SlideShare a Scribd company logo

Hydra Connect 2015 poster from the University of Cincinnati

Download as PPT, PDF
N
newmanld

Navigating through a Hailstorm - for information contact Linda Newman (newmanld@ucmail.uc.edu), Thomas Scherz (scherztc@ucmail.uc.edu) or Glen Horton (hortongn@ucmail.uc.edu).

Education
1 of 1
Navigating through a Hailstorm Request Handling (Middleware):Request Handling (Middleware): SANITIZE_ENV_KEYS = %w( HTTP_REFERER PATH_INFO REQUEST_URI REQUEST_PATH QUERY_STRING ) valid = URI.decode(string).force_encoding('UTF-8').valid_encoding? Exception Trapping (Controllers):Exception Trapping (Controllers): unless Rails.application.config.consider_all_requests_local rescue_from Exception, with: :render_404 rescue_from ActionController::RoutingError, with: :render_404 rescue_from ActionController::UnknownController, with: :render_404 rescue_from ActiveRecord::RecordNotFound, with: :render_404 end Parameter Checking (Helpers):Parameter Checking (Helpers): def limit_param_length(parameter, length_limit) render(:file => 'public/404.html', :status => 404, :layout => false) unless parameter.to_s.length < length_limit end TYPICAL HAILSTORM WARNING:TYPICAL HAILSTORM WARNING: Integer Overflow - [OWASP 2013 A 1] Warning Findings Assessment: OWASP-2013 (Set I) - Overflow Run: 07/24/2015 1:16:57PM Traversal: 2015.06.24 scholar user Integer Overflow - [OWASP 2013 A 1] 1 Warning (High, HARM: 115): https://scholar-qa.uc.edu/catalog?utf8=%E2%9C %93&q=testval Message: Integer overflow vulnerability found Injectable request #: 2 Injected item: GET: q Injection length: 6 Request: GET /catalog?utf8=%E2%9C%93&q=-65536 HTTP/1.1 Host: scholar-qa.uc.edu Referer: https://scholar-qa.uc.edu/creators_rights_request Response: <no response> UC’s change management procedures require a passing Hailstorm scan reporting a no harm score. Our strategies include request handling, parameter checking, exception trapping, error page sanitizing and increasing java heap size. For links to our code: http://bit.ly/1Oi1sZd

Recommended

XamarinとAWSをつないでみた話
XamarinとAWSをつないでみた話XamarinとAWSをつないでみた話
XamarinとAWSをつないでみた話
Takehito Tanabe
 
23.simple login with sessions in laravel 5
23.simple login with sessions in laravel 523.simple login with sessions in laravel 5
23.simple login with sessions in laravel 5
Razvan Raducanu, PhD
 
Apache cheat sheet
Apache cheat sheetApache cheat sheet
Apache cheat sheet
Lam Hoang
 
ZendFramework2 & Symfony2
ZendFramework2 & Symfony2ZendFramework2 & Symfony2
ZendFramework2 & Symfony2
Wesley Victhor Mendes
 
22.sessions in laravel
22.sessions in laravel22.sessions in laravel
22.sessions in laravel
Razvan Raducanu, PhD
 
Cm
CmCm
Cm
Laxman Dora
 
17. CodeIgniter login simplu cu sesiuni
17. CodeIgniter login simplu cu sesiuni17. CodeIgniter login simplu cu sesiuni
17. CodeIgniter login simplu cu sesiuni
Razvan Raducanu, PhD
 
Drupal for ng_os
Drupal for ng_osDrupal for ng_os
Drupal for ng_os
dstuartnz
 

Recommended

XamarinとAWSをつないでみた話
XamarinとAWSをつないでみた話XamarinとAWSをつないでみた話
XamarinとAWSをつないでみた話
Takehito Tanabe
 
23.simple login with sessions in laravel 5
23.simple login with sessions in laravel 523.simple login with sessions in laravel 5
23.simple login with sessions in laravel 5
Razvan Raducanu, PhD
 
Apache cheat sheet
Apache cheat sheetApache cheat sheet
Apache cheat sheet
Lam Hoang
 
ZendFramework2 & Symfony2
ZendFramework2 & Symfony2ZendFramework2 & Symfony2
ZendFramework2 & Symfony2
Wesley Victhor Mendes
 
22.sessions in laravel
22.sessions in laravel22.sessions in laravel
22.sessions in laravel
Razvan Raducanu, PhD
 
Cm
CmCm
Cm
Laxman Dora
 
17. CodeIgniter login simplu cu sesiuni
17. CodeIgniter login simplu cu sesiuni17. CodeIgniter login simplu cu sesiuni
17. CodeIgniter login simplu cu sesiuni
Razvan Raducanu, PhD
 
