perslink security
play

Perslink Security Eleonora Petridou Pascal Cuylaerts System And - PowerPoint PPT Presentation

Jan 16, 2023 •356 likes •756 views

Perslink Security Perslink Security Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Perslink Security Outline Research question About Perslink Approach Manual inspection Automated

  1. Perslink Security Perslink Security Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011

  2. Perslink Security Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities Recommendations Conclusion Demo Please ask your questions at the end of the presentation.

  3. Perslink Security • Research Question Research Question Can the security of the Perslink web application be compromised? The three following sub questions were the guideline of our research: Are there any security holes in the web application? Can these flaws be exploited to expose sensitive information? What countermeasures can the developers take against the discovered flaws?

  4. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website Perslink Main Page

  5. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website Contact Search

  6. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website New Contact

  7. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website Bulletin Board

  8. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website New Bulletin

  9. Perslink Security • ◦ ◦ ◦ ◦ About Perslink • ◦ ◦ Public Website Bulletin Details

  10. Perslink Security • ◦ ◦ ◦ ◦ About Perslink ◦ • ◦ Internal Website Search Engine

  11. Perslink Security • ◦ ◦ ◦ ◦ About Perslink ◦ • ◦ Internal Website Contact Details

  12. Perslink Security • ◦ ◦ ◦ ◦ About Perslink ◦ ◦ • Administration Panel Administration panel main page

  13. Perslink Security • ◦ ◦ ◦ ◦ About Perslink ◦ ◦ • Administration Panel Full Contact Profile

  14. Perslink Security • ◦ ◦ ◦ ◦ About Perslink ◦ ◦ • Administration Panel IP range settings

  15. Perslink Security ◦ • ◦ ◦ ◦ Approach • Attack Design Approach Attack the web application without any inside knowledge Log in as a legitimate user and attempt to abuse the application Try to find vulnerabilities in the administrator panel

  16. Perslink Security ◦ ◦ • ◦ ◦ Penetration testing •◦ Manual testing Manual inspection No HTTPS Three cookies are used JSESSIONID Perslink Remember Me Cookie perslink computer cookie Guessing login User account locked after three failed attempts No error message for invalid usernames Double-login lock SQL injection fails Cross Site Scripting not possible → Inserted code is escaped

  17. Perslink Security ◦ ◦ • ◦ ◦ Penetration testing ◦• Automated testing Automated tools Tool Language Openness Platform Skipfish C open source Linux-only Arachni Ruby open source Linux-only Paros Java freeware cross-platform W3af Python open source cross-platform Netsparker CE .NET freeware Windows-only Table: Tools used to unveil the vulnerabilities of Perslink

  18. Perslink Security ◦ ◦ • ◦ ◦ Penetration testing ◦• Automated testing Results (1/2) Skipfish jQuery JavaScript library Direct Web Remoting (DWR) Probably Java back-end CSRF possible /clipboard/create.web /request/contact.web /request/organisation.web /perslink check.web Paros Predictable querystring in search results /perslink check.web?organisationType =CONTAINS ALL&organisation=& keywordType=CONTAINS ALL&keyword=&nameType=STARTS WITH &name=jo&prefix=&surname= Auto-completion of login forms

  19. Perslink Security ◦ ◦ • ◦ ◦ Penetration testing ◦• Automated testing Results (2/2) w3af CSRF possible for /j spring security check Tomcat server Netsparker Perslink Remember Me Cookie & perslink computer cookie are not HTTPonly

  20. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities • ◦ ◦ ◦ ◦◦ Injection SQL injection Tests Manual/Automated tests Specialized tests using sqlmap No successful injection Implemented protection methods Hibernate, queries with named parameters Escape special characters No error information leakage

  21. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities • ◦ ◦ ◦ ◦◦ Injection SQL injection Tests Manual/Automated tests Specialized tests using sqlmap No successful injection Implemented protection methods Hibernate, queries with named parameters Escape special characters No error information leakage

  22. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ • ◦ ◦ ◦◦ Session fixation Session fixation attack Test URL with fixed session ID sent to victim Victim logged in to Perslink following the given link Attempt to steal data through the victim’s session failed Implemented protection methods New session ID is generated at every login The user can destroy the session and recreate it

  23. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ • ◦ ◦ ◦◦ Session fixation Session fixation attack Test URL with fixed session ID sent to victim Victim logged in to Perslink following the given link Attempt to steal data through the victim’s session failed Implemented protection methods New session ID is generated at every login The user can destroy the session and recreate it

  24. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ • ◦ ◦◦ Information storage issues Information storage issues Issues User credentials stored in plain text Storing address details of the contacts User input is stored non-sanitized Recommendations Hashing credentials before storing them Exclude the address details from the database Escape user input before putting it in the database

