香港六合彩

The Art of Finding Flaws – Techniques for Finding Vulnerabilities in Custom Software Jeff Williams CEO, Aspect Security Chair, OWASP Foundation [email_address] 410-707-1487

The Future Ingredients: Sun Java 1.5 runtime, Sun J2EE 1.2.2, Jakarta log4j 1.5, Jakarta Commons 2.1, Jakarta Struts 2.0, Harold XOM 1.1rc4, Hunter JDOMv1 Software Facts Modules 155 Modules from Libraries 120 % Vulnerability* * % Vulnerability values are based on typical use scenarios for this product. Your Vulnerability Values may be higher or lower depending on your software security needs: Cross Site Scripting 22 65 % SQL Injection 2 Buffer Overflow 5 Total Security Mechanisms 3 Encryption 3 Authentication 15 95 % Modularity .035 Cyclomatic Complexity 323 Access Control 3 Input Validation 233 Logging 33 Expected Number of Users 15 Typical Roles per Instance 4 Reflected 12 Stored 10 Cross Site Scripting Less Than 10 5 Reflected Less Than 10 5 Stored Less Than 10 5 SQL Injection Less Than 20 2 Buffer Overflow Less Than 20 2 Security Mechanisms 10 14 Encryption 3 15 Usage Intranet Internet

Today ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],We don’t have any idea whether our code is trustworthy or not

Why Find Vulnerabilities? ,[object Object],[object Object],[object Object],Find Flaws Fix Find Flaws Improve Find Flaws Improve If you’re not finding them, you’re allowing them

Software Is A Black Box ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Key Vulnerabilities ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

SQL Injection Illustrated Firewall Hardened OS Web Server App Server Firewall Databases Legacy Systems Web Services Directories Human Resrcs Billing Custom Code APPLICATION ATTACK Network Layer Application Layer Accounts Finance Administration Transactions Communication Knowledge Mgmt E-Commerce Bus. Functions HTTP request  SQL query  DB Table  HTTP response  “ SELECT * FROM users WHERE user=‘ ’ OR 1=1-- ’ AND pass=‘password’” 1. Application presents a login form to the attacker 2. Attacker sends an attack in the form data 3. Application forwards attack to the database in a SQL query Successful Login “ Welcome, Alice” 4. Database runs query containing attack and sends results to application 5. Application thinks login worked and sends welcome page

Scanning for SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Static Analysis for SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Penetration Testing for SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Code Review for SQL Injection ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Security Analysis Techniques Find Vulnerabilities Using the Running Application Find Vulnerabilities Using the Source Code Automated Vulnerability Scanning Automated Static Code Analysis Manual Penetration Testing Manual Code Review Combining All Four Techniques is Most Effective

Vulnerability Patterns ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],Failure to Validate Blacklist Validation Fail Open Failure to Validate Time of Check, Time of Use Failure to Validate

A Change In Perspective ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Getting Started ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

OWASP Can Help ,[object Object],[object Object],[object Object],[object Object],OWASP is dedicated to finding and fighting the causes of insecure software

OWASP Supports Vulnerability Analysis ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Some of What You’ll Find at OWASP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

What Could a Malicious Developer Do? ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]

Q&A A Q & Q U E S T I O N S A N S W E R S

香港六合彩

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (20)

Similaire à 香港六合彩

Similaire à 香港六合彩 (20)

Plus de baoyin

Plus de baoyin (7)

Dernier

Dernier (20)

香港六合彩