Embed Size (px)
Citation preview
WEBSITE VULNERABILITIES
Ngan Seok ChernMCP | CEH | MVP –ASP / [email protected]://blog.scnetstudio.com
Agenda
Web application setup
Why attack
Type of attack & countermeasure
Web Application Setup
Why Attack ?
Defacing Website
Sealing credit card information
exploting server-side scripting
exploiting buffer overflow
and etc
Step
1. Scanning
2. Gather Information
3. Testing
4. Plan
5. Launch
Type of Attack
Cross-site Scripting / XSS Flaws
SQL Injection
Buffer Overflow
Directory Traversal
Error message interception attack
Web.config
and etc
Cross-site Scripting / XSS Flaws
Typically found in web applications which allowcode injection by malicious users into the webpages viewed by other users.
JavaScript is commonly used.
During an attack "everything looks fine" to theend-user.
<script> </script>
Countermeasure : Validate all your sources.
Filtering script output.
SQL Injection
SQL to manipulate database’s data Execute from address bar, queries /
searches. SELECT fieldlist FROM table
WHERE field = '$EMAIL'; SELECT fieldlist FROM table
WHERE field = 'anything' OR'x'='x';
Countermeasure: Check user input. Validate and sanitize user input that
passed to database.
Buffer Overflow
Where a process stores data in a bufferoutside the memory the programmer setaside for it.
Countermeasure:
Validate input length.
Check and pay extra care on loop function whichcarry data.
Directory Traversal
Attacker able to browse directoriesand files.
Expose the directory structure ofapplication and often the underlyingweb server and operating system.
Eg. “../Images/logo.gif”
Countermeasure: Define access right to the protected area
Apply checks/hot fixes
Update web server with patches in timelymanner
Error Message Attack
Based on error message that show.
Example:
Your password is incorrect.
Connecting to the database on ……. With …..is notunsuccessful.
Countermeasure:
Modify and display common error message.
Web.config
Connection String Information
Example: Data Source=190.190.200.100,1433;Network
Library=DBMSSOCN;InitialCatalog=myDataBase;UserID=myUsername;Password=myPassword;
Countermeasure: Encrypt your web.config. aspnet_regiis.exe -pef "connectionStrings
Name" "C:\Inetpub\wwwroot\MySite" –prov"DataProtectionConfigurationProvider”
Web.config (Original)
Web.config (Encrypted)
Summary
Programmer played important roles.
Patches your server.
Thank youQ&A
