SlideShare a Scribd company logo

persentation

V
vinaykumarmahla
1 of 17
Download to read offline
Online Banking Vulnerable System Web Application Umesh Kumar Computer Science and Cyber Security Police University, Jodhpur June 1, 2015 Guide:- Mr.Pankaj Sharma (Scientist,CERT-In) Umesh Kumar (SPUP) VAPT June 1, 2015 1 / 17
Content 1 Motivation 2 About my work 3 About Vulnerabilities 4 Technical Architecture 5 Home 6 Sql Injection(SQLI) 7 SQLI 8 Cross-Site Scripting 9 Cross Site Request Forgery(CSRF) 10 Session Fixation 11 TRACE Method enabled 12 Using Components with Known Vulnerabilities 13 Result 14 Conclusion 15 Thank You Umesh Kumar (SPUP) VAPT June 1, 2015 2 / 17
Motivation Today in India insecure web application is increasing exponentially so that Making secure web applications is the best interest of all organizations and keep a safe economy of the India. Umesh Kumar (SPUP) VAPT June 1, 2015 3 / 17
About my work We have design a vulnerable web application and exploit each vulnerabilities by performing the attacks in our project.Then we are update the patches related flaws or weakness based on the OWASP techniques. OBVS web application main goal is provide the concept for research student, faculties enhanced his own knowledge and penetration tester test is own skills. Umesh Kumar (SPUP) VAPT June 1, 2015 4 / 17
About Vulnerabilities Sql Injection Cross Site Scripting(XSS) Cross Site Request Forgery(CSRF) Session Fixation TRACE Method enabled Using Components with Known Vulnerabilities Umesh Kumar (SPUP) VAPT June 1, 2015 5 / 17
Technical Architecture 1 Web Functionality 1 Server-Side Functionality:- PHP 2 Client-Side Functionality:- HTML, jQuery, CSS, JavaScript, Hyperlinks 2 Backend MySQL database 3 Hosted on Windows Apache 4 Supported on WAMP or XAMPP 5 Acunetix Web Vulnerability Scanner Umesh Kumar (SPUP) VAPT June 1, 2015 6 / 17
Home Umesh Kumar (SPUP) VAPT June 1, 2015 7 / 17
Sql Injection Sql Injection Attack(SQLIA) Types 1 Tautologies 1 1=1– used with a WHERE conditional in a query. 2 SELECT * FROM registration WHERE email = ’ ’ or 1=1– and password = ’ ’. 2 Illegal/Logically Incorrect Queries 1 Attacker gather information about the Version & Structure of the back-end database of the web application. 2 Then web application return the default error page that reveal the vulnerable parameter to attacker. 3 Consequences:- Database finger printing. Umesh Kumar (SPUP) VAPT June 1, 2015 8 / 17
SQLI SQLI Prevention 1 Use mysqli real escape string( mysqli $link , string $escapestr):- function escapes special characters in a string for use in an SQL statement and must be used to make data safe before sending a query to mySQLi. 2 Use Prepared Statements with mySQLi:- Means that the SQL and the variables are sent separately and the variables are just interpreted as strings, not part of the SQL statement. Umesh Kumar (SPUP) VAPT June 1, 2015 9 / 17
Cross-Site Scripting XSS characteristics:- Attacker takes the advantage of the trust that a user has for a certain website. XSS Main Payload 1 HTML & CSS(cascading style sheet) 2 JavaScript XSS Prevention 1 filter var($var $filter $options) 2 http only cookies 3 stripslashes 4 htmlspecialchars Umesh Kumar (SPUP) VAPT June 1, 2015 10 / 17
Cross Site Request Forgery(CSRF) Attacker use the cookies of the victim browser so that it’s also called the session riding. CSRF characteristics:- Attacker takes the advantage of a website trust for a certain browser. CSRF Prevention 1 CAPTCHA verification in forms. 2 Unpredictable Synchronizer Token Pattern with user session 3 session.cookie httponly = 1 (True):- This setting prevents cookies stolen by JavaScript injection and its also called the CSRF protection key. Umesh Kumar (SPUP) VAPT June 1, 2015 11 / 17
Session Fixation Attacker already has access to a valid session and tries to force the victim to use this particular SessionID. Characteristics:- 1 SessionID in URL 2 SessionID in Cookies Prevention 1 session.use trans sid = 0(false) in your php.ini file. Otherwise it will be passed SessionID in url as a GET variable. 2 session.use only cookies = 1(True) in your php.ini file. It will only use cookies to store the session id on the client side and prevent attacks involved passing session ids in URLs. Umesh Kumar (SPUP) VAPT June 1, 2015 12 / 17
TRACE Method enabled TRACE response include the cookies which is sent by the client TRACE request. HTTP TRACE Method + XSS = XST(Cross-Site Tracing) Impact variable 1 cookies 2 authentication data Prevention 1 Use the Apache mod rewrite module to deny HTTP TRACE requests. 2 TraceEnable off causes Apache to return a 403 FORBIDDEN error to the client. Umesh Kumar (SPUP) VAPT June 1, 2015 13 / 17
Using Components with Known Vulnerabilities Apache Server-Info Enabled:- display the information about your Apache configuration. Prevention: Disable the mod info.so line in httpd.conf file. Apache-Server-Status-Enabled:- display the information about your Apache status. Prevention: Disable mod status.so Directory Listing: Apache server is configuration to display the list of files contained in this category and they are normally exposed through links on the website. Prevention: Disable mod auto index.so Umesh Kumar (SPUP) VAPT June 1, 2015 14 / 17
Result Umesh Kumar (SPUP) VAPT June 1, 2015 15 / 17
Conclusion In OBVS introducing the key issues of web application real life vulnerabilities and updates the patches regarding weakness or flaws to a certain degree. These are the current challenge of the organisation and industry, require the relevant professional qualify experts. Umesh Kumar (SPUP) VAPT June 1, 2015 16 / 17
Thank You Thank You Umesh Kumar (SPUP) VAPT June 1, 2015 17 / 17

