identifying attack vectors
play

Identifying Attack Vectors Professor Larry Heimann Web Application - PowerPoint PPT Presentation

Mar 28, 2023 •142 likes •309 views

Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems Nothing is in isolation Attack surface An attack surface is the total number of possible attack vectors Think of a house, with the

  1. Identifying Attack Vectors Professor Larry Heimann Web Application Security Information Systems

  2. Nothing is in isolation

  3. Attack surface • An “attack surface” is the total number of possible attack vectors • Think of a house, with the doors and windows as attack vectors for intruders • Minimize the surface area by securing each door and window

  4. Content discovery -- brute force • Common directory names • https:/target/admin/ • https:/target/account/ • https:/target/accounts/ • https:/target/agent/ • https:/target/utils/ • Common filenames for application pages • https:/target/admin/admin.php • https:/target/admin/manage.php • https:/target/admin/home.php • https:/target/admin/accounts.php

  5. Content discovery -- inference from visible content ViewDocument.jsp EditDocument.jsp AnnualReport2009.pdf AnnualReport2010.pdf • Review HTML / JS source for comments, etc. • Look for information about framework and/or webmaster • Decompile thick clients • Feed back results and work recursively

  6. Hidden content • Often times hidden content exists that is not directly linked • Examples include: • Backup copies of live files • New/old/test functionality not currently linked to main content • Configuration / include files • Source files for dynamic content • Logs • Look at the source code itself for comments, javascript vulnerabilities

  7. Comics of the Day...

  8. Content discovery -- use public sources • knows! • site:www.target.com • site:www.target.com login • link:www.target.com • related:www.target.com • view the cached content • Forum posts by developers/administrators • archives at web.archive.org (‘the wayback machine’)

  9. Application pages vs. Functional pages Some apps don’t use URLs to individuate content and functions: POST /bank.jsp HTTP/1.1 Host: wahh-bank.com Content-Length: 106 servlet=TransferFunds&method=confirmTransfer &fromAccount=10372918&toAccount=3910852&amou nt=291.23&Submit=Ok

  10. Identifying entry points for user input • URLs • Query string • POST parameters • Cookies • Look for unusual data encapsulation, for example: /dir/file=bar/file /dir/file?param=foo:bar /dir/file?data=%3cfoo%3ebar%3c%2ffoo2%3ebar2%3c%2c • Look for REST parameters within the URL file path • See if application responds di ff erently to unexpected new parameter names

  11. Dissecting requests • A typical search function: http://target/workflow/calendar.jsp?name=new %20applicants&isExpired=0&startDate=22%2F09%2F2006 &endDate=22%2F03%2F2007&OrderBy=name • What do we know from this? • jsp: Java • isExpired: controls which content is returned? • OrderBy: clause of a SQL query? • Name, startDate, endDate, isExpired: SQL query parameters?

  12. Dissecting requests • A content management system: http://target/workbench/register.aspx? template=NewBranch.tpl&loc=/ default&ver=5.32&edit=false • What do we know from this? • aspx: ASP .Net • template: file name • .tpl: custom file extension • loc: directory name? • edit=false: controls whether files can be edited?

  13. Web spidering • Request start page • Parse for links to other content • Continue recursively until no new content is discovered • Feed results into other mapping exercises

  14. Demonstration

  15. Mapping the attack surface Vector Attack Method Database interaction SQL injection File upload/download path traversal vulnerability Display of user-supplied data cross-site scripting Dynamic redirects header injection attacks username enumeration, weak passwords, Login ability to use brute force Error messages information leakage Email interaction command injection Native code components buffer overflows Third-party application components known vulnerabilities

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

TCPDB.DAT case Archive file signatures Attack surface Attack vectors Defense Conclusions P A

Introduction Motivation SAP compression algorithms Archive file programs SAP archive file formats CAR SAR v2.00 SAR v2.01 Relative/absolute paths TCPDB.DAT case Archive file signatures Attack surface Attack vectors

