Home
Explore
Submit Search
Upload
Login
Signup
Advertisement
Check these out next
Information Security Systems
Eyad Mhanna
020618 Why Do we Need HTTPS
Jackio Kwok
Stable proxies it's type and advantages
stableproxies
Introduction to stable proxies.
stableproxies
cryptography security
Zia3130
Web Proxy Server
Mohit Dhankher
Introduce warden
Hieu Nguyen Trung
12 web security
StephenKardian
1
of
22
Top clipped slide
Ihor Bliumental - WebSockets
Mar. 4, 2018
•
0 likes
0 likes
×
Be the first to like this
Show More
•
342 views
views
×
Total views
0
On Slideshare
0
From embeds
0
Number of embeds
0
Download Now
Download to read offline
Report
Technology
WebSockets security analysis methods and techniques.
OWASP Kyiv
Follow
OWASP Kyiv
Advertisement
Advertisement
Advertisement
Recommended
Web security
Greater Noida Institute Of Technology
155 views
•
13 slides
Wap wml
Ankit Anand
110 views
•
22 slides
IWMW 1998: Server Management (3) Controlling access
IWMW
191 views
•
11 slides
15 intro to ssl certificate & pki concept
Mostafa El Lathy
248 views
•
18 slides
KILLME NOWITSELF
Shehab Imam
254 views
•
18 slides
Proxy Presentation
primeteacher32
5.9K views
•
11 slides
More Related Content
Slideshows for you
(18)
Information Security Systems
Eyad Mhanna
•
271 views
020618 Why Do we Need HTTPS
Jackio Kwok
•
395 views
Stable proxies it's type and advantages
stableproxies
•
14K views
Introduction to stable proxies.
stableproxies
•
217 views
cryptography security
Zia3130
•
148 views
Web Proxy Server
Mohit Dhankher
•
994 views
Introduce warden
Hieu Nguyen Trung
•
383 views
12 web security
StephenKardian
•
87 views
SignalR
Sarvesh Kushwaha
•
243 views
XML Key Management Protocol for Secure Web Service
Md. Hasan Basri (Angel)
•
1.3K views
Fundamental of Webserver Hacking, Web Applications and Database Attacks
UK Defence Cyber School
•
14 views
WT - Firewall & Proxy Server
vinay arora
•
2.1K views
Proxy Servers & Firewalls
Mehdi Poustchi Amin
•
25.5K views
Introduction to OAuth
Wei-Tsung Su
•
1.3K views
Http Proxy Server
Sourav Roy
•
5.6K views
Api sec demo_updated_v2
Aravindan A
•
94 views
y3dips hacking priv8 network
idsecconf
•
1.3K views
Sqlviking
Jonn Callahan
•
291 views
Similar to Ihor Bliumental - WebSockets
(20)
Vulnerabilities in modern web applications
Niyas Nazar
•
1.2K views
Computer Network Case Study - bajju.pptx
ShivamBajaj36
•
54 views
The path of secure software by Katy Anton
DevSecCon
•
226 views
HTML5 hacking
Blueinfy Solutions
•
3.1K views
Owasp Mobile Risk Series : M3 : Insufficient Transport Layer Protection
Anant Shrivastava
•
40.5K views
WebApps_Lecture_15.ppt
OmprakashVerma56
•
4 views
Protecting Web Services from DDOS Attack
Ponraj
•
7.2K views
Building Client-Side Attacks with HTML5 Features
Conviso Application Security
•
3.2K views
Spa Secure Coding Guide
Geoffrey Vandiest
•
151 views
Web Services Hacking and Security
Blueinfy Solutions
•
6.1K views
DEF CON 24 - workshop - Craig Young - brainwashing embedded systems
Felipe Prado
•
41 views
a
Sandeep Kumar
•
196 views
Html5 security
Krishna T
•
2.6K views
www.webre24h.com - Ajax security
webre24h
•
188 views
Information Security Engineering
Md. Hasan Basri (Angel)
•
186 views
Cross Site Scripting - Mozilla Security Learning Center
Michael Coates
•
6K views
Websocket
艾鍗科技
•
2.2K views
DDD Melbourne 2014 security in ASP.Net Web API 2
Pratik Khasnabis
•
1.3K views
Post XSS Exploitation : Advanced Attacks and Remedies
Adwiteeya Agrawal
•
3.4K views
Security Patterns with WSO2 ESB
WSO2
•
5.2K views
Advertisement
More from OWASP Kyiv
(20)
Is there a penetration testing within PCI DSS certification? (Dmytro Diordiyc...
OWASP Kyiv
•
245 views
Software Supply Chain Security та компоненти з відомими вразливостями
OWASP Kyiv
•
197 views
Cloud Security Hardening та аудит хмарної безпеки за допомогою Scout Suite
OWASP Kyiv
•
153 views
Threat Modeling with OWASP Threat Dragon
OWASP Kyiv
•
589 views
Anastasia Vixentael - Don't Waste Time on Learning Cryptography: Better Use I...
