Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
0                  !!#wasbookWebApplicationSecurityStudy    #wassta
Who are you ?• @tnantoka•• bornneet.com• JavaScript  • looseleaf  • jsany
Node
#wasbook ?• @ockeghem•••             …                    http://zapanet.info/blog/item/2128
•   1    Web•   2•   3    Web        HTTP•   4    Web•   5•   6•   7                Web•   8    Web•   9          Web
•   1    Web•   2•   3    Web        HTTP•   4    Web•   5•   6•   7                Web•   8    Web•   9          Web
Let’s start!※ #wasbook blog.bornneet.com                     w
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter1vulnerability
••“   ”
•    • check & fix•    •
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter2Setup
for Windows• #wasbook
for mac• #wasbook            mac • http://blog.bornneet.com/Entry/306/• @ockeghem          reply
VMware• 30•                   4000• http://www.act2.com/products/fusion3.html
Local Proxy• HTTP  •    ••  • tamper data
Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
Chapter3Basis
HTTP
HTTPclient          server
HTTPclient                   server          HTTP Request
HTTPclient                    server          HTTP Request          HTTP Response
HTTP RequestGET /index.html HTTP/1.1 rnHost: www.bornneet.com rnUser-Agent: Mozilla/5.0 (Macintosh; ... Firefox/4.0 rnAcce...
HTTP ResponseHTTP/1.1 200 OK rnDate: Mon, 11 Apr 2011 14:03:03 GMT rnServer: Apache rnX-Powered-By: ModLayout/3.2.1 rnCach...
Status code• 2XX:• 3XX:• 4XX:• 5XX:
Headers• UserAgent• Content-Type• Conetnt-Length• Set-Cookie• Cookie• and more...
Version• HTTP 1.0 •• HTTP 1.1 • Host • keep-alive • Chunked • and more...
Method• GET • QueryString • •             URI •
• POST • Body • • •
•    • PUT    • DELETE
• Request•           …
• Request•           …
REST vs SOAP• REST •              URI • •   “Web       ”• SOAP •       POST
Session
Statelessclient               server
Statelessclient     @tnantoka                          server           HTTP Request
Statelessclient     @tnantoka                           server           HTTP Request             @tnantoka           HTTP...
client   server
client                  server         HTTP Request
client                   server         HTTP Request         HTTP Response
Cookieclient            server
Cookieclient    @tnantoka                         server          HTTP Request
Cookieclient    @tnantoka                         server          HTTP Request                              SessionID     ...
Cookieclient     @tnantoka                              server          HTTP Request                                   Ses...
client   server
client                    server         HTTP Request         Cookie: 123abc
client                    server         HTTP Request         Cookie: 123abc                               SessionID      ...
client                    server         HTTP Request         Cookie: 123abc                               SessionID      ...
ID• ! && ! && ! • • • Cookie   • Secure, HttpOnly... •
• Basic•  • base64•• SSL
same origin policy
Sandbox• browser
Same origin policy• JavaScript  • FQDN  • Scheme  • Port number•
Cross-domain• <script>• <img>• <frame>• <form>•• src=”          ”
• http://hamachiya.com/junk/cj.html••• X-Frame-Options           meta
AppendixTLS/SSL
SSL ? TLS ?• SSL          by Netscape•       →TLS••
Layer5         HTTP                / HTTP  SSL  TCP  IP
https://www.verisign.co.jp/repository/faq/SSL/https.html
Hybrid•    •    ••    •
•• CA•
CA
CA
CA
CA
Hash       CA
CAHash       CA
CAHash       CA
CAHash       CA
CAHash       CA
Hash
HashCA
Hash     DecryptCA
Hash     DecryptCA
Hash               equal?     DecryptCA
EV•••    •
CA    CA-1(   CA-2)
2011/3• CA    • mail.google.com, login.skype.com...••
• #wasbook•
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
第0回ワススタ!! #wasbookを読もう
Upcoming SlideShare
Loading in …5
×

