1 / 14

Top Five Web Application Vulnerabilities

Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004. Top Five Web Application Vulnerabilities. Top 5. Top 5 vulnerabilities (src: http://software.newsforge.com/software/04/09/17/1527247.shtml?tid=78&tid=48) SQL insertion Cross Site Scripting (CSS/XSS)

lei
Download Presentation

Top Five Web Application Vulnerabilities

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004 Top Five Web Application Vulnerabilities

  2. Top 5 • Top 5 vulnerabilities (src: http://software.newsforge.com/software/04/09/17/1527247.shtml?tid=78&tid=48) • SQL insertion • Cross Site Scripting (CSS/XSS) • Session management • Default/misconfigurations • Dangerous HTTP methods

  3. SQL insertion • Problem: Trusting input from client, and passing it on to a SQL server. • E.g. :SELECT userid FROM tblusers WHERE user = ‘bleh’; EXEC master..xp_cmdshell “cmd.exe /c …”;--‘ AND pass = ‘password’

  4. SQL insertion • Form fields, URL parameters, cookies, and HTTP headers are all valid input vectors. • Solution: Define acceptable data and make it as restrictive as possible. If input data is invalid then it should be rejected.

  5. Cross Site Scripting • Problem: a Web application accepts scripting commands as input, and returns them. • The script seems to appear to originate from the vulnerable server, which the user trusts, and gives it access to all the user's cookie and session information. • Example: http://mywebsite.com/login.jsp?msg=<script>alert()</script> • Solution: Do not reflect values obtained as input back to the browser.

  6. Session management problems • Problem: the state between your browser and the Web site. • Used to track who are logged in and their access privileges. • Attackers can access restricted pages without proper authorization, or manipulate session variables to gain access to other users' accounts. • e.g. manipulating parameters in the URL

  7. Session management problems • Sessions should always be maintained on the server side. • Don't trust cookies and client-side session values • Always use a strong unique identifier instead of an integer, email address or account number/name. • Check for a valid session on each restricted access page whenever the page is requested.

  8. Session management problems • javascript shopping carts • price is often embedded in html code • 3. party money collector • it is possible to change the price (get stuff cheaper...)

  9. Default/misconfigurations(Sample apps/dir listings) • configuration and installation problems. • provides an attacker with a starting point for breaking into the server: • sample applications that are installed by default • directory listings and permissions • default software features and configurations • log and swap files

  10. Default/misconfigurations • Sample applications that are installed by default can contain information. • Disclosing scripts that may reveal Web site source code. • Directory listings can reveal files. • Default software features may have exploitable bugs. • Log files and swap files can be left over from developers editing Web application pages.

  11. Dangerous HTTP commands • PUT, DELETE, WebDAV • PUT: upload a script • DELETE: delete all the content of a site – DoS • WebDAV: methods have been used to perform buffer overflows on Windows servers.

  12. Dangerous HTTP commands cont. • To test the PUT method, use a tool like curl to attempt a file upload: curl -T test.html www.mysite.com • try to access the file • To test the DELETE method, telnet to the Web server and issue the command: DELETE / HTTP/1.0

  13. Conclusion • Security problems are caused by errors: • configuration errors • programming errors • misplaced trust (e.g. in user input) • Cryptography is failing to protect • or.. not the final answer • Awareness and theaching

More Related