OWASP Kyiv
•
693 views
Vlad Styran - Cyber Security Economics 101
OWASP Kyiv
•
466 views
Pavlo Radchuk - OWASP SAMM: Understanding Agile in Security
OWASP Kyiv
•
2.4K views
Ivan Vyshnevskyi - Not So Quiet Git Push
OWASP Kyiv
•
432 views
Dima Kovalenko - Modern SSL Pinning
OWASP Kyiv
•
523 views
Yevhen Teleshyk - OAuth Phishing
OWASP Kyiv
•
362 views
Vlada Kulish - Why So Serial?
OWASP Kyiv
•
590 views
Vlad Styran - OWASP Kyiv 2017 Report and 2018 Plans
OWASP Kyiv
•
343 views
Roman Borodin - ISC2 & ISACA Certification Programs First-hand Experience
OWASP Kyiv
•
815 views
Serhiy Korolenko - The Strength of Ukrainian Users’ P@ssw0rds2017
OWASP Kyiv
•
1.1K views
Viktor Zhora - Cyber and Geopolitics: Ukrainian factor
OWASP Kyiv
•
647 views
Andriy Shalaenko - GO security tips
OWASP Kyiv
•
1.5K views
Vlad Styran - "Hidden" Features of the Tools We All Love
OWASP Kyiv
•
636 views
Volodymyr Ilibman - Close Look at Nyetya Investigation
OWASP Kyiv
•
412 views
Ihor Bliumental - Collision CORS
OWASP Kyiv
•
370 views
Lidiia 'Alice' Skalytska - Security Checklist for Web Developers
OWASP Kyiv
•
547 views
Recently uploaded
(20)
How to lead in the age of Superintelligence.pptx
Prerna Kaul
•
0 views
FINAL PRESENTATION on OBE using TDD.pptx
gznfrch1
•
0 views
AirMMax Motor Brochure.pdf
AirMMax Aeration Equipment Co., Ltd
•
0 views
Addin Revit.pdf
ssuser589db1
•
0 views
Revolution in Retail Experience.pdf
bgoyani3
•
0 views
8 PROCESS FLOW CHART.pptx
julitolosbanos
•
0 views
Hackolade Tutorial - part 4 - Create your first data model
PascalDesmarets1
•
0 views
Scan 26 Apr 23 11·57·23.pdf
SmrDDhrk
•
0 views
Office 365
Princy Nadar
•
0 views
Vernacular Architecture - 1.ppt
RekhaVKumar
•
0 views
Cutting Edge Robotics Innovation.pdf
bgoyani3
•
0 views
How to Build Real-Time Analytics Applications like Netflix, Confluent, and Re...
confluent
•
0 views
Pioneering the Future of Finance: Banks and MetaMask Integration in Cryptocur...
Mobiloitte Technologies
•
0 views
Manufacturing Slides Powerpoint Template.pptx
ssuser589db1
•
0 views
Hackolade Tutorial - part 3 - Query-driven data modeling based on access patt...
PascalDesmarets1
•
0 views
Class I_OSI Network Layer by CISCO.ppt
NukriTskvitaia
•
0 views
Events
Victor de Souza Fernandes
•
0 views
【本科生、研究生】新西兰梅西大学毕业证文凭购买指南
foxupud
•
0 views
Stream Processing with Flink and Stream Sharing.pdf
confluent
•
0 views
Real-time Network Streaming Innovation & Insights
confluent
•
0 views
Advertisement
Ihor Bliumental - WebSockets
Ihor Bliumental OWASP Kyiv
Chapter Lead ihor.bliumental@owasp.org WebSocket security
WebSocket handshake
WebSocket protocol
WebSocket handshake
WebSocket handshake
WebSocket – Javascript API
Authentication
Authorization • An attacker can access the data/functions without authorization • An attacker can access the data/functions which require higher level of authorization •
An attacker can access other same level user's restricted data/functions
Cross Origin Resource Sharing
Cross Origin Resource Sharing
Traffic encryption • All sensitive data should be transferred using TLS (wss://) • TLS should be implemented correctly (no weak ciphers)
Resource Exhaustion • Connection is being kept until client or server close it • An attacker can exhausts all available connections •
Modern clients have limits (e.g. Chrome: 256 total WS connections, 30 per one host; Firefox: 200 total WS connections)
Improper input validation • A1 - Injections (SQLi, Code injections, Template injections, etc.) • A4 - XXE •
A7 - XSS • A8 - Insecure deserialisation
Chrome developer tools
Simple WebSocket Client (FF/Chrome addon)
Burp Suite Community Edition
Burp Suite Pro
Burp Suite Pro
OWASP ZAP
OWASP ZAP
Example
Questions?
Advertisement