An Introduction to Web Security for beginners...
An Introduction to Web Security for beginners...
But why Security?
- There is a hack attack every 39 seconds
- • The average cost of a data breach in 2020 will exceed $150 million
- • $2 trillion total in 2019
- • $6 trillion is expected to be spent globally on cybersecurity by 2021
- • Cybersecurity jobs worldwide will reach 3.5 million by 2021
"Cybercrime is the greatest threat to every company in the world "
How to define security?
“Human stupidity is the biggest vulnerability.”
What should you know, as a Developer?
Top 8 web security threats
- 1. Injection
- SQL Injection
- command Injection
- XML Injection
- LDAP Injection
1.1.SQL Injection
Normal input: http://www.example.com/?user_id= 1
Malicious input: http://www.example.com/?user_id=1’ or 1=‘1
Backend Query:
‘select * from users where user_id=1’
Manipulated Query:
‘select * from users where user_id=1’ or 1=‘1’ (always true)
2.1. command Line Injection
Normal input: http://www.example.com/?ip_addr=134.32.34.11
Malicious input: http://www.example.com/?ip_addr=134.32.34.11&dir
Backend Query:
ping 134.32.34.11
Manipulated Query:
ping 134.32.34.11&dir
“A user input is always malicious”
2. 2.Broken Authentication
Broken Authentication
1. URL Exposure:http://www.example.com/user/101/?session=234739jf7932th0f
2. Weak Session IDs
3. Set-Cookie: eyt3nfo (fixation)
4. Session Hijacking
http://website.kom/<script>document.cookie=”sessionid=abcd”;</script>
Broken Authentication
5. Weak Remember Password Cookie: session=234nf83h34t; password=something
6. Successive login attempts
7. Email verification
8. Weak Username/ Password policies (charset, length)
“Your Identity is everything.”
2.3. Sensitive Data Exposure
Sensitive Data Exposure
1. HTTPS
2. HTTP Strict Transport Policy (hack-yourself-first.com) http:/ / google.com https:/ / google.com
Sensitive Data Exposure
1. In transit: 1. Plain text
2. Stored data exposure
2.1. Storing passwords in plain text
2.2 No hashing
2.3. No salting
3. Cookies Secure flag
“Don’t tell everything you know.”
4. Cross-Site Scripting (XSS)
Cross-Site Scripting
1. Reflected
2. Stored
3. DOM Based
Cross-Site Scripting
1. Injecting arbitrary JavaScript codes in input strings
Normal URL : http:/ / somesite.com/ ?user=John HTML:
<body>
<h1>Welcome John!</ h1>
</ body>
Cross-Site Scripting
2. Permanently store
malicious JS code in DB Malicious Request :
POST / comment.php HTTP/
1.1 Host: somesite.com
Content-length: 2352
Content-type:
text/ html Accept: */ *
user=John&comment=<script>alert(‘XSS’)</ script>
“Never play with JavaScript.”
5. Security Misconfigurations
Security Misconfigurations
1. Not changing default passwords
- 1. admin/ admin
- 2. admin/ password
- 3. root/ password
- 4. login/ password
2. Directory access enabled
3. Debug mode enabled
4. Errors/ stack traces
Security Misconfigurations
5. Unvalidated Host Header Injections
“Did you check the closet.”
6. Cross-Site Request Forgery (CSRF)
Cross-Site Request Forgery
1. GET Scenario
GET http:/ /bank.com/ transfer.do?acct=BOB&amount=100 HTTP/ 1.1 <img src="http:/ / bank.com/transfer.do?acct=MARIA&amount=100000" width="0" height="0" border="0">
2. POST
Scenario POST http:/ / bank.com/ transfer.do HTTP/ 1.1 acct=BOB&amount=100
Cross-Site Request Forgery
1. Causes:
1. No request tokens
2. No per session tokens
3. CORS Enabled
7. Unvalidated Redirects and Forwards
Unvalidated Redirects and Forwards
1. Some pages use a parameter to indicate where the user
should be sent if a transaction is successful. http:/ /www.example.com/
boring.jsp?fwd=student.jsp http:/ / www.example.com/ boring.jsp?fwd=admin.jsp
2.
Open Redirects https:/ /example.com/ redirect.php https:/ / example.com/ redirect.php?go=http:/ / attacker.com/ phish/
“Don’t flow with the Internet.”
8. Insecure Direct Object Reference (IDOR)
Insecure Direct Object Reference
Insecure Direct Object Reference
1. When a reference to an internal implementation object, such as a file or database key, is exposed to users
“Don’t let users spoil your abstraction.”
Thank You!!!
Comments
Post a Comment