  25. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ • ◦ ◦◦ Information storage issues Information storage issues Issues User credentials stored in plain text Storing address details of the contacts User input is stored non-sanitized Recommendations Hashing credentials before storing them Exclude the address details from the database Escape user input before putting it in the database

  26. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ • ◦◦ Brute-forcing Brute-forcing user login form Issues Autocomplete functionality used to discover usernames by a malicious page Implemented protection methods Locked after 3 failed login attempts Validation code sent to user’s email address

  27. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ • ◦◦ Brute-forcing Brute-forcing user login form Issues Autocomplete functionality used to discover usernames by a malicious page Implemented protection methods Locked after 3 failed login attempts Validation code sent to user’s email address

  28. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ • ◦◦ Brute-forcing Brute-forcing URL admin panel Admin panel is not linked by any other page Brute-forcing a possible URL is the only option Webroot tool tried all combinations for most common URL characters [a-z][A-Z] [0-9] [!,#,$,?,/, \ ,=] Length unknown, 50 characters would produce 87 . 59 x 10 90 combinations After 20 days, it was requesting four-character URLs

  29. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ • ◦◦ Brute-forcing Brute-forcing admin login form Attacker is redirected to identical dummy page after one failed login Account disabled after three failed attempts on the real login page Recommendations Disable auto-complete functionality

  30. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ • ◦◦ Brute-forcing Brute-forcing admin login form Attacker is redirected to identical dummy page after one failed login Account disabled after three failed attempts on the real login page Recommendations Disable auto-complete functionality

  31. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ ◦ •◦ Cross Site Request Forgery Cross Site Request Forgery Predictable URL Profiles can be downloaded directly Session ID of authenticated user needed Cookie stealing possible due to browser vulnerabilities

  32. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ ◦ •◦ Cross Site Request Forgery Cross Site Request Forgery - Exploit Lure a logged in user to a malicious website using an interesting message on the bulletin board Execute a client-side script (C) in the user’s browser C will steal his session ID by exploiting a browser vulnerability C will pass the session ID to a server-side script (S) that will request the profile pages S is not susceptible to the browser’s same origin policy (SOP) S can request the profiles across the different domains (demo later)

  33. Perslink Security ◦ ◦ ◦ • ◦ Vulnerabilities ◦ ◦ ◦ ◦ •◦ Cross Site Request Forgery CSRF Mitigation Implemented protection methods Email alert to administrators when the requests exceed a threshold Recommendations Block user accounts with huge number of requests in a short timespan Avoid using the sequential user IDs to link to the contact detail pages Generate a new session ID for every request

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Authorized Agent Training 1 Agenda Retirement Insurance PERSLink Employer Self

Authorized Agent Training 1 Agenda Retirement Insurance PERSLink Employer Self

Authorized Agent Training 1 Agenda Retirement Insurance PERSLink Employer Self Service Accounting 2 RETIREMENT OVERVIEW 3 Defined Benefit Plan NDCC 54-52 Hybrid defined benefit plan Commonly referred to as the

1.85k views • 173 slides
What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

What is network security? Friends and enemies: Alice, Bob, Trudy What is network security?

Network security Network security Foundations: what is security? cryptography Network Security Network Security authentication message integrity key distribution and certification Security in practice: Srinidhi Varadarajan

332 views • 6 slides
Security Security as term, Possible Security violations Authentication Criteria for

Security Security as term, Possible Security violations Authentication Criteria for

BS1 WS19/20 topic-based slides Security Security as term, Possible Security violations Authentication Criteria for Trust in Computer Systems Three hearts of Windows Security DACLs A Look at Security System is secure if

988 views • 20 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security

Biometrics and Security Biometrics and Security Biometrics and Security Biometrics and Security WS 06/07 Seminar Prof. Dr.-Ing. Jana Dittmann & Dr.-Ing. Claus Vielhauer with support from Tobias Scheidat

419 views • 16 slides
1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

1 X.800 Security Services X.800 Security Services X.800 Security Services Data integrity

Course Overview Course Requirements EECS 498-7/8 Cryptography and Network Security: www.citi.umich.edu/u/honey/security Principles and Practice (Third Edition) Computer Security Monday & Friday, 9:00 10:30 William Stallings

670 views • 19 slides
A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security

A (re)introduction to Spring Security Agenda Before Spring Security: Acegi security Introducing Spring Security View layer security Whats coming in Spring Security 3 E-mail: craig@habuma.com Blog: http://www.springloaded.info

452 views • 19 slides
Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security

Network Security Network Security Srinidhi Varadarajan Network security Network security Foundations: what is security? cryptography authentication message integrity key distribution and certification Security in practice:

634 views • 36 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CSCE Intro to Computer Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies Security

