Upload
yusif-suleiman
View
221
Download
0
Embed Size (px)
Citation preview
7/28/2019 Web Application Security Intro
1/25
7/28/2019 Web Application Security Intro
2/25
Mjnklreudi
\om jpp vu`dorjma`ataos
^onuradl wom jpps
7/28/2019 Web Application Security Intro
3/25
7/28/2019 Web Application Security Intro
4/25
7/28/2019 Web Application Security Intro
5/25
Ferb ijtj odneioi ad tco _]@
Best nebbed CYYW botcei usoi ed tco wom
^ceu`i mo usoi te rotraovo adferbjtaed det fer jntaeds
tcjt cjvo saio"offonts
7/28/2019 Web Application Security Intro
6/25
LOYcttp8%%www$bysato$neb%klsojrnc%sojrnc$pcp5njtai2: CYYW%:$:
Cest8 www$bysato$neb
_sor"Jlodt8 Beza``j%?$7 #\adiews; _; \adiews DY ?$:; od"_^; rv8:$3$:$:>!
Lonke%=7737>:: Farofex%=$7$7$:>
Jnnopt8
toxt%xb`jpp`anjtaed%xb`jpp anjtaed%xctb`+xb`toxt%ctb`;q27$1toxt%p`jad;q27$3abjlo%pdl(%(;
q27$?
Jnnopt"@jdlujlo8 od"usod;q27$?
Jnnopt"Odneiadl8 lzapiof`jtoJnnopt"Ncjrsot8 A^E"33?1":utf"3;q27$
7/28/2019 Web Application Security Intro
7/25
cttp8%%www$leel`o$neb%sojrnc5c`2od&`r2&n=neff2:&r s2LL@L/=NLL@L/>J=77?"=6/=NLL@L/>Jod&q2cttp/>J/=F/=Fwww$leel`o$neb/=Fsojrnc/>Fc`/>Iod/=6`r/>I/=6n=neff/>I:/=6r`s/>ILL@L/=?=NLL@L/=?>J=77?"=6/=?=NLL@L/=?>Jod/=6q/>Icttp/=?>J/=?=F/=?=Fwww$leel`o$neb/=?=Fsojrnc/=?>Fc`/=?>Iod/=?=6`r/=?>I/=?=6n=neff/=?>I:/=?=6r`s/=?>ILL@L/=?=?=NLL@L/=?=?>J=77?"=6/=?=?=NLL@L/=?=?>Jod/=?=6q/=?>Icttp/=?=?>J/=?=?=F/=?=?=Fwww$leel`o$neb/=?=?=Fsojrnc/=?=?>Fseurnoai/=?=?>Idjvn`aodt/=?=?=6ao/=?=?>I_YF"
3/=?=?=6r`s/=?=?>ILL@L/=?=?=NLL@L/=?=?>J=77?"=6/=?=?=NLL@L/=?=?>Jod/=?=?=6q/=?=?>Icttp/=?=?=?>J/=?=?=?=F/=?=?=?=Fwww/=?=?=?=Oleel`o/=?=?=?=Oneb/=?=?=?=Fsojrnc/=?=?=?>Fseurnoai/=?=?=?>Idjvn`aodt/=?=?=?=6ao/=?=?=?>I_YF/=?=?=?=I3/=?=?=?=6r`s/=?=?=?>ILL@L/=?=?=?=NLL@L/=?=?=?>J=77?/=?=?=?=I=6/=?=?=?=NLL@L/=?=?=?>Jod/=?=?=?=6q/=?=?=?>Icttp/=?=?=?=?>J/=?=?=?=?=F/=?=?=?=?=Fuk=/=?=?=?=?=Obu`tabjp/=?=?=?=?=Oneb/=?=?=?=?=Fbjp/=?=?=?=?=Fmrewso/=?=?=?=?=Onla/=?=?=?=?>Fn`aodt/=?=?=?=?>Ipum`an/=?=?=?=?=6LraiO/=?=?=?=?>I/=?=?=?=?=I7/=?=?=?=?=O:=697/=?=?=?=?=6LraiD/=?=?=?=?>I?:/=?=?=?=?=O?7367/=?=?=?=?=6`ed/=?=?=?=?>I/=?=?=?=?=I7/=?=?=?=?=O:=697/=?=?=?=?=6`jt/=?=?=?=?>I?:/=?=?=?=?=O?7367/=?=?=?=?=6sojrnc/=?=?=?=??Frosu`t/=?=?=?=?>I@edied/=?=?=?=?=?=NLrojtor/=?=?=?=?=?=7@edied/=?=?=?=?=6im/=?=?=?=?>Ifrooljz/=?=?=?=?=6nair/=?