Recommended

Security authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajSecurity authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajsathyaraj Anand
 
Mule security - authorization using spring security
Mule security - authorization using spring securityMule security - authorization using spring security
Mule security - authorization using spring securityD.Rajesh Kumar
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013testslidesha12
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sql injection course made by Cristian Alexandrescu
Sql injection course made by Cristian AlexandrescuSql injection course made by Cristian Alexandrescu
Sql injection course made by Cristian AlexandrescuCristian Alexandrescu
 
AtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlassian
 
Preventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsPreventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsMarek Majtan
 

Recommended

Security authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajSecurity authorizationusingspringsecurity-sathyaraj
Security authorizationusingspringsecurity-sathyarajsathyaraj Anand
 
Mule security - authorization using spring security
Mule security - authorization using spring securityMule security - authorization using spring security
Mule security - authorization using spring securityD.Rajesh Kumar
 
Unifi securitybugs sep2013
Unifi securitybugs sep2013Unifi securitybugs sep2013
Unifi securitybugs sep2013testslidesha12
 
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...
What is SQL Injection Attack | How to prevent SQL Injection Attacks? | Cybers...Edureka!
 
Sql injection attack
Sql injection attackSql injection attack
Sql injection attackRaghav Bisht
 
Sql injection course made by Cristian Alexandrescu
Sql injection course made by Cristian AlexandrescuSql injection course made by Cristian Alexandrescu
Sql injection course made by Cristian AlexandrescuCristian Alexandrescu
 
AtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlasCamp 2010: Securing your Plugin - Penny Wyatt
AtlasCamp 2010: Securing your Plugin - Penny WyattAtlassian
 
Preventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsPreventive Maintenance on Operating Systems
Preventive Maintenance on Operating SystemsMarek Majtan
 
Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaasPraneethchampion
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaasD.Rajesh Kumar
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Java SQL Injection
Java SQL InjectionJava SQL Injection
Java SQL InjectionHsi-Min Chen
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security IntroductionMindfire Solutions
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web SecuritySharePointRadi
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015gmaran23
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Web security 2010
Web security 2010Web security 2010
Web security 2010Alok Babu
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection Eguardian Global Services
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]Judy Ngure
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET Journal
 
Ijcet 06 10_005
Ijcet 06 10_005Ijcet 06 10_005
Ijcet 06 10_005IAEME Publication
 

More Related Content

What's hot

SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReportPhilip Salem
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryNikola Milosevic
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemEditor IJCATR
 
Java SQL Injection
Java SQL InjectionJava SQL Injection
Java SQL InjectionHsi-Min Chen
 
Spring Security
Spring SecuritySpring Security
Spring SecuritySumit Gole
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015gmaran23
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...DevDay.org
 
Web security 2010
Web security 2010Web security 2010
Web security 2010Alok Babu
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior
 
Security Function
Security FunctionSecurity Function
Security FunctionSamuel Soon
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementNikola Milosevic
 

What's hot (18)

Mule security-jaas
Mule security-jaasMule security-jaas
Mule security-jaas
 
SalemPhilip_ResearchReport
SalemPhilip_ResearchReportSalemPhilip_ResearchReport
SalemPhilip_ResearchReport
 
Mule security - jaas
Mule security - jaasMule security - jaas
Mule security - jaas
 
OWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgeryOWASP Serbia - A5 cross-site request forgery
OWASP Serbia - A5 cross-site request forgery
 
CMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer SystemCMS Website Security Threat Protection Oriented Analyzer System
CMS Website Security Threat Protection Oriented Analyzer System
 
Java SQL Injection
Java SQL InjectionJava SQL Injection
Java SQL Injection
 
Spring Security Introduction
Spring Security IntroductionSpring Security Introduction
Spring Security Introduction
 
Spring Security
Spring SecuritySpring Security
Spring Security
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - Authentication
 
ASP.NET Web Security
ASP.NET Web SecurityASP.NET Web Security
ASP.NET Web Security
 
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
Beefing Up Security In ASP.NET Dot Net Bangalore 3rd meet up on May 16 2015
 
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
[DevDay2018] Security Testing - By Thuy Nguyen, Software Engineer at Axon Act...
 