第0回ワススタ!! #wasbookを読もう

2,026 views

Published on

#wasbook読書会(#wassta) 第0回の発表資料です。

Published in: Technology
  • Be the first to comment

第0回ワススタ!! #wasbookを読もう

  1. 1. 0 !!#wasbookWebApplicationSecurityStudy #wassta
  2. 2. Who are you ?• @tnantoka•• bornneet.com• JavaScript • looseleaf • jsany
  3. 3. Node
  4. 4. #wasbook ?• @ockeghem••• … http://zapanet.info/blog/item/2128
  5. 5. • 1 Web• 2• 3 Web HTTP• 4 Web• 5• 6• 7 Web• 8 Web• 9 Web
  6. 6. • 1 Web• 2• 3 Web HTTP• 4 Web• 5• 6• 7 Web• 8 Web• 9 Web
  7. 7. Let’s start!※ #wasbook blog.bornneet.com w
  8. 8. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
  9. 9. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
  10. 10. Chapter1vulnerability
  11. 11. ••“ ”
  12. 12. • • check & fix• •
  13. 13. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
  14. 14. Chapter2Setup
  15. 15. for Windows• #wasbook
  16. 16. for mac• #wasbook mac • http://blog.bornneet.com/Entry/306/• @ockeghem reply
  17. 17. VMware• 30• 4000• http://www.act2.com/products/fusion3.html
  18. 18. Local Proxy• HTTP • •• • tamper data
  19. 19. Index• Chapter1• Chapter2• Chapter3 • HTTP • Session • Same origin policy• Appendix
  20. 20. Chapter3Basis
  21. 21. HTTP
  22. 22. HTTPclient server
  23. 23. HTTPclient server HTTP Request
  24. 24. HTTPclient server HTTP Request HTTP Response
  25. 25. HTTP RequestGET /index.html HTTP/1.1 rnHost: www.bornneet.com rnUser-Agent: Mozilla/5.0 (Macintosh; ... Firefox/4.0 rnAccept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 rnAccept-Language: ja,en-us;q=0.7,en;q=0.3 rnAccept-Encoding: gzip, deflate rnAccept-Charset: Shift_JIS,utf-8;q=0.7,*;q=0.7 rnKeep-Alive: 115 rnConnection: keep-alive rnCookie: ... rnrn
  26. 26. HTTP ResponseHTTP/1.1 200 OK rnDate: Mon, 11 Apr 2011 14:03:03 GMT rnServer: Apache rnX-Powered-By: ModLayout/3.2.1 rnCache-Control: no-cache rnConnection: close rnContent-Type: text/html rnContent-Encoding: gzip rnContent-Length: 41 rnrn<html><body>Hello, wasbook!</body></html>
  27. 27. Status code• 2XX:• 3XX:• 4XX:• 5XX:
  28. 28. Headers• UserAgent• Content-Type• Conetnt-Length• Set-Cookie• Cookie• and more...
  29. 29. Version• HTTP 1.0 •• HTTP 1.1 • Host • keep-alive • Chunked • and more...
  30. 30. Method• GET • QueryString • • URI •
  31. 31. • POST • Body • • •
  32. 32. • • PUT • DELETE
  33. 33. • Request• …
  34. 34. • Request• …
  35. 35. REST vs SOAP• REST • URI • • “Web ”• SOAP • POST
  36. 36. Session
  37. 37. Statelessclient server
  38. 38. Statelessclient @tnantoka server HTTP Request
  39. 39. Statelessclient @tnantoka server HTTP Request @tnantoka HTTP Response
  40. 40. client server
  41. 41. client server HTTP Request
  42. 42. client server HTTP Request HTTP Response
  43. 43. Cookieclient server
  44. 44. Cookieclient @tnantoka server HTTP Request
  45. 45. Cookieclient @tnantoka server HTTP Request SessionID 123abc @tnantoka
  46. 46. Cookieclient @tnantoka server HTTP Request SessionID @tnantoka 123abc HTTP Response @tnantoka Set-Cookie: 123abc
  47. 47. client server
  48. 48. client server HTTP Request Cookie: 123abc
  49. 49. client server HTTP Request Cookie: 123abc SessionID 123abc... @tnantoka!
  50. 50. client server HTTP Request Cookie: 123abc SessionID 123abc... @tnantoka @tnantoka! HTTP Response
  51. 51. ID• ! && ! && ! • • • Cookie • Secure, HttpOnly... •
  52. 52. • Basic• • base64•• SSL
  53. 53. same origin policy
  54. 54. Sandbox• browser
  55. 55. Same origin policy• JavaScript • FQDN • Scheme • Port number•
  56. 56. Cross-domain• <script>• <img>• <frame>• <form>•• src=” ”
  57. 57. • http://hamachiya.com/junk/cj.html••• X-Frame-Options meta
  58. 58. AppendixTLS/SSL
  59. 59. SSL ? TLS ?• SSL by Netscape• →TLS••
  60. 60. Layer5 HTTP / HTTP SSL TCP IP
  61. 61. https://www.verisign.co.jp/repository/faq/SSL/https.html
  62. 62. Hybrid• • •• •
  63. 63. •• CA•
  64. 64. CA
  65. 65. CA
  66. 66. CA
  67. 67. CA
  68. 68. Hash CA
  69. 69. CAHash CA
  70. 70. CAHash CA
  71. 71. CAHash CA
  72. 72. CAHash CA
  73. 73. Hash
  74. 74. HashCA
  75. 75. Hash DecryptCA
  76. 76. Hash DecryptCA
  77. 77. Hash equal? DecryptCA
  78. 78. EV••• •
  79. 79. CA CA-1( CA-2)
  80. 80. 2011/3• CA • mail.google.com, login.skype.com...••
  81. 81. • #wasbook•

×