SlideShare une entreprise Scribd logo

SQL Injection & Cross Site Scripting, by Stefano Santomauro

Télécharger en tant que PPT, PDF
Codemotion
Codemotion

Le due vulnerabilità più diffuse sul web. Perché vengono così sottovalutate? Sono davvero così pericolose? Si può contrastarle efficacemente? Simuliamo degli attachi analizzandone potenzialità e possibili soluzioni

Technologie
1  sur  18
SQL Injection & Cross Site Scripting Stefano Santomauro sfn.santomauro@gmail.com
Chi sono • Hacker? Macché • Security engineer? Non so cosa sia • Appassionato? Forse • Esperto? Magari! • ??? Stefano Santomauro sfn.santomauro@gmail.com
Perché questo talk • Sappiamo da cosa proteggerci? • Conosciamo il modo in cui difenderci? • Perché difenderci? • Quanto costa? • … Stefano Santomauro sfn.santomauro@gmail.com
Le vulnerabilità più diffuse sul WEB OWASP Top Ten Project •A1 - Injection (SQLi e XPATHi) •A2 - Cross Site Scripting (XSS) •A3: Broken Authentication and Session Management •A4: Insecure Direct Object References •A5: Cross-Site Request Forgery (CSRF) •A6: Security Misconfiguration •A7: Insecure Cryptographic Storage •A8: Failure to Restrict URL Access •A9: Insufficient Transport Layer Protection •A10: Unvalidated Redirects and Forwards Stefano Santomauro sfn.santomauro@gmail.com
SQL Injection: cos’è «A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application» Fonte OWASP https://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
SQL Injection: come (1/2) String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select * from users where username = '" +username+"' and password = md5('" +password+"')"; Stefano Santomauro sfn.santomauro@gmail.com
SQL Injection: come (2/2) select * from users where username = ‘tiziousr’ and password = md5(‘tiziopwd’) select * from users where username = ‘xxx’ or 1=1 --’ and password = md5(‘tiziopwd’) Commento MySQL SQL eseguita select * from users where username = ‘xxx’ or 1=1 Stefano Santomauro sfn.santomauro@gmail.com
SQL Injection: potenzialità «A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system» Fonte OWASP https://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
Cross Site Scripting: cos’è «XSS attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user» Fonte OWASP https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
Cross Site Scripting: come JSP input <input type="text" name="username"/> Servlet String username = request.getParameter("username"); request.setAttribute("username", username); JSP output <span><%=request.getAttribute("username")%></span> HTML output <span><script>alert(123)</script></span> Stefano Santomauro sfn.santomauro@gmail.com
Cross Site Scripting: potenzialità «[…] the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page» Fonte OWASP https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
DIMOSTRAZIONE… Stefano Santomauro sfn.santomauro@gmail.com
La dimostrazione continua… a casa Adesso sta a voi condurre un attacco di tipo XSS. Scaricate il progetto al link che trovate nei Riferimenti e, dopo aver seguito le istruzioni, provate a trovare le vostre varianti! Stefano Santomauro sfn.santomauro@gmail.com
Conclusioni (1/4) La nostra è stata soltanto una semplice “simulazione” di un caso reale… Stefano Santomauro sfn.santomauro@gmail.com
Conclusioni (2/4) …ma se anche non volete credere a me, spero crediate a questo… Stefano Santomauro sfn.santomauro@gmail.com
Conclusioni (3/4) Stefano Santomauro sfn.santomauro@gmail.com
Conclusioni (4/4) Stefano Santomauro sfn.santomauro@gmail.com
Riferimenti • OWASP (https://www.owasp.org/index.php/Main_Page) • md5decrypter (http://www.md5decrypter.co.uk) • Notizia dell’attacco alla SONY ( http://www.itwire.com/business-it-news/security/47605-sony-falls-victim-to-another-simple-sql-injection-atta ) • Notizia dell’attacco a Skype (https://superevr.com/blog/2011/xss-in-skype-for-ios/) • OWASP WebGoat (https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project) • DOWNLOAD progetto dimostrativo (http://www.divshare.com/download/17108200-6e1) Stefano Santomauro sfn.santomauro@gmail.com

Recommandé

Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Codemotion
 
XSS- an application security vulnerability
XSS- an application security vulnerabilityXSS- an application security vulnerability
XSS- an application security vulnerability
Soumyasanto Sen
 