=?=?=??Fn`aodt/=?=?=?=?>Idedo/=?=?=?=?=6`jdl/=?=?=?=?>I/=?=?=?=?=6p`jno/=?=?=?=?>I@edied/=?=?=?=?=NLrojtor/=?=?=?=?=M@edied/=?=?=?=?=6pn/=?=?=?=?>I/=?=?=?=?=6jivjdnoi/=?=?=?=?>I/=?=?=?=?=6n`aodt/=?=?=?=?>Ipum`an/=?=?=?=?=6jiir=/=?=?=?=?>I/=?=?=?=?=6quanksojrnc/=?=?=?=?>I@edied/=?=?=?=?=6jiir>/=?=?=?=?>I/=?=?=?=?=6snj`o/=?=?=?=?>I:77777/=?=?=?=?=6jiir:/=?=?=?=?>I/=?=6mtdL/=?>I^ojrnc/=6mtdL/>I^ojrnc&mtdL2^ojrnc
7/28/2019 Web Application Security Intro
8/25
Ijtj as adn`uioi ad tco meiy ef tco roquost$
^ceu`i mo usoi fer jdy jntaed tcjt cjs saio"offonts
^teradl%upijtadl ijtj, erioradl j preiunt, otn
7/28/2019 Web Application Security Intro
9/25
WE^Ycttp8%%www$bysato$neb%klsojrnc%sojrnc$pcp CYYW%:$:
Cest8 www$bysato$neb_sor"Jlodt8 Beza``j%?$7 #\adiews; _; \adiews DY ?$:; od"_^; rv8:$3$:$:>! Lonke%=7737>::
Farofex%=$7$7$:>
Jnnopt8 toxt%xb`jpp`anjtaed%xb`jpp`anjtaed%xctb`+xb`toxt%ctb`;q27$1toxt%p`jad;q27$3abjlo%pdl(%(;q27$?
Jnnopt"@jdlujlo8 od"usod;q27$?
Jnnopt"Odneiadl8 lzapiof`jto
Jnnopt"Ncjrsot8 A^E"33?1":utf"3;q27$
7/28/2019 Web Application Security Intro
10/25
Ovory prelrjb cjs jt `ojst twe purpesos8tco edo fer wcanc at wjs wrattod, jdi
jdetcor fer wcanc at wjsd,t$
"J`jd H$ Wor`as
7/28/2019 Web Application Security Intro
11/25
Ycoro adferbjtaed nedtjadoi ad pjrjbotors njd to`` j
usor j `et jmeut cew yeur jpp`anjtaed werks
LOY pjrjbotors jro ojsa`y vasam`o ad tco jiiross mjr
WE^Y pjrjbotors jro caiiod freb tco jvorjlo usor _sors njd sta`` vaow seurno neio _sors njd sta`` vaow tco pjnkots _sors njd sta`` adtornopt & beiafy wom roquosts
7/28/2019 Web Application Security Intro
12/25
Mrewsor
De jpp`anjtaeds
^tjtan pjlos
Cjri neioi `adks
\om ^orvor
7/28/2019 Web Application Security Intro
13/25
Mrewsor
\om orvors
Wrosodtjtaed@jyor
Boiaj tero
Vory nebp`ox jrncatonturos,bu`tap`o p`jtferbs, bu`tap`opretene`s
Ijtjmjso^orvor
NusteborAiodtafanjtaed
Jnnoss
Nedtre`s
YrjdsjntaedAdferbjtaed
Nero MusadossIjtj
\aro`oss
\om ^orvanos
Jpp`anjtaed^orvor
Musadoss@elan
Nedtodt
^orvanos
Dotwerk
CYYW
\om Jpp`anjtaed
7/28/2019 Web Application Security Intro
14/25
Adtordot IBXYrustoiAdsaio
NerperjtoAdsaio
CYYW#^!
