Web application vulnerabilities

Canyourbusinesssurvivewithoutdata?
www.ebusinessmantra.com
Presented by ebusinessmantra

 ebusinessmantra --
 Web design and programming
 Web application security solutions
 Document Management Solutions
Sales of Web Vulnerability Scanner software
 Sales of Web Vulnerability Scanner software
 Internet Business Consulting – improve
website ROI, lead generation to Customer
Service (pre-sale to post sale cycle)

 What are web applications? commonly used examples
 Why are web applications at security risk?
 Should you worry?
 Top 10 vulnerabilities (2008)
How do you minimize the risk?
 How do you minimize the risk?
 Application Testing
 Hacking 101

 Common examples of web applications
◦ Dynamic, database driven web sites
 Two types – with and without user actions.
◦ With User Actions
 Account management (bank, financial, mortgage, …)
 Online shopping
 Online shopping
 Online banking
 Online trading
 Web sites that ask for information
◦ Without User Actions
 Information passed through URL, hidden form fields,
cookies – without user entering data in a form

 Simple Model

 Added Security around components

 Easy target
◦ More than 70% websites are vulnerable (studies)
◦ SSL, Network, OS securities cannot protect web apps.
◦ Attack passes as normal traffic through ports 80 & 443
◦ Only getting attention recently
Lucrative: Easy access to confidential information –
 Lucrative: Easy access to confidential information –
identity theft is a huge market
 Low investment and high returns mean high ROI
for a hacker
 Economy
◦ Large number of software professionals without jobs –
layoffs or fresh out of schools/colleges

 As web site owner, you should worry
◦ Notable (Govt., security firms, banks) web sites
have been hacked
◦ Many are not reported – legally not required,
don’t want to tarnish company’s image and loose
business
business
◦ Organized crimes, blackmail if the data is worth it
◦ High costs to remediate: $90 - $300 per record,
plus lost business, lost customer confidence

 Consequences to business can be
overwhelming
◦ Loss or corruption of data
◦ Loss of business
◦ Loss of productive employees’ time to remediate
◦ Loss of productive employees’ time to remediate
the problem

October 2008

 Cross Site Scripting (XSS)
 Injection Flaws
 Malicious File Execution
 Insecure Direct Object Reference
 Cross Site Request Forgery (CSRF)
Information Leakage and Improper Error
 Information Leakage and Improper Error
Handling
 Broken Authentication and Session Management
 Insecure Cryptographic Storage
 Insecure Communications
 Failure to Restrict URL Access

 XSS flaws occur whenever an application
takes user supplied data and sends it to a
web browser without first examining the
content. XSS allows attackers to execute
script in the victim’s browser which can
script in the victim’s browser which can
hijack user sessions, deface web sites,
possibly introduce worms, etc.

 Injection flaws, particularly SQL injection,
are common in web applications. Injection
occurs when user-supplied data is sent to
an interpreter as part of a command or
query. The attacker’s hostile data tricks the
query. The attacker’s hostile data tricks the
interpreter into executing unintended
commands or changing data.

 Code vulnerable to remote file inclusion
(RFI) allows attackers to include hostile
code and data, resulting in devastating
attacks, such as total server compromise.
Malicious file execution attacks affect PHP,
Malicious file execution attacks affect PHP,
XML and any framework which accepts
filenames or files from users.

 A direct object reference occurs when a
developer exposes a reference to an
internal objects, such as a file, directory,
database record, or key, as a URL or form
parameter. Attackers can manipulate those
parameter. Attackers can manipulate those
references to access other objects without
authorization.

 A CSRF attack forces a logged-on victim’s
browser to send a pre-authenticated
request to a vulnerable web application,
which then forces the victim’s browser to
perform a hostile action to the benefit of
perform a hostile action to the benefit of
the attacker. CSRF can be as powerful as
the web application that it attacks.

 Applications can unintentionally leak
information about their configuration,
internal workings, or violate privacy through
a variety of application problems. Attackers
use this weakness to steal sensitive data or
use this weakness to steal sensitive data or
conduct more serious attacks.

 Account credentials and session tokens are
often not properly protected. Attackers
compromise passwords, keys, or
authentication tokens to assume other
users’ identities.
users’ identities.

 Web applications rarely use cryptographic
functions properly to protect data and
credentials. Attackers use weakly protected
data to conduct identity theft and other
crimes, such as credit card fraud.
crimes, such as credit card fraud.

 Applications frequently fail to encrypt
network traffic when it is necessary to
protect sensitive communications.

 Frequently, an application only protects
sensitive functionality by preventing the
display of links or URLs to unauthorized
users. Attackers can use this weakness to
access and perform unauthorized
access and perform unauthorized
operations by accessing those URLs directly.

 Awareness
◦ All stakeholder must recognize the risks and work
towards mitigation
 Testing
◦ During all stages of development life cycle
◦ During all stages of development life cycle
◦ Regular interval during post deployment

 Manual
◦ Source Code – Code review
◦ Application – Penetration
 Automated
◦ Source Code – Source Code Analyzer
◦ Source Code – Source Code Analyzer
◦ Application – Vulnerability Scanners
(ebusinessmantra is a sales channel for Acunetix
– a leading web application vulnerability scanner
in the market)

 Cross Site Scripting
◦ http://testasp.acunetix.com/Search.asp
◦ Enter the following in the search field
◦ <br><br>Please login with the form below before proceeding:<form
action="destination.asp"><table><tr><td>Login:</td><td><input type=text
length=20 name=login></td></tr><tr><td>Password:</td><td><input
type=text length=20 name=password></td></tr></table><input type=submit
value=LOGIN></form>
value=LOGIN></form>
◦ A login form is displayed but the login information is sent to hacker
◦ A hacker can use the same credentials and login on the site and hack the site
◦ Email spam: Click on the link, but the link contains the code as above which would
have the same results
◦ http://testasp.acunetix.com/Search.asp?tfSearch=%3Cbr%3E%3Cbr%3EPlease+login+with+
◦ the+form+below+before+proceeding%3A%3C form+action%3D%22test.asp%22%3E%3C
◦ table%3E%3Ctr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput+type%3D
◦ text+ length%3D20+name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3Ctr%3E%3C
◦ td%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput +type%3Dtext+length%3D20
◦ +name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C%2Ftable%3E%3Cinput
◦ +type%3Dsubmit+value %3DLOGIN%3E%3C%2Fform%3E

October 2008
Source: You Tube

 Remove all javascript validation from web
page
 Enter ‘ or 1 = 1 --; in the password field
 A code that is vulnerable to SQL Injection
will return the first record in the database
will return the first record in the database
 YouTube has several demos,
◦ www.youtube.com/watch?v=MJNJjh4jORY

Web application vulnerabilities

More Related Content

What's hot

Similar to Web application vulnerabilities

Web application vulnerabilities