Web security 2010
Web security 2010Web security 2010
Web security 2010
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 
Security Function
Security FunctionSecurity Function
Security Function
 
Secure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusionSecure Code Warrior - Remote file inclusion
Secure Code Warrior - Remote file inclusion
 
How to identify and prevent SQL injection
How to identify and prevent SQL injection How to identify and prevent SQL injection
How to identify and prevent SQL injection
 
OWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session managementOWASP Serbia - A3 broken authentication and session management
OWASP Serbia - A3 broken authentication and session management
 

Similar to persentation

Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSIvan Ortega
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]Judy Ngure
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET Journal
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET Journal
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsInsecureLab
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesMarco Morana
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguageIRJET Journal
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackIJRESJOURNAL
 
Web application security I
Web application security IWeb application security I
Web application security IMd Syed Ahamad
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10bilcorry
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecuritySplunk
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information SecurityShannon Cuthbertson
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharSandeep Kumbhar
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsCiNPA Security SIG
 

Similar to persentation (20)

Web Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSSWeb Security - OWASP - SQL injection & Cross Site Scripting XSS
Web Security - OWASP - SQL injection & Cross Site Scripting XSS
 
Application security [appsec]
Application security [appsec]Application security [appsec]
Application security [appsec]
 
IRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability ScanIRJET- Testing Web Application using Vulnerability Scan
IRJET- Testing Web Application using Vulnerability Scan
 
Ijcet 06 10_005
Ijcet 06 10_005Ijcet 06 10_005
Ijcet 06 10_005
 
T04505103106
T04505103106T04505103106
T04505103106
 
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
IRJET- An Efficient Technique for Finding SQL Injection using Reverse Proxy S...
 
SQL Injection: Unraveling the Threats
SQL Injection: Unraveling the ThreatsSQL Injection: Unraveling the Threats
SQL Injection: Unraveling the Threats
 
OWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root CausesOWASP Top 10 And Insecure Software Root Causes
OWASP Top 10 And Insecure Software Root Causes
 
1738 1742
1738 17421738 1742
1738 1742
 
1738 1742
1738 17421738 1742
1738 1742
 
Prevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host LanguagePrevention of SQL Injection Attack in Web Application with Host Language
Prevention of SQL Injection Attack in Web Application with Host Language
 
Devoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection AttackDevoid Web Application From SQL Injection Attack
Devoid Web Application From SQL Injection Attack
 
Web application security I
Web application security IWeb application security I
Web application security I
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Using Splunk for Information Security
Using Splunk for Information SecurityUsing Splunk for Information Security
Using Splunk for Information Security
 
Web Security - CSP & Web Cryptography
Web Security - CSP & Web CryptographyWeb Security - CSP & Web Cryptography
Web Security - CSP & Web Cryptography
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
 
PwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIsPwnSchool: Exploiting Web APIs
PwnSchool: Exploiting Web APIs
 