J``ews CYYW pert 37
J``ews CYYW^ pert 99>
Farowj`` ed`yj``ewsjpp`anjtaedsed tco womsorvor te tj`k tejpp`anjtaed
sorvor$
Farowj`` ed`yj``ews jpp`anjtaedsorvor te tj`k teijtjmjso sorvor$
AA^
^udEdo
Jpjnco
J^W
$DOY
\om^pcoro
Hjvj
^Z@
Erjn`o
IM=
Mrewsor
http://www.samba.org/samba/vendors/qube.jpghttp://www.samba.org/samba/vendors/qube.jpg7/28/2019 Web Application Security Intro
15/25
Js jd Jpp`anjtaedIovo`epor, A njdmua`i lrojt fojturosjdi fudntaeds wca`o
bootadl ioji`ados,mut A iedt kdewcew te iovo`ep bywom jpp`anjtaedwatc sonuraty js jfojturo$
Yco \om Jpp`anjtaed^onuraty Ljp
Js j Dotwerk ^onuratyWrefossaedj`, A iedtkdew cew bynebpjdaos womjpp`anjtaeds jrosuppesoi te werk se Aiop`ey j pretontavose`utaedmut iedtkdew af ats pretontadlwcjt ats suppesoi te$
Jpp`anjtaedIovo`epors jdiZJ Wrefossaedj`s
Iedt Kdew^onuraty
^onuraty
Wrefossaedj`s
Iedt Kdew Yco
Jpp`anjtaeds
7/28/2019 Web Application Security Intro
16/25
Af mua`iors mua`t mua`iadls tco wjy prelrjbbors wreto prelrjbs, tcodtco farst weeiponkor tcjt njbo j`edl weu`i iostrey nava`azjtaed$
"\oadmorl,s ^onedi @jw
7/28/2019 Web Application Security Intro
17/25
Yoncdanj` Vu`dorjma`ataos ]osu`t ef adsonuro prelrjbbadl toncdaquos Bataljtaed roquaros neio ncjdlos Iotontjm`o my snjddors
cttp8%%oxjbp`o%erior$jsp5atob20snrapt4j`ort#p7wdoi!0%snrapt4&prano2>77$77
@elanj` Vu`dorjma`ataos ]osu`t ef adsonuro prelrjb `elan Best eftod te iuo te peer ionasaeds roljriadl trust
Bataljtaed eftod roquaros iosald%jrncatonturo ncjdlos Iotontaed eftod roquaros cubjds te udiorstjdi tco
nedtoxt cttp8%%oxjbp`o%erior$jsp5atob2tejstor&prano2>7$77
7/28/2019 Web Application Security Intro
18/25
W`jtferb
Jibadastrjtaed
Jpp`anjtaed
Kdewd Vu`dorjma`ataos
Oxtodsaed Nconkadl
Nebbed Fa`o Nconks
Ijtj Oxtodsaed Nconkadl
Mjnkup Nconkadl
Iarontery Oduborjtaed
Wjtc Yrudnjtaed
Caiiod \om Wjtcs
Fernofu` Mrewsadl
Jpp`anjtaed Bjppadl
Neekao Bjdapu`jtaed
Nusteb Jpp`anjtaed^nraptadl
Wjrjbotor Bjdapu`jtaed
]ovorso IaronteryYrjdsvorsj`
Mruto Ferno
Jpp`anjtaed Bjppadl
Neekao Weasedadl%Ycoft
Muffor Evorf`ew
^Z@ Adhontaed
Nress"sato snraptadl
\om jpp`anjtaed vu`dorjma`ataos ennurad bu`tap`o jrojs$
7/28/2019 Web Application Security Intro
19/25
W`jtferb
KdewdVu`dorjma`ataos
