Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Web Application Security 101 - 06 Authentication

23,527 views

Published on

In part 6 of Web Application Security 101 we will look into vulnerabilities effecting the authentication system. You will learn about password bruteforce attacks, cracking captures, bypassing the login system and more.

Published in: Software
  • Be the first to comment

Web Application Security 101 - 06 Authentication

  1. 1. Authentication Breaking through the front door.
  2. 2. Types Of Authentication Standard: Basic, Digest, HTLM. Custom: Login Forms, APIs, OpenID, OAuth, etc.
  3. 3. Types Of Vulnerabilities Information Leakage Default Password Account Bruteforce Password Reset Abuse Authentication Bypass Man-in-the-middle (MITM) Denial Of Service (DoS)
  4. 4. Information Leakage Username enumeration via error messages. Usernames are public information: e.g. sharepoint. Usernames can be guessed: e.g. firstname.lastname.
  5. 5. Default Passwords Available in product manuals and online. Guessing attacks by combining org name, etc. Install the product to check for hidden accounts.
  6. 6. Account Bruteforce Trying various username/password combinations. Changing between horizontal and vertical bruteforce.
  7. 7. Account Lockout The number of incorrect attempts allowed before locking the account. When accounts can be locked indefinitely this means Denial of Service. The application needs to employ captchas plus temporary account lockouts
  8. 8. Case Sensitivity Accounts may not be case sensitive at all. This increases the chances of successful bruteforce.
  9. 9. Password Reset Abuse Depending how it is implemented it may be used for account hijack attacks Probably vulnerable if relays on security questions as they are easy to guess
  10. 10. Hacking Webmail 101 An exercise of how well you know the victim.
  11. 11. Authentication Bypass A-to-C. SQL injection. Business logic flaws.
  12. 12. A-to-C Typical in some home rounters. Works like this: a, b(skipping), c.
  13. 13. SQL Injection Typical attacks like ' or 1=1--. SELECT username,password WHERE username='' or 1=1--' AND PASSWORD=''
  14. 14. Business Logic Flaws Any logic flow that can be used to bypass the login. Cookie: is_authenticated=1
  15. 15. Man-in-the-middle (MITM) Works by attacking the network layer. tcpdump -A -i en1 tcpflow -i en1 Require ARP poisoning, DNS hijacking and other low-level network attacks.
  16. 16. Denial Of Services (DoS) Works by locking out all accounts. Most effective if there is no automated account unlock process.
  17. 17. To Summarize There are many ways to authenticated. Some methods are typically weaker than others. Some applications support more than one ways to authenticate. There are many types of attack like bruteforce, bypass, MITM and DoS.
  18. 18. Lab Let's try some of these attacks for real.

×