Drupal for ng_os
Drupal for ng_osDrupal for ng_os
Drupal for ng_os
dstuartnz
 
Laravel Routing and Query Building
Laravel Routing and Query BuildingLaravel Routing and Query Building
Laravel Routing and Query Building
Mindfire Solutions
 
07 02-05
07 02-0507 02-05
07 02-05
Nimmanon Lasaku
 
07-02-05
07-02-0507-02-05
07-02-05
Nimmanon Lasaku
 
07 02-05
07 02-0507 02-05
07 02-05
Nimmanon Lasaku
 
07 02-05
07 02-0507 02-05
07 02-05
Nimmanon Lasaku
 
Developing api with rails metal
Developing api with rails metalDeveloping api with rails metal
Developing api with rails metal
Zack Siri
 
SOLID: the core principles of success of the Symfony web framework and of you...
SOLID: the core principles of success of the Symfony web framework and of you...SOLID: the core principles of success of the Symfony web framework and of you...
SOLID: the core principles of success of the Symfony web framework and of you...
Vladyslav Riabchenko
 
SYCL 1.2.1 Reference Card
SYCL 1.2.1 Reference CardSYCL 1.2.1 Reference Card
SYCL 1.2.1 Reference Card
The Khronos Group Inc.
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
InfluxData
 
Bonnes pratiques de développement avec Node js
Bonnes pratiques de développement avec Node jsBonnes pratiques de développement avec Node js
Bonnes pratiques de développement avec Node js
Francois Zaninotto
 
Exemplo de Fluxograma de Arquitetura aplicativo
Exemplo de Fluxograma de Arquitetura aplicativoExemplo de Fluxograma de Arquitetura aplicativo
Exemplo de Fluxograma de Arquitetura aplicativo
Michel Anderson Lütz Teixeira
 
Log4j2
Log4j2Log4j2
Log4j2
joergreichert
 
What's new in Rails 4
What's new in Rails 4What's new in Rails 4
What's new in Rails 4
Fabio Akita
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
Positive Hack Days
 
TO Hack an ASP .NET website?
TO Hack an ASP .NET website? TO Hack an ASP .NET website?
TO Hack an ASP .NET website?
Positive Hack Days
 
What's Coming Next in Sencha Frameworks
What's Coming Next in Sencha FrameworksWhat's Coming Next in Sencha Frameworks
What's Coming Next in Sencha Frameworks
Grgur Grisogono
 
Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018 Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018
Ballerina
 
Spring 3.0
Spring 3.0Spring 3.0
Spring 3.0
Ved Prakash Gupta
 
Roll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and LuaRoll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and Lua
Jon Moore
 
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, EverAltitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
Fastly
 
Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
Jisc
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
AreebaZafar22
 

More Related Content

Similar to Hydra Connect 2015 poster from the University of Cincinnati

Developing api with rails metal
Developing api with rails metalDeveloping api with rails metal
Developing api with rails metal
Zack Siri
 
Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018 Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018
Ballerina
 

Similar to Hydra Connect 2015 poster from the University of Cincinnati (20)

Laravel Routing and Query Building
Laravel Routing and Query BuildingLaravel Routing and Query Building
Laravel Routing and Query Building
 
07 02-05
07 02-0507 02-05
07 02-05
 
07-02-05
07-02-0507-02-05
07-02-05
 
07 02-05
07 02-0507 02-05
07 02-05
 
07 02-05
07 02-0507 02-05
07 02-05
 
Developing api with rails metal
Developing api with rails metalDeveloping api with rails metal
Developing api with rails metal
 
SOLID: the core principles of success of the Symfony web framework and of you...
SOLID: the core principles of success of the Symfony web framework and of you...SOLID: the core principles of success of the Symfony web framework and of you...
SOLID: the core principles of success of the Symfony web framework and of you...
 
SYCL 1.2.1 Reference Card
SYCL 1.2.1 Reference CardSYCL 1.2.1 Reference Card
SYCL 1.2.1 Reference Card
 
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
Scott Anderson [InfluxData] | InfluxDB Tasks – Beyond Downsampling | InfluxDa...
 
