19

Owasp Serbia: sqli,xss

Embed Size (px)

DESCRIPTION

Predrag Cujanovic from OWASP Serbia talking about Cross site scripting, SQL injection and insecure cryptographic storage. Presentation was held on 9.7.2012. on faculty of Electrical Engineering, University of Belgrade.

Citation preview

Page 1: Owasp Serbia: sqli,xss
Page 2: Owasp Serbia: sqli,xss

Predrag Cujanović

Kontakt• mail: [email protected] • blog: http://www.cujanovic.com• tw: http://www.twitter.com/cujanovic • fb: http://www.facebook.com/predrag.cujanovic

Page 3: Owasp Serbia: sqli,xss

Sadržaj:

•Cross side scripting (XSS) napad• SQL injection (SQLi) napad• Insecure cryptographic storage•Primeri

Page 4: Owasp Serbia: sqli,xss

Cross side scripting (XSS) napad

• Šta je XSS napad?• Tipovi XSS napada•Opasnost XSS napada• Kako sprečiti XSS napad?

Page 5: Owasp Serbia: sqli,xss

Šta je XSS napad?

Page 6: Owasp Serbia: sqli,xss

Tipovi XSS napada

• Non-Persistent (Reflected)• Persistent (Stored)• DOM Based

Page 7: Owasp Serbia: sqli,xss

Opasnost XSS napada

XSS Shell

Page 8: Owasp Serbia: sqli,xss
Page 9: Owasp Serbia: sqli,xss

Opasnost XSS napada

Cookie stealing

Phishing

Page 10: Owasp Serbia: sqli,xss

Kako sprečiti XSS napad?

• Filtriranjem podataka preko već predefinisanih php funkcija:

strip_tags, htmlspecialchars, htmlentities

• Izbegavati pisanje sopstvenih funkcija samo za ovu namenu

Page 11: Owasp Serbia: sqli,xss

SQL injection (SQLi) napad

Šta je SQLi napad? Tipovi SQLi napada Opasnost SQLi napada Kako sprečiti SQLi napad?

Page 12: Owasp Serbia: sqli,xss

Šta je SQLi napad?

Page 13: Owasp Serbia: sqli,xss

Tipovi SQLi napada

Incorrectly filtered escape characters(SELECT * FROM users WHERE name = '' OR '1'='1' -- ';)

Incorrect type handling(SELECT * FROM userinfo WHERE id=1;DROP TABLE users;)

Blind SQL injection(SELECT booktitle FROM booklist WHERE bookId = 'OOk14cd' AND '1'='1';)

Time Based SQL injection (download_key=1' AND 6424=BENCHMARK(5000000,MD5(CHAR(102,100,78,99))) AND 'uzOQ'='uzOQ)

Page 14: Owasp Serbia: sqli,xss

Opasnost SQLi napada

Pristup podacima u bazi (UNION SELECT 1,2,3,4--)

Izmena, brisanje podataka u bazi – DROP users;

Čitanje fajlova - load_file('/etc/passwd') ili load_file(0x2f6574632f706173737764) funkcija

Pravnjenje novih fajlova - INTO OUTFILE '/var/www/victim.com/shell.php'

Page 15: Owasp Serbia: sqli,xss

Kako sprečiti SQLi napad?

mysql_real_escape_string funkcija

is_numeric funkcija

cast to int – (int)

Page 16: Owasp Serbia: sqli,xss

Insecure cryptographic storage

Page 17: Owasp Serbia: sqli,xss

Insecure cryptographic storage

0. koristiti neki hash algoritam

1. ne korisiti zastrarele hash algoritme (md5 je zvanično mrtav)

2. korisiti salt, najbolje ih ne čuvati u bazi (primer Wordpress)

3. korisiti dva različita hash algoritma (sha1($salt.(des($salt.$pass.$salt))))

Page 18: Owasp Serbia: sqli,xss

Insecure cryptographic storage oclHashcat-plus

Page 19: Owasp Serbia: sqli,xss

Hvala na pažnji :)

Pitanja?


Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,

Documents
Security of National eID (smartcard-based) Web Applications of National eID (smartcard-based) Web... · •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management? OWASP

Security of National eID (smartcard-based) Web Applications of National eID (smartcard-based) Web... · •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management? OWASP

Documents
XXE Exposed: SQLi, XSS, XXE and XEE against Web Services

XXE Exposed: SQLi, XSS, XXE and XEE against Web Services

Technology
Web Application Security: SQL-injection, Cross Site ... · SQLi und XSS -- w3af 2 Proseminar - Werkzeugunterstützung für sichere Software Web 2.0 Application und Angriffspunkte

Web Application Security: SQL-injection, Cross Site ... · SQLi und XSS -- w3af 2 Proseminar - Werkzeugunterstützung für sichere Software Web 2.0 Application und Angriffspunkte

Documents
OWASP Presentation Template...XSS que podrían ser utilizadas para robar identificadores de sesión. OWASP Top 10, 2010 A4 ... OWASP Presentation Template Author OWASP Foundation Created

OWASP Presentation Template...XSS que podrían ser utilizadas para robar identificadores de sesión. OWASP Top 10, 2010 A4 ... OWASP Presentation Template Author OWASP Foundation Created

Documents
Owasp Indy Q2 2012 Advanced SQLi

Owasp Indy Q2 2012 Advanced SQLi

Technology
THEXSS ULTIMATE - OWASP Xenotix XSS Exploit … Ultimate XSS Protection Cheat Sheet for... · XSS or Cross Site Scripting is a web application vulnerability that occurs when untrusted

THEXSS ULTIMATE - OWASP Xenotix XSS Exploit … Ultimate XSS Protection Cheat Sheet for... · XSS or Cross Site Scripting is a web application vulnerability that occurs when untrusted

Documents
Development Security Web Application...OWASP OWASP Top 10-2013 (Select few) A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A6-Sensitive

Development Security Web Application...OWASP OWASP Top 10-2013 (Select few) A1-Injection A2-Broken Authentication and Session Management A3-Cross-Site Scripting (XSS) A6-Sensitive

Documents
XSS SQLi sigurnost

XSS SQLi sigurnost

Documents
OWASP TOP 10 FOR JAVA EE THE TEN MOST CRITICAL WEB … · 2020-01-17 · OWASP Top 10 2007 5 SUMMARY A1 – Cross Site Scripting (XSS) XSS flaws occur whenever a Java EE application

OWASP TOP 10 FOR JAVA EE THE TEN MOST CRITICAL WEB … · 2020-01-17 · OWASP Top 10 2007 5 SUMMARY A1 – Cross Site Scripting (XSS) XSS flaws occur whenever a Java EE application

Documents
OWASP TOP 10 FOR JAVA EE THE TEN MOST CRITICAL WEB ... · A1 – CROSS SITE SCRIPTING (XSS) Cross site scripting, better known as XSS, is in fact a subset of HTML injection. XSS is

OWASP TOP 10 FOR JAVA EE THE TEN MOST CRITICAL WEB ... · A1 – CROSS SITE SCRIPTING (XSS) Cross site scripting, better known as XSS, is in fact a subset of HTML injection. XSS is

Documents
Finding DOMXSS With DOMinator - OWASP · OWASP Goteborg Nov. 2011 Agenda DOM Based XSS JS Sources & Sinks Analysis of interesting examples DOMinator Some stats

Finding DOMXSS With DOMinator - OWASP · OWASP Goteborg Nov. 2011 Agenda DOM Based XSS JS Sources & Sinks Analysis of interesting examples DOMinator Some stats

Documents
OWASP Japan 2 nd local chapter meeting Short talk of XSS Jun 27 2012 Yosuke HASEGAWA 短いXSSの話

OWASP Japan 2 nd local chapter meeting Short talk of XSS Jun 27 2012 Yosuke HASEGAWA 短いXSSの話

Documents
Unraveling some of the Mysteries around DOM-based XSS · 2020-01-17 · Unraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Boardmember OWASP

Unraveling some of the Mysteries around DOM-based XSS · 2020-01-17 · Unraveling some of the Mysteries around DOM-based XSS Dave Wichers Aspect Security, COO OWASP Boardmember OWASP

Documents
Introduction to InfoSec SQLI & XSS (R10+11) - TAU to InfoSec – SQLI & XSS (R10+11) ... • SQL Injection in a Nutshell. ... • jQuery is the most popular Javascript library used

Introduction to InfoSec SQLI & XSS (R10+11) - TAU to InfoSec – SQLI & XSS (R10+11) ... • SQL Injection in a Nutshell. ... • jQuery is the most popular Javascript library used

Documents
Analysis of Deadly Combination of XSS ... - OWASP FoundationAnalysis of Deadly Combination of XSS and CSRF OWASP Top 10 - Session 1 Modified for OWASP Tampa Day 2011 Sherif Koussa

Analysis of Deadly Combination of XSS ... - OWASP FoundationAnalysis of Deadly Combination of XSS and CSRF OWASP Top 10 - Session 1 Modified for OWASP Tampa Day 2011 Sherif Koussa

