Everyone dreams of being ‘Web Scale’, but we start out small. We — most of us — don’t launch a service and expect it to serve millions of requests from Day 1. This means that we don’t think about the ways in which our stack will blow up when the number of requests does start climbing. This talk lists simple patterns and checks that Development and Operations teams should implement from Day 1 in order to ensure a robust distributed system.
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
Identifying Web Servers: A First-look Into the Future of Web Server Fingerprinting
Jeremiah Grossman, Founder & Chairman of WhiteHat Security, Inc.
Many diligent security professionals take active steps to limit the amount of system specific information a publicly available system may yield to a remote user. These preventative measures may take the form of modifying service banners, firewalls, web site information, etc.
Software utilities such as NMap have given the security community an excellent resource to discover what type of Operating System and version is listening on a particular IP. This process is achieved by mapping subtle, yet, distinguishable nuances unique to each OS. But, this is normally where the fun ends, as NMap does not enable we user's to determine what version of services are listening. This is up to us to guess or to find out through other various exploits.
This is where we start our talk, fingerprinting Web Servers. These incredibly diverse and useful widespread services notoriously found listening on port 80 and 443 just waiting to be explored. Many web servers by default will readily give up the type and version of the web server via the "Server" HTTP response header. However, many administrators aware of this fact have become increasingly clever in recent months by removing or altering any and all traces of this telltale information.
These countermeasures lead us to the obvious question; could it STILL possible to determine a web servers platform and version even after all known methods of information leakage prevention have been exhausted (either by hack or configuration)?
The simple answer is "yes"; it is VERY possible to still identify the web server. But, the even more interesting question is; just how much specific information can we obtain remotely?
Are we able to determine?
* Supported HTTP Request Methods.
* Current Service Pack.
* Patch Levels.
* Configuarations.
* If an Apache Server suffers from a "chunked" vulnerability.
Is really possible to determine this specific information using a few simple HTTP requests? Again, the simple answer is yes, the possibility exists.
Proof of concept tools and command line examples will be demonstrated throughout the talk to illustrate these new ideas and techniques. Various countermeasures will also be explored to protect your IIS or Apache web server from various fingerprinting techniques.
Prerequisites:
General understanding of Web Server technology and HTTP.
Resting on your laurels will get you pownedDinis Cruz
Presentation delivered at BlackHat 2013. See these posts for more details on the Demos: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html ., http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
Abstract:
Secure code practices, system hardening, due diligence and due care principles are paramount in mitigating application level DoS attacks. These attacks often result in significant damage against unprepared and vulnerable organisations.
The intent of this talk is to help organisations in strengthening their security posture against such attacks. The talk will explore most common application level DoS attacks and will provide recommendations for protecting applications, detecting attacks and how to react under stressful conditions.
Everyone dreams of being ‘Web Scale’, but we start out small. We — most of us — don’t launch a service and expect it to serve millions of requests from Day 1. This means that we don’t think about the ways in which our stack will blow up when the number of requests does start climbing. This talk lists simple patterns and checks that Development and Operations teams should implement from Day 1 in order to ensure a robust distributed system.
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
Identifying Web Servers: A First-look Into the Future of Web Server Fingerprinting
Jeremiah Grossman, Founder & Chairman of WhiteHat Security, Inc.
Many diligent security professionals take active steps to limit the amount of system specific information a publicly available system may yield to a remote user. These preventative measures may take the form of modifying service banners, firewalls, web site information, etc.
Software utilities such as NMap have given the security community an excellent resource to discover what type of Operating System and version is listening on a particular IP. This process is achieved by mapping subtle, yet, distinguishable nuances unique to each OS. But, this is normally where the fun ends, as NMap does not enable we user's to determine what version of services are listening. This is up to us to guess or to find out through other various exploits.
This is where we start our talk, fingerprinting Web Servers. These incredibly diverse and useful widespread services notoriously found listening on port 80 and 443 just waiting to be explored. Many web servers by default will readily give up the type and version of the web server via the "Server" HTTP response header. However, many administrators aware of this fact have become increasingly clever in recent months by removing or altering any and all traces of this telltale information.
These countermeasures lead us to the obvious question; could it STILL possible to determine a web servers platform and version even after all known methods of information leakage prevention have been exhausted (either by hack or configuration)?
