Web Security

Web Security Never, ever, trust user inputs Supankar

why does security needs? Haha! Yes I know it. Its really a funny topic!!

Security why? To prevent stealing important data To secure Personal Data / Credentials Compromising Access Privilege No Data Loss

Common Threats Cross-Site Scripting (XSS) Session Hijack Click Jacking Cross-site request forgery (XSRF) SQL Injection

Never, ever, trust user inputs

Input Validation Always use server side validation as client side (javascript) validation can easily be bypassed Use white-listed values Use built-in escape functions Validate for correct data types, like numbers

example supankar<script type="text/javascript" src="http://abcNews24.com/gps/malicious.js"></script>

Input Validation (Cont..) Don’t expect the return value from selections, radio buttons or check boxes of a form to be the ones you mentioned. So, always revalidate. Example: <input type="radio" name="gender" value="m" />Male <input type="radio" name="gender" value="f" />Female

Input Validation (Cont..) insert userinfo (gender) values($_POST[‘gender’]) Garbage <input type="radio" name="gender" value=“a" />Male <input type="radio" name="gender" value=“c" />Female

Input Validation (Cont..) Defensive Programming: $gender=‘m’; If ($_POST[‘gender’]==‘f’) $gender=‘f’;

PHP: Some Bad Features Register Globals ,[object Object],if ($password == "my_password") { $authorized = 1; } if ($authorized == 1) { echo "Lots of important stuff."; } ,[object Object]

To disable register_globals using .htaccess file – php_flagregister_globals0 ,[object Object],register_globals = Off Magic Quotes

PHP harmful functions eval("shell_exec(quot;rm -rf {$_SERVER['DOCUMENT_ROOT']}quot;);"); ini_set(), exec(),fopen(), popen(), passthru(), readfile(), file(), shell_exec() , system(),etc…

SQL Injection ,[object Object]

Lets see the common way to check username and password entered into a form – $check = mysql_query("SELECT Username, Password, UserLevelFROM Users WHERE Username ='".$_POST['username']."' and Password = '".$_POST['password']."'"); ,[object Object], ' OR 1=1 # ,[object Object], SELECT Username, Password FROM Users WHERE Username =''OR1=1 #' and Password = '' ,[object Object],[object Object]

File Manipulation ,[object Object],index.php?page=contactus.html ,[object Object],index.php?page=.htpasswd ,[object Object]

When users download a file from your server, if the file name depends on user input, he can easily manipulate it to download system files by giving inputs like – “../../../etc/passwd”,[object Object]

JavaScript!!! ,[object Object]

Giving the user more control over the browser

Detecting the user's browser, OS, screen size, etc.

Performing simple computations on the client side

Generating HTML pages on-the-fly without accessing the Web server. ,[object Object]

It can also used for cookie hijacking so that a real user can be faked.

Always use htmlentities() function to output user-generated texts.

Limit the character set that can used for a particular text type

Disallow HTML input if possible. If that is not an option, only allow limited HTML tags,[object Object]

Yes, I am, because it is boring..

Fun… Go to supankar.wordpress.com http://technotip.com/269/moving-image-javascript-small-fun-application/Develop

XSS – Preventing Sanitize User input properly Check Character Encoding Double check before printing GET values from URL

Cross-site request forgery(XSRF) Using user’s logged in session to manipulate http://example.com/admin/delete/post/1

Cross-site request forgery(XSRF) cont.. User A has a post with ID 112

Web Security

Recommended

Recommended

More Related Content

What's hot

What's hot (20)

Viewers also liked

Viewers also liked (8)

Similar to Web Security

Similar to Web Security (20)

Web Security