• Home

  • Documents

  • Application Hacking Techniques and How to Stop...
50
Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques and How to Stop Them

Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

  • Upload
    lyliem

  • View
    221

  • Download
    0

Embed Size (px)

Citation preview

Page 1: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 1

DN-040219-AVamvakas-REV1

Application Hacking Techniques and How to Stop Them

Page 2: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 2

DN-040219-AVamvakas-REV1

What we will cover:

Page 3: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 3

DN-040219-AVamvakas-REV1

Agenda

Page 4: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 4

DN-040219-AVamvakas-REV1

Application Security Application vs. Infrastructure

Page 5: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 5

DN-040219-AVamvakas-REV1

Application Security Application vs. Infrastructure

Page 6: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 6

DN-040219-AVamvakas-REV1

Application Security Application vs. Infrastructure

Page 7: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 7

DN-040219-AVamvakas-REV1

Application Security Objectives

Page 8: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 8

DN-040219-AVamvakas-REV1

Agenda

Page 9: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 9

DN-040219-AVamvakas-REV1

Web Application Security General Concerns

Page 10: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 10

DN-040219-AVamvakas-REV1

Web Application Security Typical Architecture

Page 11: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 11

DN-040219-AVamvakas-REV1

Web Application Security Attacking Methodology

Page 12: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 12

DN-040219-AVamvakas-REV1

Web Application Security Application Attacks

Page 13: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 13

DN-040219-AVamvakas-REV1

Web Application Security Guessing (Probing) Technique

Page 14: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 14

DN-040219-AVamvakas-REV1

Web Application Security Guessing (Probing) Technique

Page 15: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 15

DN-040219-AVamvakas-REV1

Web Application Security User Input Attacks

Page 16: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 16

DN-040219-AVamvakas-REV1

Web Application Security User Input Attacks (URL Parameters)

Page 17: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 17

DN-040219-AVamvakas-REV1

Web Application Security User Input Attacks (SQL Injection Attacks)

Page 18: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 18

DN-040219-AVamvakas-REV1

Demonstration 1

Page 19: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 19

DN-040219-AVamvakas-REV1

A Sharing Slide

[ Share A ]

Page 20: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 20

DN-040219-AVamvakas-REV1

Web Application Security User Input Attacks

Page 21: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 21

DN-040219-AVamvakas-REV1

Web Application Security Hidden Field Manipulation

Page 22: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 22

DN-040219-AVamvakas-REV1

Web Application Security Hidden Field Manipulation

Page 23: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 23

DN-040219-AVamvakas-REV1

[ Poll B ]

Page 24: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 24

DN-040219-AVamvakas-REV1

Agenda

Page 25: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 25

DN-040219-AVamvakas-REV1

.Net Framework Applications Security Scope

Page 26: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 26

DN-040219-AVamvakas-REV1

.Net Framework Applications Security Features

Page 27: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 27

DN-040219-AVamvakas-REV1

.Net Framework Applications Security Threats

Page 28: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 28

DN-040219-AVamvakas-REV1

.Net Framework Applications Security Attacks

Page 29: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 29

DN-040219-AVamvakas-REV1

Demonstration 3

Page 30: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 30

DN-040219-AVamvakas-REV1

A Sharing Slide

[ Share B ]

Page 31: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 31

DN-040219-AVamvakas-REV1

Agenda

Page 32: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 32

DN-040219-AVamvakas-REV1

Best Practices Error Handling

Page 33: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 33

DN-040219-AVamvakas-REV1

Best Practices Authentication - Authorization

Page 34: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 34

DN-040219-AVamvakas-REV1

Best Practices Session Management

Page 35: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 35

DN-040219-AVamvakas-REV1

Best Practices Auditing

Page 36: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 36

DN-040219-AVamvakas-REV1

Best Practices Encryption

Page 37: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 37

DN-040219-AVamvakas-REV1

Best Practices Overview

Page 38: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 38

DN-040219-AVamvakas-REV1

[ Poll A ]

Page 39: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 39

DN-040219-AVamvakas-REV1

Session Summary

Page 40: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 40

DN-040219-AVamvakas-REV1

For More Information

Page 41: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 41

DN-040219-AVamvakas-REV1

Additional Resources

Page 42: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 42

DN-040219-AVamvakas-REV1

Additional Resources

Page 43: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 43

DN-040219-AVamvakas-REV1

Additional Resources

Page 44: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 44

DN-040219-AVamvakas-REV1

Additional Resources

Page 45: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 45

DN-040219-AVamvakas-REV1

Get Up to Speed on .NET

Page 46: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 46

DN-040219-AVamvakas-REV1

MSDN Security Webcast Week February 16 - 20, 2004

Page 47: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 47

DN-040219-AVamvakas-REV1

Learn more on Security….

