Академический Документы
Профессиональный Документы
Культура Документы
Toolkit
16
Who is at risk?
Client: browsers
Complex systems
Plug-ins, extensions
Server authentication
JavaScript and paid ads ease of propagating
malicious code
Never trust a client on the server side
Never trust a browser on the client side
17
Improve client security
Install patches to the browser
Update commonly used plug-ins
Eliminate unused plug-ins
Heed your browser warnings
Make antivirus software watch browser and
downloads
Clear history, stored files, and cookies
If a file is not signed and trusted, dont download it
18
Improve server side
security
Never execute client input as code
Never allow client input to pass into the system without
validating it internally
Scrub client input for any known exploits and suspect characters
Keep a layer of indirection between client input received and the
system
Manage sessions from inside the trust boundary and not on the
client side
Never encode secrets of functional variables in information sent
to the clies.
19
Web Application
Vulnerabilities
21
XSS
23
Cross-site request
forgery
Exploits the trust between server and client machine
Mostly http requests and responses
Based on how web pages are delivered along with
images and other web content
Prevent CSRF
26
Avoid file upload
problems
System should determine file name
Do not allow users to access the folders where content
is uploaded
Parse file extensions carefully or set your own file
parser
White list extensions
Be secure with the .htaccess file (controls accesses to
the files on the server
27
Adobe Flash
28
Ways of Attacking
Applications
Use of a web browser only
Use of an intercepting web proxy
Use of a standalone application scanner
Intercepting proxy
Achilles proxy: early, basic proxy, standalone
application, displayed each request and response for
editing
Modern proxies:
Highly functional tool suits
Several interconnected tools to facilitate common
tasks of attacks
Useful for both defense and offense
IE
Target application
Attacker
Toolkit: monitors interaction between the attacker and the target
application. Stores all requests and responses and all details
about the target application.
1. An intercepting proxy
2. A web application spider
3. A customizable web application fuzzer
4. A vulnerability scanner
5. A manual request tool
6. Functions for analyzing session cookies and tokens
7. Other functions and utilities
HTTPS messages
CONNECT
IE Proxy
SSL handshake
HTTPS messages
CONNECT
IE Proxy
Interc. Proxy
active Spider
Passive passive
scanning
Content Disc.
P. history Site map
Vulnerability detection
Vulnerabilities and exploitation