Download Slides - CSE - USF - University of South Florida

Survey
yes no Was this document useful for you?
   Thank you for your participation!

* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project

page
1
page
2
page
3
page
4
page
5
page
6
page
7
page
8
page
9
page
10
page
11
page
12
page
13
page
14
page
15
page
16
page
17
Document related concepts

Wireless security wikipedia , lookup

Computer security wikipedia , lookup

Cracking of wireless networks wikipedia , lookup

SIP extensions for the IP Multimedia Subsystem wikipedia , lookup

Extensible Authentication Protocol wikipedia , lookup

Remote Desktop Services wikipedia , lookup

Authentication wikipedia , lookup

Cross-site scripting wikipedia , lookup

Transcript 
Web Application
Vulnerabilities, Detection
Mechanisms, and Defenses
Shamaria Engram
University of South Florida
Systems Security
Outline
 Web Application Vulnerabilities
 Injection
 Detection Mechanisms
 Defenses
 Broken Authentication and Session Management
 Detection Mechanisms
 Defenses
 Cross-Site Scripting
 Detection Mechanisms
 Defenses
Top 10 Web Application Vulnerabilities
 Injection
 Broken Authentication and Session Management
 Cross-Site Scripting
 Insecure Direct Object References
 Security Misconfiguration
 Sensitive Data Exposure
 Missing Function Level Access Control
 Cross-Site Request Forgery (CSRF)
 Using Known Vulnerable Components
 Unvalidated Redirects and Forwards
Injection
 OS
 Can include calls to the operating system via system calls
 LDAP
 Lightweight Directory Access Protocol
 Runs over internet transport protocols such as TCP
 Similar to SQL Injection
 SQL
 One of the most widespread injection attacks
LDAP & SQL Injection
Detection Mechanisms for Injection
Attacks
 Compare user input with possible known attack patterns
 Reconstruct all user supplied input into a known safe input
 Mechanisms that learn normal database accesses
Defenses against Injection
 Defensive programming
 Fault injection/Fuzzying testing
 Input Validation
 Dynamic Checks and Static Source Code Analysis
 Filter variables before constructing queries to be executed by server or database
 Validate outgoing data
 Restrict the access level of the web application to the minimum required
Broken Authentication and Session
Management
 A vulnerability as a result of incorrectly implemented application functions for
authentication or session management allowing attackers to masquerade as an
authorized user
 Most common authentication method for web applications are usernames and passwords
that generate session IDs upon successful login
 Vulnerable application components
 Unencrypted connection
 Predictable login credentials
 Session ID value does not timeout or does not become invalid after logging out
 User authentication credentials are not protected when stored
 Session ID values are used in the URL
Detection Mechanisms for Broken
Authentication and Session Management
 Hard to detect an attack as it is happening
 Web applications are tested thoroughly before deployment
Defenses against Broken Authentication
and Session Management
 Encrypt all connections between client and web server
 Enforce strong passwords and unpredictable usernames
 Session ID should be valid only for a certain amount of time and should become invalid
after logging out
 Salt, hash, and encrypt all stored user credentials
 Avoid including session ids in the URL
Cross-Site Scripting Attacks
 Common attack method that involves injecting malicious code into a vulnerable web
application
 Two types: Stored and Reflected
Stored Cross-Site Scripting Attack
Reflected Cross-Site Scripting Attack
Detection Mechanisms for Cross-Site
Scripting Attacks
 String Analysis
 E.g., Check the source code for the script tag
 Bounded Model Checking
 E.g., Satisfiability states
 Fault Injection
 E.g., Fuzzy testing
 Taint Propagation
 E.g., data flow analysis
 Comparing User Input with Known Untrusted Scripts
Detection Mechanisms for Cross-Site
Scripting Attacks
 Browser-Enforced Embedded Policies
 Syntactic Structure Analysis
 Lattice Based Approach
 Proxy Based Approach
 And Many More…
Defenses against Cross-Site Scripting
Attacks
 Properly escape all untrusted data based on the HTML context
 Validate the length, characters, format, and business rules on the data before accepting
the input
 Use auto-sanitization libraries such as OWASP’s AntiSamy or the Java HTML Sanitizer Project
 Content Security Policy (CSP) to defend against XSS
Thank you!
Questions
Related documents
What is SQL Injection?
What is SQL Injection?
網站安全 - 國立暨南國際大學
網站安全 - 國立暨南國際大學
Drug Calculations
Drug Calculations
Medical Assistant Knowledge Assessment Examination
Medical Assistant Knowledge Assessment Examination
iv-contrast-consent100511final
iv-contrast-consent100511final
INFORMED CONSENT FOR CT SCAN WITH OR WITHOUT
INFORMED CONSENT FOR CT SCAN WITH OR WITHOUT
Hip Pain Treatment: Medications Your doctor may recommend
Hip Pain Treatment: Medications Your doctor may recommend
Injection Technique
Injection Technique
Slide 1
Slide 1
Using the Gamera framework for the recognition of cultural heritage
Using the Gamera framework for the recognition of cultural heritage
Routes of Drug Administration
Routes of Drug Administration
Gender Differences in the Provision of Injection Initiation Assistance
Gender Differences in the Provision of Injection Initiation Assistance
Panel: Security and the World Wide Web
Panel: Security and the World Wide Web
Security
Security
Managing Cross-Site Groups
Managing Cross-Site Groups
How to Secure your Website 3
How to Secure your Website 3