This document discusses various topics related to web security. It begins with an introduction to security mindsets and thinking like an attacker. It then discusses real-world examples of cyberwar between countries. It provides case studies on the Stuxnet virus. It introduces the security tools OWASP WebGoat, Web Scarab, Beef, and SET for demonstrations. It also mentions using QR codes and the future of web security.

1. Web Security

2. • Introduction to Security
• CyberWar between countries
• Owasp WebGoat&Web Scarab&demo
• Beef&demo
• SET+QR code
• Future of Web Security
Index

3. 1 Introduction
to Security

4. Security requires a particular mindset. Security
professionals -- at least the good ones -- see the
world differently. They can't walk into a store
without noticing how they might shoplift. They
can't use a computer without wondering about
the security vulnerabilities. They can't vote
without trying to figure out how to vote
twice. They just can't help it.
Schneier on Security

5. This kind of thinking is not natural for most
people. It's not natural for engineers. Good
engineering involves thinking about how
things can be made to work; the security
mindset involves thinking about how things
can be made to fail. It involves thinking like
an attacker, an adversary or a criminal. You
don't have to exploit the vulnerabilities you
find, but if you don't see the world that way,
you'll never notice most security problems.
Schneier on Security-2

6. • Israeli Bombing of Syria’s nuclear reactor
• Russia’s DDOS Attack on Estonia.
• Russia’s use of DDOS and spoofed attack to
augment their war in South Ossetia
• North Korea’s partially successful DDOS of
US government website and South Korea.
Cyberwar

7. Case Study-Stuxnet

8. • http://vimeo.com/25118844
• http://www.youtube.com/watch?v=7g0pi4J8auQ
Case Study-Stuxnet-2

9. “We are all connected on a vast global network and
whoever controls the network controls the world.”
Case Study-Stuxnet-3

10. HBGary
Sony
FBI Conference
Capture T Flag
CIA
Sabu & Tor Browser
lulzsec

11. • Sql Injection?
• String based sql injection
• Numeric based sql injection
• Concurrence?
• Xpath Injection ?
• Qr Code?
Before we start?

12. 2 Web app

13. • The OWASP Top 10 - 2013 Release Candidate includes the following changes as compared to the 2010
edition:
• A1 Injection
• A2 Broken Authentication and Session Management (was formerly A3)
• A3 Cross-Site Scripting (XSS) (was formerly A2)
• A4 Insecure Direct Object References
• A5 Security Misconfiguration (was formerly A6)
• A6 Sensitive Data Exposure (merged from former A7 Insecure Cryptographic
Storage and former A9 Insufficient Transport Layer Protection)
• A7 Missing Function Level Access Control (renamed/broadened from former A8
Failure to Restrict URL Access)
• A8 Cross-Site Request Forgery (CSRF) (was formerly A5)
• A9 Using Known Vulnerable Components (new but was part of former A6 –
Security Misconfiguration)
• A10 Unvalidated Redirects and Forwards
Owasp top ten
vulnerability

14. 3

15. Overview
• A Sql Injection attack consists of insertion or "injection" of a SQL query via
the input data from the client to the application. A successful SQL injection
exploit can read sensitive data from the database, modify
database data (Insert/Update/Delete), execute administration
operations on the database (such as shutdown the DBMS), recover the
content of a given file present on the DBMS file system and in some cases
issue commands to the operating system. SQL injection attacks are
a type of injection attack, in which SQL commands are injected
into data-plane input in order to effect the execution of predefined SQL
commands.
Sql Injection

16. Threat Modeling
• SQL injection attacks allow attackers to spoof identity, tamper with existing data,
cause repudiation issues such as voiding transactions or changing balances, allow
the complete disclosure of all data on the system, destroy the data or make it
otherwise unavailable, and become administrators of the database server.
• SQL Injection is very common with PHP and ASP applications due
to the prevalence of older functional interfaces. Due to the nature of
programmatic interfaces available, J2EE and ASP.NET
applications are less likely to have easily exploited SQL
injections.
• The severity of SQL Injection attacks is limited by the attacker’s
skill and imagination, and to a lesser extent, defense in depth
countermeasures, such as low privilege connections to the database server and so
on. In general, consider SQL Injection a high impact severity
Sql Injection-2

17. Risk Factors
• The platform affected can be:
• Language: SQL
• Platform: Any (requires interaction with a SQL database)
• Sql injection has become a common issue with database-
driven web sites. The flaw is easily detected, and easily
exploited, and as such, any site or software package with
even a minimal user base is likely to be subject to an
attempted attack of this kind.
Sql Injection-3

18. string query =
"SELECT * FROM items WHERE
owner = "'" + userName + "' AND
itemname = '" + ItemName.Text + "'";
C#
Sql Injection-4

19. Examples:
•SELECT * FROM Users WHERE username = '' OR 1=1 -- -' AND password = '';
•SELECT * FROM Users WHERE id = '' UNION SELECT 1, 2, 3`';
•
# Hash comment
/* C-style comment
-- - SQL comment
;%00 Nullbyte
` Backtick
Sql Injection-5

20. How To Solve Sql Injection Problem?
Sql injection-6

21. Parameterized Query In C#,Mysql
The purpose of these code samples is to demonstrate to the web developer
how to avoid SQL Injection when building database queries within
an web application.
Sql Injection-7

22. Demo
Sql Injection-8

23. It is a penetration testing tool that focuses on the web
browser.
Amid growing concerns about web-borne attacks against
clients, including mobile clients, BeEF allows the
professional penetration tester to assess the actual security
posture of a target environment by using client-side
attack vectors.
BEEF

24. Notable Features
• BeEF provides an integratable framework that demonstrates the
impact of browser security issues in real-time. Development has
focused on creating a modular framework. This has made module
development a quick and simple process.
• Browser exploitation modules
• Keystroke logging
• Browser proxying
• Integration with Metasploit
• Plugin detection
• Intranet service exploitation
• Phonegap modules
• Social Engineering
BEEF-2

25. DEMO
BEEF-3

27. Phishing Facebook with QR
Code

28. Java Applet Attack
The Java Applet Attack considers as one of the most successful
and popular methods for compromising a system.Popular
because we can create the infected Java applet very easily,we can
clone any site we want that will load the applet very fast and
successful because it affects all the platforms.The only difficulty
is how to deliver the Java Applet properly in order to trick our
victims.
The Java applet Attack vector affects:
Windows Systems
Linux Systems and
Mac OS X
SET

29. • http://resources.infosecinstitute.com/the-rise-of-cyber-
weapons-and-relative-impact-on-cyberspace/
• http://nakedsecurity.sophos.com/
References

30. Questions

31. Thanks for
listening...