The simple answer is "yes"; it is VERY possible to still identify the web server. But, the even more interesting question is; just how much specific information can we obtain remotely?
Are we able to determine?
* Supported HTTP Request Methods.
* Current Service Pack.
* Patch Levels.
* Configuarations.
* If an Apache Server suffers from a "chunked" vulnerability.
Is really possible to determine this specific information using a few simple HTTP requests? Again, the simple answer is yes, the possibility exists.
Proof of concept tools and command line examples will be demonstrated throughout the talk to illustrate these new ideas and techniques. Various countermeasures will also be explored to protect your IIS or Apache web server from various fingerprinting techniques.
Prerequisites:
General understanding of Web Server technology and HTTP.
Resting on your laurels will get you pownedDinis Cruz
Presentation delivered at BlackHat 2013. See these posts for more details on the Demos: http://blog.diniscruz.com/2013/08/using-xmldecoder-to-execute-server-side.html ., http://blog.diniscruz.com/2013/08/neo4j-csrf-payload-to-start-processes.html
Abstract:
Secure code practices, system hardening, due diligence and due care principles are paramount in mitigating application level DoS attacks. These attacks often result in significant damage against unprepared and vulnerable organisations.
The intent of this talk is to help organisations in strengthening their security posture against such attacks. The talk will explore most common application level DoS attacks and will provide recommendations for protecting applications, detecting attacks and how to react under stressful conditions.
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
This is the slide I shared on the second community offline party of Horizon-Dalian. The topic is about restful web, and I started from web service and web history, telling people what the REST might be, and then gave six bindings of REST style.
Coding 100 session that took place a week before the Coding Camp, Berlin event (13-14 Feb 2016), to teach people to code!
See http://hackathon.cisco.com/event/codingcamp-Berlin-2016 for the Coding Camp event
Got data? Let's make it searchable! This presentation will demonstrate getting documents into Solr quickly, will provide some tips in adjusting Solr's schema to match your needs better, and finally will discuss how to showcase your data in a flexible search user interface. We'll see how to rapidly leverage faceting, highlighting, spell checking, and debugging. Even after all that, there will be enough time left to outline the next steps in developing your search application and taking it to production.
OSDC 2015: Tudor Golubenco | Application Performance Management with Packetbe...NETWAYS
Typical Application Performance Management (APM) solutions like New Relic, AppDynamics or Compuware are closed source because they require significant up-front development efforts. Due to the recent advances in open source storage and analytics technologies, it is now feasible to create a generic APM that is more applicable, more flexible and easier to integrate than the commercial alternatives.
The talk will present the requirements for a good open source APM solution and the proposed Packetbeat architecture to meet those requirements. It will demo our automation scripts for installing the complete Packetbeat system and it will show how to use it to monitor the performance of an example Django application. It will also introduce Bonito, a new web interface for the Packetbeat data which is complementary to Kibana. Finally, the talk will explain the differences in overhead and features when compared to the commercially available tools.
What’s all the buzz about REST APIs, and why should you care? REST APIs are growing quickly, with enterprise and finance the fastest growing categories. REST APIs also enable apps for mobile, wearables, and Internet of Things. If you don’t yet have a content strategy for REST APIs, you may need it soon.
The job market for REST APIs is hot, and you can increase your marketability and value by understanding REST API content. Be prepared by getting a head-start on what you need to know!
This presentation was given at Information Development World on October 1, 2015.
Oracle REST Data Services: Options for your Web ServicesJeff Smith
ORDS has many options when it comes to delivering web services for your Oracle Database. We have an Automatic feature for your database objects where we handle everything for you. Or, you can write your own services with your SQL & PL/SQL. This slide deck shows exactly what you have to choose from for your applications.
SOAP IS:
Lightweight communication protocol
For communication between applicationsone-way, request/response, multicast, etc..
Designed to communicate via HTTP
Not tied to any component technology
Not tied to any programming language
Based on XML
Simple and extensible
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
More Related Content
Similar to HTTP FIngerprinting - The next generation (OWASP AppSec APAC 2012)
WAF Bypass Techniques - Using HTTP Standard and Web Servers’ BehaviourSoroush Dalili
Although web application firewall (WAF) solutions are very useful to prevent common or automated attacks, most of them are based on blacklist approaches and are still far from perfect. This talk illustrates a number of creative techniques to smuggle and reshape HTTP requests using the strange behaviour of web servers and features such as request encoding or HTTP pipelining. These methods can come in handy when testing a website behind a WAF and can help penetration testers and bug bounty hunters to avoid drama and pain! Knowing these techniques is also beneficial for the defence team in order to design appropriate mitigation techniques. Additionally, it shows why developers should not solely rely on WAFs as the defence mechanism.
