Прикладная теория Application Security

PowerPoint

Application Security /Positive Technologies/Application Inspector/Team Lead

Agenda?

,

?

3

, 4

""?5

5

""? () (-) , () - 56546-2015

6

""? () (-) , () - 56546-2015 , ? ()

7

""? () (-) , () - 56546-2015 , ? ()

, - Computer Science

8

""? () (-) , () - 56546-2015 , ? ()

, - Computer Science

9

10

: ?11

""?var cmd = new SqlCommand("SELECT Value FROM Discounts WHERE CouponCode LIKE '" + Request["CouponCode"] + "'");var connection = new SqlConnection(connectionString);connection.Open();cmd.Connection = connection;var couponValue = cmd.ExecuteScalar();...12

12

""?var cmd = new SqlCommand("SELECT Value FROM Discounts WHERE CouponCode LIKE '" + Request["CouponCode"] + "'");var connection = new SqlConnection(connectionString);connection.Open();cmd.Connection = connection;var couponValue = cmd.ExecuteScalar();...

( SQL-), ( HTTP-), SQL-.

13

13

""?var cmd = new SqlCommand("SELECT Value FROM Discounts WHERE CouponCode LIKE @CouponCode");cmd.Parameters.AddWithValue("@CouponCode ", Request["CouponCode"]);var connection = new SqlConnection(connectionString);connection.Open();cmd.Connection = connection;var couponValue = cmd.ExecuteScalar();...14

14

""?var cmd = new SqlCommand("SELECT Value FROM Discounts WHERE CouponCode = @CouponCode");cmd.Parameters.AddWithValue("@CouponCode ", Request["CouponCode"]);var connection = new SqlConnection(connectionString);connection.Open();cmd.Connection = connection;var couponValue = cmd.ExecuteScalar();...

( SQL-), ( HTTP-), SQL-, .

15

15

""?1)

[Authorize(Roles = "All")]public ActionResult SomeAction(){ ... return View();}

2)

[Authorize(Roles = "Baz, Qux")]public ActionResult SomeAction(){ ... return View();}16

16

""?1)

[Authorize(Roles = "All")]public ActionResult SomeAction(){ ... return View();}

2)

[Authorize(Roles = "Baz, Qux")]public ActionResult SomeAction(){ ... return View();} , ( , ).17

17

18

:

;; ,.:

-;-;; ( ).

,

19

Application Security 20

Application Security21

, :

;

;

.

, .22

, 23

: : : -;: .

: : - ;: ;: .

: , : 24

:

, .

25

:

, .

:

( ) .26

Application Security27

- 28

"Modeling Computer Insecurity" (Sophie Engle, Sean Whalen and Matt Bishop):

, .

, .

. , ,

29

, 30

, , 31

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}32

32

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

33

33

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

34

34

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

35

35

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

36

36

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

37

37

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

38

38

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

39

39

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

40

40

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

41

41

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

42

42

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

43

43

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

44

44

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

45

45

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.IsNullOrEmpty(parm) ? new char[0]: Convert.FromBase64String(parm);

string str1;if (name + "in" == "admin"){ if (key1 == "validkey") { str1 = Encoding.UTF8.GetString(data); } else { str1 = "Wrong key!"; }

Response.Write(str1);}

46

46

47

var name = Request.Params["name"];var key1 = Request.Params["key1"];var parm = Request.Params["parm"];

var data = string.