WebApps_Lecture_15.ppt
WebApps_Lecture_15.pptWebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
OmprakashVerma56
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn't
Bas Lijten
 
Hackers vs developers
Hackers vs developersHackers vs developers
Hackers vs developers
Soumyasanto Sen
 
The Adventures of XSS Payloads in Strange Places
The Adventures of XSS Payloads in Strange PlacesThe Adventures of XSS Payloads in Strange Places
The Adventures of XSS Payloads in Strange Places
Ricardo Almeida
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격
선협 이
 
Anatomy of a WordPress Hack
Anatomy of a WordPress HackAnatomy of a WordPress Hack
Anatomy of a WordPress Hack
jessepollak
 

Recommandé

Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016 Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Milano Chatbots Meetup - Vittorio Banfi - Bot Design - Codemotion Milan 2016
Codemotion
 
XSS- an application security vulnerability
XSS- an application security vulnerabilityXSS- an application security vulnerability
XSS- an application security vulnerability
Soumyasanto Sen
 
WebApps_Lecture_15.ppt
WebApps_Lecture_15.pptWebApps_Lecture_15.ppt
WebApps_Lecture_15.ppt
OmprakashVerma56
 
Sitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn'tSitecore might be secure, but your site isn't
Sitecore might be secure, but your site isn't
Bas Lijten
 
Hackers vs developers
Hackers vs developersHackers vs developers
Hackers vs developers
Soumyasanto Sen
 
The Adventures of XSS Payloads in Strange Places
The Adventures of XSS Payloads in Strange PlacesThe Adventures of XSS Payloads in Strange Places
The Adventures of XSS Payloads in Strange Places
Ricardo Almeida
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격
선협 이
 
Anatomy of a WordPress Hack
Anatomy of a WordPress HackAnatomy of a WordPress Hack
Anatomy of a WordPress Hack
jessepollak
 
Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in Rails
Uri Nativ
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
Avădănei Andrei
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
Romanian Cyber Conference
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
Kishor Kumar
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
matthewhughes
 
Owasp webgoat
Owasp webgoatOwasp webgoat
Owasp webgoat
Zakaria SMAHI
 
Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)
Ritesh Raushan
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
Sastry Tumuluri
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
Mohammed ALDOUB
 
Security in Node.JS and Express:
Security in Node.JS and Express:Security in Node.JS and Express:
Security in Node.JS and Express:
Petros Demetrakopoulos
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
Blueinfy Solutions
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
Mike Crabb
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
Caleb Sima
 
4.Xss
4.Xss4.Xss
4.Xss
phanleson
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
Paul Ionescu
 
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoRSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
Aditya K Sood
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
Michael Hendrickx
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
OWASP Khartoum
 
15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss
appsec
 
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Codemotion
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
Codemotion
 

Contenu connexe

Similaire à SQL Injection & Cross Site Scripting, by Stefano Santomauro

Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
nooralmousa
 
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoRSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
Aditya K Sood
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
OWASP Khartoum
 

Similaire à SQL Injection & Cross Site Scripting, by Stefano Santomauro (20)

Web Application Security in Rails
Web Application Security in RailsWeb Application Security in Rails
Web Application Security in Rails
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Xss is more than a simple threat
Xss is more than a simple threatXss is more than a simple threat
Xss is more than a simple threat
 
Django (Web Applications that are Secure by Default)
Django �(Web Applications that are Secure by Default�)Django �(Web Applications that are Secure by Default�)
Django (Web Applications that are Secure by Default)
 
Security testing for web developers
Security testing for web developersSecurity testing for web developers
Security testing for web developers
 
Owasp webgoat
Owasp webgoatOwasp webgoat
Owasp webgoat
 
Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)Web application security for java (XSS,Session Fixation)
Web application security for java (XSS,Session Fixation)
 
Application Security around OWASP Top 10
Application Security around OWASP Top 10Application Security around OWASP Top 10
Application Security around OWASP Top 10
 
Case Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by DefaultCase Study of Django: Web Frameworks that are Secure by Default
Case Study of Django: Web Frameworks that are Secure by Default
 
Security in Node.JS and Express:
Security in Node.JS and Express:Security in Node.JS and Express:
Security in Node.JS and Express:
 
XSS - Attacks & Defense
XSS - Attacks & DefenseXSS - Attacks & Defense
XSS - Attacks & Defense
 
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...Mr. Mohammed Aldoub - A case study of django web applications that are secur...
Mr. Mohammed Aldoub - A case study of django web applications that are secur...
 