Finally, an open source Burp Suite extension will be introduced that can be used to assess or bypass a WAF solution using some of the techniques discussed in this talk. The plan is to keep improving this extension with the help of the http.ninja project.
This is the slide I shared on the second community offline party of Horizon-Dalian. The topic is about restful web, and I started from web service and web history, telling people what the REST might be, and then gave six bindings of REST style.
Coding 100 session that took place a week before the Coding Camp, Berlin event (13-14 Feb 2016), to teach people to code!
See http://hackathon.cisco.com/event/codingcamp-Berlin-2016 for the Coding Camp event
Got data? Let's make it searchable! This presentation will demonstrate getting documents into Solr quickly, will provide some tips in adjusting Solr's schema to match your needs better, and finally will discuss how to showcase your data in a flexible search user interface. We'll see how to rapidly leverage faceting, highlighting, spell checking, and debugging. Even after all that, there will be enough time left to outline the next steps in developing your search application and taking it to production.
OSDC 2015: Tudor Golubenco | Application Performance Management with Packetbe...NETWAYS
Typical Application Performance Management (APM) solutions like New Relic, AppDynamics or Compuware are closed source because they require significant up-front development efforts. Due to the recent advances in open source storage and analytics technologies, it is now feasible to create a generic APM that is more applicable, more flexible and easier to integrate than the commercial alternatives.
The talk will present the requirements for a good open source APM solution and the proposed Packetbeat architecture to meet those requirements. It will demo our automation scripts for installing the complete Packetbeat system and it will show how to use it to monitor the performance of an example Django application. It will also introduce Bonito, a new web interface for the Packetbeat data which is complementary to Kibana. Finally, the talk will explain the differences in overhead and features when compared to the commercially available tools.
What’s all the buzz about REST APIs, and why should you care? REST APIs are growing quickly, with enterprise and finance the fastest growing categories. REST APIs also enable apps for mobile, wearables, and Internet of Things. If you don’t yet have a content strategy for REST APIs, you may need it soon.
The job market for REST APIs is hot, and you can increase your marketability and value by understanding REST API content. Be prepared by getting a head-start on what you need to know!
This presentation was given at Information Development World on October 1, 2015.
Oracle REST Data Services: Options for your Web ServicesJeff Smith
ORDS has many options when it comes to delivering web services for your Oracle Database. We have an Automatic feature for your database objects where we handle everything for you. Or, you can write your own services with your SQL & PL/SQL. This slide deck shows exactly what you have to choose from for your applications.
SOAP IS:
Lightweight communication protocol
For communication between applicationsone-way, request/response, multicast, etc..
Designed to communicate via HTTP
Not tied to any component technology
Not tied to any programming language
Based on XML
Simple and extensible
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
Neuro-symbolic is not enough, we need neuro-*semantic*Frank van Harmelen
Neuro-symbolic (NeSy) AI is on the rise. However, simply machine learning on just any symbolic structure is not sufficient to really harvest the gains of NeSy. These will only be gained when the symbolic structures have an actual semantics. I give an operational definition of semantics as “predictable inference”.
All of this illustrated with link prediction over knowledge graphs, but the argument is general.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...James Anderson
Effective Application Security in Software Delivery lifecycle using Deployment Firewall and DBOM
The modern software delivery process (or the CI/CD process) includes many tools, distributed teams, open-source code, and cloud platforms. Constant focus on speed to release software to market, along with the traditional slow and manual security checks has caused gaps in continuous security as an important piece in the software supply chain. Today organizations feel more susceptible to external and internal cyber threats due to the vast attack surface in their applications supply chain and the lack of end-to-end governance and risk management.
The software team must secure its software delivery process to avoid vulnerability and security breaches. This needs to be achieved with existing tool chains and without extensive rework of the delivery processes. This talk will present strategies and techniques for providing visibility into the true risk of the existing vulnerabilities, preventing the introduction of security issues in the software, resolving vulnerabilities in production environments quickly, and capturing the deployment bill of materials (DBOM).