913 views • 49 slides
CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record

Implementing scalable CAN Security with CANcrypt by Olaf Pfeiffer CAN AUTHENTICATION AND ENCRYPTION February 2017 CAN PROVIDES MULTIPLE ATTACK VECTORS Record and re-play messages Can trigger desired actions Re-engineering

320 views • 21 slides
Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA

Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA

Attack vectors on mobile devices Tam Hanna aka @tamhanna About /me Tam HANNA CEO, Tamoggemon Ltd. Runs web sites about mobile computing Starting thoughts Different user perceptions Mobile phones are always on the

923 views • 74 slides
URI Use and Abuse New and Improved with Mac Pwnage and Mobile Attack Vectors!!! Contributing

URI Use and Abuse New and Improved with Mac Pwnage and Mobile Attack Vectors!!! Contributing

URI Use and Abuse New and Improved with Mac Pwnage and Mobile Attack Vectors!!! Contributing Authors Nathan McFeters Senior Security Analyst Ernst & Young Advanced Security Center, Chicago Billy Kim Rios Senior

841 views • 51 slides
Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know.

Detecting a Biological Attack The attack will not be obvious; it may take hours or days to know. Current biological diagnostics are very effective at identifying agents, but theyre slow. We already have an infrastruc- ture in place to

233 views • 8 slides
CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web browser Installed apps Both types of threats increasing in prevalence and sophistication source:

861 views • 31 slides
WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation

WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation

WAMOS 2018 Common Attack Vectors of IoT Devices 09.08.2018 Alexios Karagiozidis Motivation Botnetworks and Internet attacks increased rapidly Examples of security issues: Mirai-Bot-Network CVE-2018-10967, bufferoverflow via

848 views • 27 slides
Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief

Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief

Privileged Attack Vectors: Building Effective Defense Strategies Morey J. Haber Chief Technology Officer mhaber@beyondtrust.com Agenda The Threat Landscape Sample Cases What is Privileged Access Management? Twelve

751 views • 31 slides
Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1

Detecting Malicious Web Links and Identifying Their Attack Types 1 Hyunsang Choi, 2 Bin B. Zhu, 1 Heejo Lee 1 Korea University, 2 Microsoft Research Asia USENIX WebApps 2011 2011-06-21 Outline Introduction Existing solutions

470 views • 25 slides
I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias

I Control Your Code Attack Vectors through the Eyes of Software-based Fault Isolation Mathias Payer <mathias.payer@nebelwelt.net> Motivation Current exploits are powerful because Applications run on coarse-grained user-privilege

800 views • 39 slides
Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure

Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure

Attack Graph Based Metrics for Identifying Critical Cyber Assets in Electric Grid Infrastructure Chen Huo Panini Sai Patapanchala Dr. Rakesh B. Bobba Dr. Eduardo Cotilla-Sanchez 1 Our Goal Short-term : Developing a method that takes

378 views • 20 slides
Vectors Vectors and Scalars Properties of Vectors Components of a Vector and Unit

Vectors Vectors and Scalars Properties of Vectors Components of a Vector and Unit

Vectors Vectors and Scalars Properties of Vectors Components of a Vector and Unit Vectors Homework 1 Vectors and Scalars Vector - quantity that has magnitude and direction e.g. displacement, velocity, acceleration, force

560 views • 16 slides
Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June

Drone Hacking Basics Intro to UAS Architectures, Attack Vectors and RF Hacking Matt Koskela June 15, 2017 Outline Drone Architectures RF Basics Information Gathering RF Hacking Tools Exploits & Demos Q&A Why? Wrights Law

485 views • 27 slides
Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i .