Sql Injection and XSS
Sql Injection and XSSSql Injection and XSS
Sql Injection and XSS
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
4.Xss
4.Xss4.Xss
4.Xss
 
Secure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa WorkshopSecure Coding 101 - OWASP University of Ottawa Workshop
Secure Coding 101 - OWASP University of Ottawa Workshop
 
RSA Conference 2010 San Francisco
RSA Conference 2010 San FranciscoRSA Conference 2010 San Francisco
RSA Conference 2010 San Francisco
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
 
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
 
15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss15 owasp top 10 - a3-xss
15 owasp top 10 - a3-xss
 

Plus de Codemotion

Plus de Codemotion (20)

Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
Fuzz-testing: A hacker's approach to making your code more secure | Pascal Ze...
 
Pompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending storyPompili - From hero to_zero: The FatalNoise neverending story
Pompili - From hero to_zero: The FatalNoise neverending story
 
Pastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storiaPastore - Commodore 65 - La storia
Pastore - Commodore 65 - La storia
 
Pennisi - Essere Richard Altwasser
Pennisi - Essere Richard AltwasserPennisi - Essere Richard Altwasser
Pennisi - Essere Richard Altwasser
 
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
Michel Schudel - Let's build a blockchain... in 40 minutes! - Codemotion Amst...
 
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
Richard Süselbeck - Building your own ride share app - Codemotion Amsterdam 2019
 
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
Eward Driehuis - What we learned from 20.000 attacks - Codemotion Amsterdam 2019
 
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 - Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
Francesco Baldassarri - Deliver Data at Scale - Codemotion Amsterdam 2019 -
 
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
Martin Förtsch, Thomas Endres - Stereoscopic Style Transfer AI - Codemotion A...
 
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
Melanie Rieback, Klaus Kursawe - Blockchain Security: Melting the "Silver Bul...
 
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
Angelo van der Sijpt - How well do you know your network stack? - Codemotion ...
 
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
Lars Wolff - Performance Testing for DevOps in the Cloud - Codemotion Amsterd...
 
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
Sascha Wolter - Conversational AI Demystified - Codemotion Amsterdam 2019
 
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
Michele Tonutti - Scaling is caring - Codemotion Amsterdam 2019
 
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
Pat Hermens - From 100 to 1,000+ deployments a day - Codemotion Amsterdam 2019
 
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
James Birnie - Using Many Worlds of Compute Power with Quantum - Codemotion A...
 
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
Don Goodman-Wilson - Chinese food, motor scooters, and open source developmen...
 
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
Pieter Omvlee - The story behind Sketch - Codemotion Amsterdam 2019
 
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
Dave Farley - Taking Back “Software Engineering” - Codemotion Amsterdam 2019
 
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
Joshua Hoffman - Should the CTO be Coding? - Codemotion Amsterdam 2019
 

Dernier

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Drew Madelung
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
Principled Technologies
 

Dernier (20)

Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 

SQL Injection & Cross Site Scripting, by Stefano Santomauro

  • 1. SQL Injection & Cross Site Scripting Stefano Santomauro sfn.santomauro@gmail.com
  • 2. Chi sono • Hacker? Macché • Security engineer? Non so cosa sia • Appassionato? Forse • Esperto? Magari! • ??? Stefano Santomauro sfn.santomauro@gmail.com
  • 3. Perché questo talk • Sappiamo da cosa proteggerci? • Conosciamo il modo in cui difenderci? • Perché difenderci? • Quanto costa? • … Stefano Santomauro sfn.santomauro@gmail.com
  • 4. Le vulnerabilità più diffuse sul WEB OWASP Top Ten Project •A1 - Injection (SQLi e XPATHi) •A2 - Cross Site Scripting (XSS) •A3: Broken Authentication and Session Management •A4: Insecure Direct Object References •A5: Cross-Site Request Forgery (CSRF) •A6: Security Misconfiguration •A7: Insecure Cryptographic Storage •A8: Failure to Restrict URL Access •A9: Insufficient Transport Layer Protection •A10: Unvalidated Redirects and Forwards Stefano Santomauro sfn.santomauro@gmail.com
  • 5. SQL Injection: cos’è «A SQL injection attack consists of insertion or "injection" of a SQL query via the input data from the client to the application» Fonte OWASP https://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
  • 6. SQL Injection: come (1/2) String username = request.getParameter("username"); String password = request.getParameter("password"); String sql = "select * from users where username = '" +username+"' and password = md5('" +password+"')"; Stefano Santomauro sfn.santomauro@gmail.com
  • 7. SQL Injection: come (2/2) select * from users where username = ‘tiziousr’ and password = md5(‘tiziopwd’) select * from users where username = ‘xxx’ or 1=1 --’ and password = md5(‘tiziopwd’) Commento MySQL SQL eseguita select * from users where username = ‘xxx’ or 1=1 Stefano Santomauro sfn.santomauro@gmail.com
  • 8. SQL Injection: potenzialità «A successful SQL injection exploit can read sensitive data from the database, modify database data (Insert/Update/Delete), execute administration operations on the database (such as shutdown the DBMS), recover the content of a given file present on the DBMS file system and in some cases issue commands to the operating system» Fonte OWASP https://www.owasp.org/index.php/SQL_Injection Stefano Santomauro sfn.santomauro@gmail.com
  • 9. Cross Site Scripting: cos’è «XSS attacks are a type of injection problem, in which malicious scripts are injected into the otherwise benign and trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user» Fonte OWASP https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
  • 10. Cross Site Scripting: come JSP input <input type="text" name="username"/> Servlet String username = request.getParameter("username"); request.setAttribute("username", username); JSP output <span><%=request.getAttribute("username")%></span> HTML output <span><script>alert(123)</script></span> Stefano Santomauro sfn.santomauro@gmail.com
  • 11. Cross Site Scripting: potenzialità «[…] the malicious script can access any cookies, session tokens, or other sensitive information retained by your browser and used with that site. These scripts can even rewrite the content of the HTML page» Fonte OWASP https://www.owasp.org/index.php/Cross-site_Scripting_(XSS) Stefano Santomauro sfn.santomauro@gmail.com
  • 12. DIMOSTRAZIONE… Stefano Santomauro sfn.santomauro@gmail.com
  • 13. La dimostrazione continua… a casa Adesso sta a voi condurre un attacco di tipo XSS. Scaricate il progetto al link che trovate nei Riferimenti e, dopo aver seguito le istruzioni, provate a trovare le vostre varianti! Stefano Santomauro sfn.santomauro@gmail.com
  • 14. Conclusioni (1/4) La nostra è stata soltanto una semplice “simulazione” di un caso reale… Stefano Santomauro sfn.santomauro@gmail.com
  • 15. Conclusioni (2/4) …ma se anche non volete credere a me, spero crediate a questo… Stefano Santomauro sfn.santomauro@gmail.com
  • 16. Conclusioni (3/4) Stefano Santomauro sfn.santomauro@gmail.com
  • 17. Conclusioni (4/4) Stefano Santomauro sfn.santomauro@gmail.com
  • 18. Riferimenti • OWASP (https://www.owasp.org/index.php/Main_Page) • md5decrypter (http://www.md5decrypter.co.uk) • Notizia dell’attacco alla SONY ( http://www.itwire.com/business-it-news/security/47605-sony-falls-victim-to-another-simple-sql-injection-atta ) • Notizia dell’attacco a Skype (https://superevr.com/blog/2011/xss-in-skype-for-ios/) • OWASP WebGoat (https://www.owasp.org/index.php/Category:OWASP_WebGoat_Project) • DOWNLOAD progetto dimostrativo (http://www.divshare.com/download/17108200-6e1) Stefano Santomauro sfn.santomauro@gmail.com

Notes de l'éditeur

  1. AUTORE
  2. AUTORE
  3. AUTORE
  4. AUTORE
  5. AUTORE
  6. AUTORE
  7. AUTORE
  8. AUTORE
  9. AUTORE
  10. AUTORE
  11. AUTORE
  12. AUTORE
  13. AUTORE
  14. AUTORE
  15. AUTORE
  16. AUTORE
  17. AUTORE