Speakers:
Bob Boule
Robert Boule is a technology enthusiast with PASSION for technology and making things work along with a knack for helping others understand how things work. He comes with around 20 years of solution engineering experience in application security, software continuous delivery, and SaaS platforms. He is known for his dynamic presentations in CI/CD and application security integrated in software delivery lifecycle.
Gopinath Rebala
Gopinath Rebala is the CTO of OpsMx, where he has overall responsibility for the machine learning and data processing architectures for Secure Software Delivery. Gopi also has a strong connection with our customers, leading design and architecture for strategic implementations. Gopi is a frequent speaker and well-known leader in continuous delivery and integrating security into software delivery.
UiPath Test Automation using UiPath Test Suite series, part 3DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 3. In this session, we will cover desktop automation along with UI automation.
Topics covered:
UI automation Introduction,
UI automation Sample
Desktop automation flow
Pradeep Chinnala, Senior Consultant Automation Developer @WonderBotz and UiPath MVP
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
Smart TV Buyer Insights Survey 2024 by 91mobiles.pdf91mobiles
91mobiles recently conducted a Smart TV Buyer Insights Survey in which we asked over 3,000 respondents about the TV they own, aspects they look at on a new TV, and their TV buying preferences.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
GraphRAG is All You need? LLM & Knowledge GraphGuy Korland
Guy Korland, CEO and Co-founder of FalkorDB, will review two articles on the integration of language models with knowledge graphs.
1. Unifying Large Language Models and Knowledge Graphs: A Roadmap.
https://arxiv.org/abs/2306.08302
2. Microsoft Research's GraphRAG paper and a review paper on various uses of knowledge graphs:
https://www.microsoft.com/en-us/research/blog/graphrag-unlocking-llm-discovery-on-narrative-private-data/
4. 4
Why
• Understanding of remote environment
• Load balancer vulnerabilities
- HAProxy DoS (SA44083)
- Pound Format String vuln (SA11528)
- Pound Buffer overflow (CVE-2005-1391)
- Varnish DoS (SA33852)
- mod_proxy Integer overflow (CVE-2010-0010)
5. 5
Prior work
• HMAP: A Technique and Tool For Remote
Identification of HTTP Servers - Dustin Lee
• Detecting and Defending against Web-Server
Fingerprinting - Dustin Lee, Jeff Rowe, Calvin Ko,
Karl Levitt
• HTTPrint; An Introduction to HTTP Fingerprinting
- Saumil Shah
• Identifying web servers – Jeremiah Grossman
• More
9. 9
HTTP 0.9 Response
<html><body><h1>It works!</h1>
<p>This is the default web page for this
server.</p>
<p>The web server software is running but
no content has been added, yet.</p>
</body></html>
11. 11
HTTP 1.0 Response
HTTP/1.0 200 OK
Date: Wed, 21 Mar 2012 22:22:22 GMT
Server: Apache/2.2.14 (Ubuntu)
ETag: "a711f-b1-4a2e722183700"
Content-Length: 177
Connection: close
Content-Type: text/html
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
13. 13
HTTP 1.1 Response
HTTP/1.1 200 OK
Date: Wed, 21 Mar 2012 22:22:22 GMT
Server: Apache/2.2.14 (Ubuntu)
ETag: "a711f-b1-4a2e722183700"
Content-Length: 177
Connection: close
Content-Type: text/html
<html><body><h1>It works!</h1>
<p>This is the default web page for this server.</p>
14. 14
METHOD Example
HEAD / HTTP/1.0CRLF
CRLF
POST / HTTP/1.0CRLF
Content-Type: application/x-www-form-
urlencodedCRLF
CRLF
id=1&name=test
25. 25
Apache handlers
Allows module to handle request METHOD
• Many modules don’t enforce strict verb
checks
• Can be used to remotely detect modules
and script bindings
• Can bypass authentication
• Don’t always work
31. 31
Conclusion
• Current fingerprinting does not give
complete picture
• Fingerprinting can do more than just
identify web agents
• Fingerprinting can be unreliable
• Better tools needed
32. 32
Tools
Source code and download from
• https://github.com/wireghoul/lbmap
• Please fork and contribute