Effective Security Going Back To The Basics M e r i k e K a e o , C T O m e r i k e @ f s i . i o FARSIGHT SECURITY DISCUSSION POINTS Attack Trends A Historical View Attack Vectors in Recent Years Evolution of Mitigation

634 views • 29 slides
CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias

CS527 Software Security Attack Vectors Mathias Payer Purdue University, Spring 2018 Mathias Payer CS527 Software Security Exploitation: Disclaimer This section focuses software exploitation We will discuss both basic and advanced

860 views • 49 slides
Methods of Adding Vectors Geometrically MCV4U: Calculus & Vectors Recall that two vectors are

Methods of Adding Vectors Geometrically MCV4U: Calculus & Vectors Recall that two vectors are

g e o m e t r i c v e c t o r s g e o m e t r i c v e c t o r s Methods of Adding Vectors Geometrically MCV4U: Calculus & Vectors Recall that two vectors are equivalent if they have the same magnitude and direction. This means that vectors

281 views • 4 slides
Do you speak .. Integration of other scripting languages than JSP By Sebastian Himberger

Do you speak .. Integration of other scripting languages than JSP By Sebastian Himberger

Do you speak .. Integration of other scripting languages than JSP By Sebastian Himberger Advantages & Motivation / Why the heck? Integration of existing work easier Shorter turnaround time Change & add classes / scripts without

319 views • 20 slides
Modern SQL: Evolution of a dinosaur @MarkusWinand @ModernSQL

Modern SQL: Evolution of a dinosaur @MarkusWinand @ModernSQL

Modern SQL: Evolution of a dinosaur @MarkusWinand @ModernSQL http://www.almaden.ibm.com/cs/people/chamberlin/sequel-1974.pdf Modern SQL: Evolution of a dinosaur @MarkusWinand @ModernSQL

1.64k views • 123 slides
- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams

- http://pothosware.com/ Interesting features Feedback loops Polymorphic streams Signals slots Remote topologies Live reconfiguration Object introspection Block registration Block descriptions

240 views • 10 slides
JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up?

JSON Logging with Elasticsearch Radu Gheorghe search statistics Where do your logs end up? Elasticsearch fast Splunk MongoDB file system scalable other logstash Kibana graylog logstash rsyslog graylog fluentd Elasticsearch Head

186 views • 18 slides
Democracy in Theory and Practice 1 The Politics of Confrontation in1950s - Liberal/Democratic

Democracy in Theory and Practice 1 The Politics of Confrontation in1950s - Liberal/Democratic

Democracy in Theory and Practice 1 The Politics of Confrontation in1950s - Liberal/Democratic Party (LDP) vs Japan Socialist Party (JSP) and JCP L/DP vote %; seat % JSP vote % seats% JCP vote % seats 1952 66 21 24 2 5 0 70 1953 66 66 27 30 2

276 views • 14 slides
Apache MyFaces Open Source JavaServer Faces Matthias Weendorf @ ApacheCon US 2005 San Diego,

Apache MyFaces Open Source JavaServer Faces Matthias Weendorf @ ApacheCon US 2005 San Diego,

Apache MyFaces Open Source JavaServer Faces Matthias Weendorf @ ApacheCon US 2005 San Diego, CA Matthias Weendorf Apache MyFaces committer / PMC author of German books Struts 1.2 Web Services and mobile clients

633 views • 49 slides
Using the JSP Standard Tag Library (JSTL) with JSF Berner Fachhochschule-Technik und Informatik

Using the JSP Standard Tag Library (JSTL) with JSF Berner Fachhochschule-Technik und Informatik

Using the JSP Standard Tag Library (JSTL) with JSF Berner Fachhochschule-Technik und Informatik Overview and Installation Advanced Web Technologies Installing JSTL 8) Including JSTL in JSF Iteration Tags Logic Tags Source:

272 views • 7 slides
Model 2 approach to JSP Servlet/JSP Integration 4 Dispatching Requests First, call the

Model 2 approach to JSP Servlet/JSP Integration 4 Dispatching Requests First, call the

Integrazione delle tecnologie Java Servlet e JSP Presentazione derivata da www.coreservlets.com Servlet/JSP Integration Why Combine Servlets & JSP? Typical picture: use JSP to make it easier to develop and maintain the HTML content

455 views • 7 slides

More recommend