Documents
AND EXPLOITING XSS WITH OWASP XENOTIX XSS EXPLOIT FRAMEWORK V3 AJIN ABRAHAM nlu nullcon security conference -01 Pqezl nlu EXPLOTATION FRAMEWORK nullcon -01 Pqezl Goa http

AND EXPLOITING XSS WITH OWASP XENOTIX XSS EXPLOIT FRAMEWORK V3 AJIN ABRAHAM nlu nullcon security conference -01 Pqezl nlu EXPLOTATION FRAMEWORK nullcon -01 Pqezl Goa http

Documents
AppSec at DevOps Speed and Portfolio Scale OWASP... · Application Security at DevOps Speed and Portfolio Scale Jeff Williams @planetlevel Contrast Security. OWASP XSS Prevention

AppSec at DevOps Speed and Portfolio Scale OWASP... · Application Security at DevOps Speed and Portfolio Scale Jeff Williams @planetlevel Contrast Security. OWASP XSS Prevention

Documents
Cross Site Scripting (XSS) and PHP Securitynyphp.org › resources › PHP-XSS-OWASP-Security.pdf · Cross Site Scripting (XSS) and PHP Security Anthony Ferrara NYPHP and OWASP Security

Cross Site Scripting (XSS) and PHP Securitynyphp.org › resources › PHP-XSS-OWASP-Security.pdf · Cross Site Scripting (XSS) and PHP Security Anthony Ferrara NYPHP and OWASP Security

Documents
Content Security Policy jako ochrona przed skutkami ataków XSS · Content Security Policy jako ochrona przed skutkami ataków XSS owasp@niebezpiecznik.pl

Content Security Policy jako ochrona przed skutkami ataków XSS · Content Security Policy jako ochrona przed skutkami ataków XSS [email protected]

Documents
Exploiting Vulnerabilities: SQLi, XSS, XXE, File Injection · 2/22/2019  · Greetings to you Greetings to you ... us all. XSS. XSS Where user data is echoed verbatim on a page What

Exploiting Vulnerabilities: SQLi, XSS, XXE, File Injection · 2/22/2019  · Greetings to you Greetings to you ... us all. XSS. XSS Where user data is echoed verbatim on a page What

Documents
Bypass SOP, Theft Your Data - XSS Allstars from Japan / OWASP AppSec APAC 2014

Bypass SOP, Theft Your Data - XSS Allstars from Japan / OWASP AppSec APAC 2014

Documents
The OWASP Foundation OWASP Cross Site Scripting (XSS) Exploits

The OWASP Foundation OWASP Cross Site Scripting (XSS) Exploits

Documents
Web Security - OWASP - SQL injection & Cross Site Scripting XSS

Web Security - OWASP - SQL injection & Cross Site Scripting XSS

Software
libinjection : SQLi から XSS へ by ニック・ガルブレス

libinjection : SQLi から XSS へ by ニック・ガルブレス

Technology
ThunderMail 제품개서 · owasp top 10 a1 –인젝션 a2 –인증및세션관리취약 a3 –크로스사이트스크립팅(xss) a4 –취약한직 객체참조 a5 –보안설정오류

ThunderMail 제품개서 · owasp top 10 a1 –인젝션 a2 –인증및세션관리취약 a3 –크로스사이트스크립팅(xss) a4 –취약한직 객체참조 a5 –보안설정오류

Documents
Owasp Top 10 A3: Cross Site Scripting (XSS)

Owasp Top 10 A3: Cross Site Scripting (XSS)

Technology
A talk by 13-06-2014, - OWASP · 1. PHP 2. XSS 3. Testing Methodology 4. Per-Context XSS Attack Methodology 5. Summarize PHP's findings (includes built-in functions, customized XSS

A talk by 13-06-2014, - OWASP · 1. PHP 2. XSS 3. Testing Methodology 4. Per-Context XSS Attack Methodology 5. Summarize PHP's findings (includes built-in functions, customized XSS

Documents
CROSS SITE SCRIPTING (XSS) ATTACKS - OWASP · What is XSS Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSSdiffers

CROSS SITE SCRIPTING (XSS) ATTACKS - OWASP · What is XSS Cross site scripting (XSS) is a common attack vector that injects malicious code into a vulnerable web application. XSSdiffers

Documents
Security of National eID (smartcard-based) Web Applicationssmartcard-based)_W… · Secure Web-App Session Management •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management?

Security of National eID (smartcard-based) Web Applicationssmartcard-based)_W… · Secure Web-App Session Management •Top web vulnerabilities: SQLi, XSS, CSRF… –Session management?

Documents