Downloaded 75 times
![Broken Auth
• Protection:
▫ Password Change Controls
▫ Password Strength
▫ Password Expiration
▫ Password Storage
▫ Protection In Transit
▫ Avoid Cookieless Session
▫ Avoid homegrown authentication schema
▫ Look into IP/Location/Browser/OS combination
▫ Always have unique session ID bound with IP
▫ Double-check password on certain activity
▫ Expire sessions early
▫ Don’t forget logout button [which should destroy the server/client session]](https://image.slidesharecdn.com/presentationonattacks-150820183936-lva1-app6892/85/Presentation-on-Web-Attacks-10-320.jpg)
![Slow Attacks - Protection
• Drop Connections which HTTP method not supported by URL
• Limit the header and message body to a minimal reasonable length
• Set an absolute connection timeout, if possible.
• Try to maximize server max no of connections
• Define minimum incoming data rate
• Define max no of concurrent connections from same IP
• Blacklist the known attack user-agents [Slowloris uses *MSIE*MSOffice 12*]](https://image.slidesharecdn.com/presentationonattacks-150820183936-lva1-app6892/85/Presentation-on-Web-Attacks-20-320.jpg)
Uploaded byVivek Sinha Anurag
Presentation on Web Attacks
The presentation discusses the OWASP Top 5 web attacks, including SQL injection, XSS, and broken authentication, with prevention measures for each type. It explains the mechanisms of various attack vectors such as command injection and CSRF, along with their impact and mitigation strategies. Additionally, it covers sensitive data exposure and slow attacks, providing guidance on safeguarding applications and networks.
More Related Content
Similar to Presentation on Web Attacks
Presentation on Web Attacks
- 1. Presentation on WebAttacks By : Vivek Sinha Anurag
- 2. Agenda • Owasp Top-5Attacks ▫ Injection Attacks (SQLi, Xpath Injection, Command Injection) ▫ XSS ▫ Broken Authentication & Authorization (Session Management Flaws) ▫ CSRF ▫ Sensitve Data Exposure (PII, PCI, SSL) ▫ Slow Attacks: ▫ Slow Read ▫ Slow Get ▫ Slow POST
- 3. Injection Attacks • SQLi •Xpath Injection • Command Injection
- 4. SQL Injection • Itis a code drive technique used to attack data driven apps in which malicious SQL statements are inserted into entry field for execution use of ‘ or ‘1’=‘1 select * from Users where (username = 'submittedUser' and password = 'submittedPassword'); • Prevention ▫ Sanitizing Inputs ▫ Using Escape Characters ▫ Using Parameterized query ▫ Using Stored Procedures
- 5. XPath Injection • Similarto SQLi, this is also a technique where attacker manipulates the input data to extract the desired information from XML doc where the data is stored. Malformed data is provided in input Eg: ‘ or ‘1’=‘1 in USER/PASS • Prevention ▫ Using parameterized Xpath interface ▫ Escaping the input characters ▫ Using precompiled xpath query
- 6. Command Injection • Itis a technique to inject and execute OS commands specified by an attacker in the vulnerable app. • In most of the cases it is possible due to lack of input data validation which can be manipulated by the attacker • Prevention: ▫ Always validate the input data ▫ Run the app with minimum permissions possible
- 7. XSS Attacks • Persistent ▫It occurs when the data provided by the attacker is saved by the server, and then permanently displayed on "normal" pages returned to other users in the course of regular browsing, without proper HTML escaping. • Non-Persistent ▫ When the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to parse and display a page of results for and to that user, without properly sanitizing the request • DOM based ▫ Attack payload is executed as a result of modifying the DOM environment in the victim browser used by the original client side script
- 8. XSS Attacks • Prevention ▫Escaping/Encoding of string input ▫ Safely validating untrusted HTML input ▫ Whitelist/Blacklist based HTML tags ▫ Disabling Scripts ▫ Implementation of Cookie with additional parameters, like IP
- 9. Broken Auth OWASP Definition: Accountcredentials and session tokens are often not properly protected. Attackers compromise passwords, keys, or authentication tokens to assume other users’ identities • Broken Authentication • Broken Authorization • Session Management Flaws
- 10. Broken Auth • Protection: ▫Password Change Controls ▫ Password Strength ▫ Password Expiration ▫ Password Storage ▫ Protection In Transit ▫ Avoid Cookieless Session ▫ Avoid homegrown authentication schema ▫ Look into IP/Location/Browser/OS combination ▫ Always have unique session ID bound with IP ▫ Double-check password on certain activity ▫ Expire sessions early ▫ Don’t forget logout button [which should destroy the server/client session]
- 11. CSRF (Cross Siterequest Forgery) OWASP Definition: A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim’s browser to perform a hostile action to the benefit of the attacker. CSRF can be as powerful as the web application that it attacks
- 12.
- 13. CSRF Prevention • Captcha •Re-Authentication ▫ Password Based ▫ One-Time Token • Unique Request Tokens
- 14. Sensitive Data Exposure •PII (Personal Identifiable Information) ▫ Sensitive and Non Sensitive PII • PCI Compliance ▫ Its assures that the CC data is secured • SSL ▫ Always use strong ciphers and disable renegotiation ▫ Make sure that the private key is always secured.
- 15. PCI • Requirements ▫ Buildand maintain a Secured Network Firewalls, Don’t use default passwords ▫ Protect Cardholder Data Protect the stored data, Encrypt the data while transmitting it ▫ Maintain a Vulnerability Management Program Updated Antivirus, develop/maintain secure systems in apps ▫ Implement Strong Access Control Measures Restricted access, unique ids to people have access, restrict physical access ▫ Regularly Monitor and Test Networks Track and monitor all access, regularly test security systems ▫ Maintain an Information Security Policy Maintain policy to address information security
- 16. Slow Attacks • SlowRead • Slow GET • Slow POST Difficult to detect Can be used from single computer Can bypass traditional WAF
- 17. Slow Read • Attackercreates multiple connections to the server • Advertise that receiving window size is very small • Keeps the connection open for very long time • Uses all the connections causing DOS • Tools used: SlowHttpTest
- 18. Slow Get • Attackercreates multiple connections to the server • Sends GET requests at very slow rate • Server keeps waiting for completion of headers • Uses all the connections causing DOS • Tools Used: AlowHttpTest, Slowloris
- 19. Slow POST • Attackercreates multiple connections to the server • Sends header and advertise fixed content length • Sends POST body at very slow rate • Server keeps waiting for completion of POST body • Uses all the connections causing DOS • Tools Used: AlowHttpTest, RUDY
- 20. Slow Attacks -Protection • Drop Connections which HTTP method not supported by URL • Limit the header and message body to a minimal reasonable length • Set an absolute connection timeout, if possible. • Try to maximize server max no of connections • Define minimum incoming data rate • Define max no of concurrent connections from same IP • Blacklist the known attack user-agents [Slowloris uses *MSIE*MSOffice 12*]
- 21.
- 22.