persentation

  • 1. Online Banking Vulnerable System Web Application Umesh Kumar Computer Science and Cyber Security Police University, Jodhpur June 1, 2015 Guide:- Mr.Pankaj Sharma (Scientist,CERT-In) Umesh Kumar (SPUP) VAPT June 1, 2015 1 / 17
  • 2. Content 1 Motivation 2 About my work 3 About Vulnerabilities 4 Technical Architecture 5 Home 6 Sql Injection(SQLI) 7 SQLI 8 Cross-Site Scripting 9 Cross Site Request Forgery(CSRF) 10 Session Fixation 11 TRACE Method enabled 12 Using Components with Known Vulnerabilities 13 Result 14 Conclusion 15 Thank You Umesh Kumar (SPUP) VAPT June 1, 2015 2 / 17
  • 3. Motivation Today in India insecure web application is increasing exponentially so that Making secure web applications is the best interest of all organizations and keep a safe economy of the India. Umesh Kumar (SPUP) VAPT June 1, 2015 3 / 17
  • 4. About my work We have design a vulnerable web application and exploit each vulnerabilities by performing the attacks in our project.Then we are update the patches related flaws or weakness based on the OWASP techniques. OBVS web application main goal is provide the concept for research student, faculties enhanced his own knowledge and penetration tester test is own skills. Umesh Kumar (SPUP) VAPT June 1, 2015 4 / 17
  • 5. About Vulnerabilities Sql Injection Cross Site Scripting(XSS) Cross Site Request Forgery(CSRF) Session Fixation TRACE Method enabled Using Components with Known Vulnerabilities Umesh Kumar (SPUP) VAPT June 1, 2015 5 / 17
  • 6. Technical Architecture 1 Web Functionality 1 Server-Side Functionality:- PHP 2 Client-Side Functionality:- HTML, jQuery, CSS, JavaScript, Hyperlinks 2 Backend MySQL database 3 Hosted on Windows Apache 4 Supported on WAMP or XAMPP 5 Acunetix Web Vulnerability Scanner Umesh Kumar (SPUP) VAPT June 1, 2015 6 / 17
  • 7. Home Umesh Kumar (SPUP) VAPT June 1, 2015 7 / 17
  • 8. Sql Injection Sql Injection Attack(SQLIA) Types 1 Tautologies 1 1=1– used with a WHERE conditional in a query. 2 SELECT * FROM registration WHERE email = ’ ’ or 1=1– and password = ’ ’. 2 Illegal/Logically Incorrect Queries 1 Attacker gather information about the Version & Structure of the back-end database of the web application. 2 Then web application return the default error page that reveal the vulnerable parameter to attacker. 3 Consequences:- Database finger printing. Umesh Kumar (SPUP) VAPT June 1, 2015 8 / 17
  • 9. SQLI SQLI Prevention 1 Use mysqli real escape string( mysqli $link , string $escapestr):- function escapes special characters in a string for use in an SQL statement and must be used to make data safe before sending a query to mySQLi. 2 Use Prepared Statements with mySQLi:- Means that the SQL and the variables are sent separately and the variables are just interpreted as strings, not part of the SQL statement. Umesh Kumar (SPUP) VAPT June 1, 2015 9 / 17
  • 10. Cross-Site Scripting XSS characteristics:- Attacker takes the advantage of the trust that a user has for a certain website. XSS Main Payload 1 HTML & CSS(cascading style sheet) 2 JavaScript XSS Prevention 1 filter var($var $filter $options) 2 http only cookies 3 stripslashes 4 htmlspecialchars Umesh Kumar (SPUP) VAPT June 1, 2015 10 / 17
  • 11. Cross Site Request Forgery(CSRF) Attacker use the cookies of the victim browser so that it’s also called the session riding. CSRF characteristics:- Attacker takes the advantage of a website trust for a certain browser. CSRF Prevention 1 CAPTCHA verification in forms. 2 Unpredictable Synchronizer Token Pattern with user session 3 session.cookie httponly = 1 (True):- This setting prevents cookies stolen by JavaScript injection and its also called the CSRF protection key. Umesh Kumar (SPUP) VAPT June 1, 2015 11 / 17
  • 12. Session Fixation Attacker already has access to a valid session and tries to force the victim to use this particular SessionID. Characteristics:- 1 SessionID in URL 2 SessionID in Cookies Prevention 1 session.use trans sid = 0(false) in your php.ini file. Otherwise it will be passed SessionID in url as a GET variable. 2 session.use only cookies = 1(True) in your php.ini file. It will only use cookies to store the session id on the client side and prevent attacks involved passing session ids in URLs. Umesh Kumar (SPUP) VAPT June 1, 2015 12 / 17
  • 13. TRACE Method enabled TRACE response include the cookies which is sent by the client TRACE request. HTTP TRACE Method + XSS = XST(Cross-Site Tracing) Impact variable 1 cookies 2 authentication data Prevention 1 Use the Apache mod rewrite module to deny HTTP TRACE requests. 2 TraceEnable off causes Apache to return a 403 FORBIDDEN error to the client. Umesh Kumar (SPUP) VAPT June 1, 2015 13 / 17
  • 14. Using Components with Known Vulnerabilities Apache Server-Info Enabled:- display the information about your Apache configuration. Prevention: Disable the mod info.so line in httpd.conf file. Apache-Server-Status-Enabled:- display the information about your Apache status. Prevention: Disable mod status.so Directory Listing: Apache server is configuration to display the list of files contained in this category and they are normally exposed through links on the website. Prevention: Disable mod auto index.so Umesh Kumar (SPUP) VAPT June 1, 2015 14 / 17
  • 15. Result Umesh Kumar (SPUP) VAPT June 1, 2015 15 / 17
  • 16. Conclusion In OBVS introducing the key issues of web application real life vulnerabilities and updates the patches regarding weakness or flaws to a certain degree. These are the current challenge of the organisation and industry, require the relevant professional qualify experts. Umesh Kumar (SPUP) VAPT June 1, 2015 16 / 17
  • 17. Thank You Thank You Umesh Kumar (SPUP) VAPT June 1, 2015 17 / 17