learn <ul><li>Web Security is not Rocket science </li></ul><ul><li>Validate Input </li></ul><ul><li>Validate output </li></ul><ul><li>Watch for New Security Attacks and how they affect your products </li></ul>
  16. 16. Thank You