W`jtferb8 Kdewd vu`dorjma`ataos njd
mo oxp`eatoi abboiajto`y
watc j badabub jbeudtef ska`` er oxporaodno snrapt kaiiaos
Best ojsa`y iofodijm`oef j`` wom vu`dorjma`ataos
B_^Y cjvo strojb`adoipjtncadl prenoiuros
7/28/2019 Web Application Security Intro
20/25
Jibadastrjtaed
Oxtodsaed Nconkadl
Nebbed Fa`o Nconks
Ijtj OxtodsaedNconkadl
Mjnkup Nconkadl
IaronteryOduborjtaed
Wjtc Yrudnjtaed
Caiiod \om Wjtcs
Fernofu` Mrewsadl
Jibadastrjtaed8 @oss ojsa`y nerrontoi tcjd kdewd
assuos
]oquaro adnrojsoi jwjrodoss Bero tcjd hust nedfalurjtaed bust
mo jwjro ef sonuraty f`jws ad jntuj`
nedtodt
]obdjdt fa`os njd rovoj`jpp`anjtaeds jdi vorsaeds ad uso Mjnkup fa`os njd rovoj` seurno neio
jdi ijtjmjso neddontaed stradls
7/28/2019 Web Application Security Intro
21/25
JibadastrjtaedJibadastrjtaed
Jpp`anjtaed Wrelrjbbadl8 Nebbed neiadl toncdaquos ie det
donossjra`y adn`uio sonuraty
Adput as jssuboi te mo vj`ai mut det tostoi
_doxjbadoi adput freb j mrewsor njd adhontsnrapts adte pjlo fer rop`jy jljadst `jtorvasaters
_dcjdi`oi orrer bossjlos rovoj` jpp`anjtaedjdi ijtjmjso strunturos
_dnconkoi ijtjmjso nj``s njd mopallymjnkoiwatc j cjnkors ewd ijtjmjso
nj`` lavadl iaront jnnoss te musadoss ijtjtcreulc j wom mrewsor
Jpp`anjtaed
Jpp`anjtaed Bjppadl
Neekao Bjdapu`jtaed
Nusteb Jpp`anjtaed^nraptadl
Wjrjbotor Bjdapu`jtaed
]ovorso IaronteryYrjdsvorsj`
Mruto Ferno
Jpp`anjtaed Bjppadl
Neekao Weasedadl%Ycoft
Muffor Evorf`ew
^Z@ Adhontaed
Nress"sato snraptadl
7/28/2019 Web Application Security Intro
22/25
7/28/2019 Web Application Security Intro
23/25
Adnerperjtadl sonuraty adte`afonyn`o Adtolrjto sonuraty adte jpp`anjtaed
roquarobodts
Adn`uiadl adferbjtaed sonuratyprefossaedj`s ad seftwjrojrncatonturo%iosald rovaow
^onuraty JWAs & `amrjraos #o$l$ O^JWA,Vj`aijter, otn$! wcod pessam`o
Ycrojt beio`adl
\om jpp`anjtaed vu`dorjma`atyjssossbodt tee`s
7/28/2019 Web Application Security Intro
24/25
Oiunjto Iovo`epors^eftwjro sonuraty most prjntanos
YostorsBotceis fer aiodtafyadl vu`dorjma`ataos ^onuraty Wrefossaedj`s^eftwjro
iovo`epbodt, ^eftwjro neiadl most prjntanos
Oxonutavos, ^ystob Ewdors, otn$
_diorstjdiadl tco rask jdi wcy tcoy sceu`imo nednordoi
7/28/2019 Web Application Security Intro
25/25