Page 48: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 48

DN-040219-AVamvakas-REV1

DevDays is coming to a city near you

Page 49: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 49

DN-040219-AVamvakas-REV1

Poll: If you used Voice Over IP to connect to the audio, how...

Page 50: Application Hacking Techniques and How to Stop Themsilverstr.ufies.org/blog/msdn-webcast-application-hacking.pdf · Page: 1 DN-040219-AVamvakas-REV1 Application Hacking Techniques

Page: 50

DN-040219-AVamvakas-REV1

https://msevents.microsoft.com/emcui/welcomepage.aspx?eventid=1032244847&culture=en-us

Survey Slide

https://msevents.microsoft.com/emcui/welcomepage.aspx?eventid=1032244847&culture=en-us

Hacking the EULA: Reverse Benchmarking Web Application Security Scanners Toorcon 2007

Hacking the EULA: Reverse Benchmarking Web Application Security Scanners Toorcon 2007

Documents
Web Application Hacking

Web Application Hacking

Technology
Web Application Hacking and how to defend against it v3 ... · Web Application Hacking and How to Defend Against it Copyright 2005 Deloitte Touche Tohmatsu Ltd©2003 Firm Name/Legal

Web Application Hacking and how to defend against it v3 ... · Web Application Hacking and How to Defend Against it Copyright 2005 Deloitte Touche Tohmatsu Ltd©2003 Firm Name/Legal

Documents
Advanced web application hacking and exploitation

Advanced web application hacking and exploitation

Software
Hacking-Vigilance Distribution with Application to Assess ...ijiet.org/papers/285-T075.pdf · Hacking-Vigilance Distribution with Application to Assess Cyber Insecurity Level . Ramalingam

Hacking-Vigilance Distribution with Application to Assess ...ijiet.org/papers/285-T075.pdf · Hacking-Vigilance Distribution with Application to Assess Cyber Insecurity Level . Ramalingam

Documents
Hacking the EULA: Reverse Benchmarking Web Application Security Scanners Toorcon 2007

Hacking the EULA: Reverse Benchmarking Web Application Security Scanners Toorcon 2007

Documents
Secure Web Development – Attack and Defend Websites from ...€¦ · Web Application Hacking – Easy Web Application Hacking – Dicult 1/2 Web Application Hacking – Dicult 2/2

Secure Web Development – Attack and Defend Websites from ...€¦ · Web Application Hacking – Easy Web Application Hacking – Dicult 1/2 Web Application Hacking – Dicult 2/2

Documents
Ethical Hacking: Hacking GMail. Teaching Hacking

Ethical Hacking: Hacking GMail. Teaching Hacking

Documents
Application Manual - hacking-cult.org

Application Manual - hacking-cult.org

Documents
The Growing Hacking Threat to Websites, an Ongoing Commitment to Web Application Security

The Growing Hacking Threat to Websites, an Ongoing Commitment to Web Application Security

Business
Week 8 Web Application Hacking

Week 8 Web Application Hacking

Documents
European Social Fund Objective 3 The Application Process Direct Bidding Round 13 The Application Form Angeliki StogiaJohn Hacking

European Social Fund Objective 3 The Application Process Direct Bidding Round 13 The Application Form Angeliki StogiaJohn Hacking

Documents
IBMs Application Hacking

IBMs Application Hacking

Documents
Web Application Hacking - FIRST - Improving Security · PDF file · 2017-04-03Matthew Fisher, SPI Dynamics CNA, MCSA, MCSE, CCSE, CCSE, CISSP, DISA IATAC SME Web Application Hacking

Web Application Hacking - FIRST - Improving Security · PDF file · 2017-04-03Matthew Fisher, SPI Dynamics CNA, MCSA, MCSE, CCSE, CCSE, CISSP, DISA IATAC SME Web Application Hacking

Documents
Web Application Security; Hacking your way in!

Web Application Security; Hacking your way in!

