Skip to main content

Web Security in few lines

 
 Insufficient Transport Layer Protection 
  • Authenticating over non-­‐SSL.
    • Obviously bad
  • Sending session IDs over non-­‐SSL
    • Session hijacking
    • Firesheep
  • Not sending everything over SSL
    • JavaScript injection

Insecure Cryptographic Storage
  • Obviously bad 
    • Storing passwords in plaintext. 
  • Still bad 
    • Using unsalted hashes.
    • Using raw hash function (MD5,SHA1,etc).
  • Better but not great 
    • Using a keyed hash function (HMAC-SHA1).
  • Best
    • Using a slow function (PBKDF2,bcrypt,scrypt).
 Cross-Site Request Forgery
  •  Confused deputy problem.
  •  Classic example
    •  Filelocker doesn’t have any CSRF protection.
    • Joe is a Filelocker admin.
    • I get Joe to visit a specially crafted form.
    • Joe’s browser submits form along with his cookies.
    • I not have admin
 <form method="POST" action="[path to filelocker]/admin_interface/grant_user_permission?format=json">
<input type="hidden" name="userId" value="tester" />
<input type="hidden" name="permissionId" value="admin" />
</form>
Cross-Site Scripting (XSS)
Can I inject JavaScript into your site?
  • Steal cookies –like session IDs.
  • Redirect user.
  • Abuse their permissions.
  • Users have out of date software
    • Adobe Reader? Load a PDF virus.
    • Java? Load an applet virus.
    •  Media codecs? Load a MP3 virus.
Injection 
  • Shell injection
    •  system(“$clamscan_exec $file”)
  • File injection
    •  http://example.com/index.php?page=blah
  • SQL injection
    • SELECT * FROM accounts WHERE custID=‘#{id}’
    • id “’ or ‘1’=‘1”
  • JSON injection
    • Recent popularity of NoSQL DBs.
  • LDAP injection.
Labels:

Comments

Post a Comment

Popular posts from this blog

The Difference between DB and DB_EXTENDED

When doing Audit on any table on the the database , the default auditing is DB. SQL > show parameters audit_trail NAME                                 TYPE        VALUE ------------------------------------ ----------- ------------------------------ audit_trail                          string      DB in this case , when you do audit on some table. SQL> audit all on scott.emp by access; Audit succeeded SQL> update emp set sal=sal*0.95 where job='MANAGER'; 3 rows updated. if you want to know the statement made these changes, you will receive nothing on the sql_text field while you are selecting the audit_trial table.
Post a Comment
Read more

SQL Injection Test 1

Search Google about Dork List 2013 SQL Injection Here are some from the list is :       http://tutsql.blogspot.com/2013/06/dork-list.html       http://securitypedia.blogspot.com/p/dork-list-2013_7588.html     -- choose one way of them to google it like : inurl:newsdetail.php?id=
Post a Comment
Read more

Do you think , Google makes a mistake ?

It seems Google makes a new mistake by launching its new security key (2-step verification)  one of the steps is USB device .  The question  :how come can i plug USB into my mobile (I-Phone , I-Pad , Samsung Galaxy , ....) !  Do Google know the difficulties while you are holding a USB on your hand all the time .  so You can't access  your  account if it's not in your hands. or it's damaged ?  This solution is hopeless , I think it's designed for small audience. As someone says : Can you convince the Bank Manager while you are putting the USB Device into the bank PC, that you are securing your PC , not stealing the bank data, or not transferring amounts of money to other account . or what else .  You know , This way is not quietly good , If I have many accounts on Google and other websites ,I need many  USB devices to verify myself.  That's of course , not good at all.
Post a Comment
Read more