Bonnes pratiques de développement avec Node js
Bonnes pratiques de développement avec Node jsBonnes pratiques de développement avec Node js
Bonnes pratiques de développement avec Node js
 
Exemplo de Fluxograma de Arquitetura aplicativo
Exemplo de Fluxograma de Arquitetura aplicativoExemplo de Fluxograma de Arquitetura aplicativo
Exemplo de Fluxograma de Arquitetura aplicativo
 
Log4j2
Log4j2Log4j2
Log4j2
 
What's new in Rails 4
What's new in Rails 4What's new in Rails 4
What's new in Rails 4
 
Hack ASP.NET website
Hack ASP.NET websiteHack ASP.NET website
Hack ASP.NET website
 
TO Hack an ASP .NET website?
TO Hack an ASP .NET website? TO Hack an ASP .NET website?
TO Hack an ASP .NET website?
 
What's Coming Next in Sencha Frameworks
What's Coming Next in Sencha FrameworksWhat's Coming Next in Sencha Frameworks
What's Coming Next in Sencha Frameworks
 
Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018 Resiliency & Security_Ballerina Day CMB 2018
Resiliency & Security_Ballerina Day CMB 2018
 
Spring 3.0
Spring 3.0Spring 3.0
Spring 3.0
 
Roll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and LuaRoll Your Own API Management Platform with nginx and Lua
Roll Your Own API Management Platform with nginx and Lua
 
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, EverAltitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
Altitude NY 2018: Leveraging Log Streaming to Build the Best Dashboards, Ever
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
AnaAcapella
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
QucHHunhnh
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
QucHHunhnh
 

Recently uploaded (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
ICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptxICT Role in 21st Century Education & its Challenges.pptx
ICT Role in 21st Century Education & its Challenges.pptx
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptxSKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
SKILL OF INTRODUCING THE LESSON MICRO SKILLS.pptx
 
Unit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptxUnit-IV; Professional Sales Representative (PSR).pptx
Unit-IV; Professional Sales Representative (PSR).pptx
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Introduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The BasicsIntroduction to Nonprofit Accounting: The Basics
Introduction to Nonprofit Accounting: The Basics
 
Understanding Accommodations and Modifications
Understanding Accommodations and ModificationsUnderstanding Accommodations and Modifications
Understanding Accommodations and Modifications
 
Spellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please PractiseSpellings Wk 3 English CAPS CARES Please Practise
Spellings Wk 3 English CAPS CARES Please Practise
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
Dyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptxDyslexia AI Workshop for Slideshare.pptx
Dyslexia AI Workshop for Slideshare.pptx
 
Google Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptxGoogle Gemini An AI Revolution in Education.pptx
Google Gemini An AI Revolution in Education.pptx
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Unit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptxUnit-V; Pricing (Pharma Marketing Management).pptx
Unit-V; Pricing (Pharma Marketing Management).pptx
 
How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17How to Create and Manage Wizard in Odoo 17
How to Create and Manage Wizard in Odoo 17
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 

Hydra Connect 2015 poster from the University of Cincinnati

  • 1. Navigating through a Hailstorm Request Handling (Middleware):Request Handling (Middleware): SANITIZE_ENV_KEYS = %w( HTTP_REFERER PATH_INFO REQUEST_URI REQUEST_PATH QUERY_STRING ) valid = URI.decode(string).force_encoding('UTF-8').valid_encoding? Exception Trapping (Controllers):Exception Trapping (Controllers): unless Rails.application.config.consider_all_requests_local rescue_from Exception, with: :render_404 rescue_from ActionController::RoutingError, with: :render_404 rescue_from ActionController::UnknownController, with: :render_404 rescue_from ActiveRecord::RecordNotFound, with: :render_404 end Parameter Checking (Helpers):Parameter Checking (Helpers): def limit_param_length(parameter, length_limit) render(:file => 'public/404.html', :status => 404, :layout => false) unless parameter.to_s.length < length_limit end TYPICAL HAILSTORM WARNING:TYPICAL HAILSTORM WARNING: Integer Overflow - [OWASP 2013 A 1] Warning Findings Assessment: OWASP-2013 (Set I) - Overflow Run: 07/24/2015 1:16:57PM Traversal: 2015.06.24 scholar user Integer Overflow - [OWASP 2013 A 1] 1 Warning (High, HARM: 115): https://scholar-qa.uc.edu/catalog?utf8=%E2%9C %93&q=testval Message: Integer overflow vulnerability found Injectable request #: 2 Injected item: GET: q Injection length: 6 Request: GET /catalog?utf8=%E2%9C%93&q=-65536 HTTP/1.1 Host: scholar-qa.uc.edu Referer: https://scholar-qa.uc.edu/creators_rights_request Response: <no response> UC’s change management procedures require a passing Hailstorm scan reporting a no harm score. Our strategies include request handling, parameter checking, exception trapping, error page sanitizing and increasing java heap size. For links to our code: http://bit.ly/1Oi1sZd