Technology
28 de aneio a 04 de eveeio eiculao 040219 Ano - 1522 ... · 28 de aneio a 04 de eveeio eiculao 040219 Ano - 1522 Boletim Oficial do Município - 2 PORTARIA Nº 080/2019 A SECRETÁRIA

28 de aneio a 04 de eveeio eiculao 040219 Ano - 1522 ... · 28 de aneio a 04 de eveeio eiculao 040219 Ano - 1522 Boletim Oficial do Município - 2 PORTARIA Nº 080/2019 A SECRETÁRIA

Documents
101 Hacking/Security Web Application - · PDF file8/12/2013 · Web Application Hacking/Security 101 CIS 5930/4930 ... method data passed via ... statement; update information

101 Hacking/Security Web Application - · PDF file8/12/2013 · Web Application Hacking/Security 101 CIS 5930/4930 ... method data passed via ... statement; update information

Documents
09 Hacking a #cleanweb application: a testimonial from Apps4Italy prize winner

09 Hacking a #cleanweb application: a testimonial from Apps4Italy prize winner

Technology
Hacking Techniques: Web Application Security Shynlie ... · PDF fileHacking Techniques: Web Application Security Shynlie Simmons ... This paper focuses on hacking techniques of web

Hacking Techniques: Web Application Security Shynlie ... · PDF fileHacking Techniques: Web Application Security Shynlie Simmons ... This paper focuses on hacking techniques of web

Documents
# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

# !@ Ethical Hacking. 2 # !@ Ethical Hacking - ? Why – Ethical Hacking ? Ethical Hacking - Process Ethical Hacking – Commandments Reporting

Documents
Web application hacking (owasp top 10) security day

Web application hacking (owasp top 10) security day

Technology
Application Trustworthiness · “Hacking Second Life”, Metaverse08, Karlsruhe 2008 “Hacking Second Life”, Hack-in-the-Box, Dubai 2008 “Reversing – A structured approach”,

Application Trustworthiness · “Hacking Second Life”, Metaverse08, Karlsruhe 2008 “Hacking Second Life”, Hack-in-the-Box, Dubai 2008 “Reversing – A structured approach”,

Documents
Ethical Hacking and Countermeasures Modules with Add-… · Module 06: System Hacking Module 07: Application Password Hacking Module 08: Viruses and Worms Module 09: Trojans and Backdoors

Ethical Hacking and Countermeasures Modules with Add-… · Module 06: System Hacking Module 07: Application Password Hacking Module 08: Viruses and Worms Module 09: Trojans and Backdoors

Documents
SOCIAL ENGINEERING: The Hacking of the Mind · SOCIAL ENGINEERING: The Hacking of the Mind November 5, 2015 . ... • Penetration Testing (network and application) • Vulnerability

SOCIAL ENGINEERING: The Hacking of the Mind · SOCIAL ENGINEERING: The Hacking of the Mind November 5, 2015 . ... • Penetration Testing (network and application) • Vulnerability

Documents
Hacking apple accessories to pown iDevices2013.hackitoergosum.org/presentations/Day3-04.Hacking apple accessories to pown... · – HACK.lu 2012 • Hacking iOS Application . 3

Hacking apple accessories to pown iDevices2013.hackitoergosum.org/presentations/Day3-04.Hacking apple accessories to pown... · – HACK.lu 2012 • Hacking iOS Application . 3

Documents
Dynamically Hacking the Kernel with Containers · 2017-12-14 · Dynamically Hacking the Kernel with Containers ContainerCon Japan 2016 Tokyo ... Docker Swarm CoreOS. Application

Dynamically Hacking the Kernel with Containers · 2017-12-14 · Dynamically Hacking the Kernel with Containers ContainerCon Japan 2016 Tokyo ... Docker Swarm CoreOS. Application

Documents
Web Hacking Incidents Revealed - Trends, Stats and How to ... · Web Application Security Consortium (WASC) • Board Member • Project Leader, Web Hacking Incident Database •

Web Hacking Incidents Revealed - Trends, Stats and How to ... · Web Application Security Consortium (WASC) • Board Member • Project Leader, Web Hacking Incident Database •

Documents
WEB APPLICATION HACKING - OWASP · 2020-01-17 · Hacking Ético: Web Application Hacking Ejecutado por un hacker ético experto Pruebas de intrusión externas e internas Formas de

WEB APPLICATION HACKING - OWASP · 2020-01-17 · Hacking Ético: Web Application Hacking Ejecutado por un hacker ético experto Pruebas de intrusión externas e internas Formas de

Documents
Web Hacking Techniques 2008 - · PDF fileDialog Spoofing - Firefox Basic ... Top Ten Web Hacking Techniques (2008) Defenses 20 As a Web application, ... Top Ten Web Hacking Techniques

Web Hacking Techniques 2008 - · PDF fileDialog Spoofing - Firefox Basic ... Top Ten Web Hacking Techniques (2008) Defenses 20 As a Web application, ... Top Ten Web Hacking Techniques

Documents
Blackhat2012 zdziarski-dark-art-i os-application-hacking

Blackhat2012 zdziarski-dark-art-i os-application-hacking

Technology