472 views • 20 slides
SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY

SECURITY TESTING Towards a safer web world AGENDA 1. 3 WS OF SECURITY TESTING 2. SECURITY TESTING CONCEPTS 3. SECURITY TESTING TYPES 4. TOP 10 SECURITY RISKS Few Security Breaches Date: 2013-14 September 2016, while in negotiations to

404 views • 18 slides
Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in

Security Security with Distributed Systems Why Security? The need for security mechanisms in distributed systems arises from the desire to share resources Resources must be protected against unauthorized access, as enemies (attackers)

1.16k views • 67 slides
Security Overview Security Goals The Attack Space Security Mechanisms

Security Overview Security Goals The Attack Space Security Mechanisms

CPSC 410/611 Operating Systems Security Security Overview Security Goals The Attack Space Security Mechanisms Introduction to Cryptography Authentication Authorization Confidentiality Case Studies

419 views • 19 slides
International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International

International and Global Security 1 Peer Discussion What is security? 2 International Security What is security? Freedom from threats to core values? Contestation over referent object: Individual? State? System? How is security achieved?

715 views • 11 slides
Security 101 Definition of Information Security Information security is the protection of

Security 101 Definition of Information Security Information security is the protection of

Computing Services Information Security Office Security 101 Definition of Information Security Information security is the protection of information and systems from unauthorized access, disclosure, modification, destruction or disruption. The

469 views • 22 slides
Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety

Security Update Security Plans Our Security plans are For Official Use Only, Safety Sensitive Information Not for public or media release F.S. 119.071. Required by law, rule and regulation: Homeland Security Directive 5 and 8.

393 views • 11 slides
Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the

Com puter Security Part One Security as a subject Security is an old problem in the computing world, and are parallel to even older problems outside computing Required level of security is always related to what you protect

237 views • 23 slides
Meeting CEN/TS & ISO Standard Requirements Self Assessment Cornelia Stumptner Funded by

Meeting CEN/TS & ISO Standard Requirements Self Assessment Cornelia Stumptner Funded by

Meeting CEN/TS & ISO Standard Requirements Self Assessment Cornelia Stumptner Funded by Course | Graz | May 16, 2018 GZ 10.470/0016-II/3/2013 CEN/TS & ISO Standards CEN Technical Specifications & ISO Standards for molecular

417 views • 20 slides
16th November 2015 7 th May 2014 Internal Security Fund National Programme for Malta 2014-2020

16th November 2015 7 th May 2014 Internal Security Fund National Programme for Malta 2014-2020

16th November 2015 7 th May 2014 Internal Security Fund National Programme for Malta 2014-2020 2014-2020 Sustainable Management of Internal Security ISF Timeline 4 th of June 2013 Policy Dialogue 12 th June 2013 Discussions

772 views • 27 slides
Unemployment Benefits April 28, 2020 Unprecedented Demand More than 1 million Michigan

Unemployment Benefits April 28, 2020 Unprecedented Demand More than 1 million Michigan

Unemployment Benefits April 28, 2020 Unprecedented Demand More than 1 million Michigan workers have filed for unemployment since March 15th MI ranks among top states for number of claims filed % of workforce impacted (~26%)

474 views • 28 slides
Fibrotic complications of inflammatory bowel disease Gerhard Rogler, Department of

Fibrotic complications of inflammatory bowel disease Gerhard Rogler, Department of

January 27th 2017, 8th Gastro Foundation Weekend for Fellows; Spier Hotel & Conference Centre, Stellenbosch Fibrotic complications of inflammatory bowel disease Gerhard Rogler, Department of Gastroenterology and Hepatology, University

469 views • 21 slides
WWW.IXROVERFL.COM ABOUT US We all long for a happy, fulfilling and contented life. We are looking

WWW.IXROVERFL.COM ABOUT US We all long for a happy, fulfilling and contented life. We are looking

WWW.IXROVERFL.COM ABOUT US We all long for a happy, fulfilling and contented life. We are looking for guaranteed manuals and proven recipes on how to achieve this. I believe that the key is to actively spend time in the company of our loved

224 views • 20 slides
Fixative Sprayer Platform Leonel Lagos, Florida International University Peggy Shoffner, Florida

Fixative Sprayer Platform Leonel Lagos, Florida International University Peggy Shoffner, Florida

Fixative Sprayer Platform Leonel Lagos, Florida International University Peggy Shoffner, Florida International University Paula Kirk, Thomas Conley, Lockheed Martin Energy (ORNL) Edgard Espinosa (DOE Fellows) Giancarlo Pena, Edgard Espinosa

406 views • 23 slides
Program Now Available Online! www.amc.mrl.Illinois.edu Welcome! to the Materials Research

Program Now Available Online! www.amc.mrl.Illinois.edu Welcome! to the Materials Research

Program Now Available Online! www.amc.mrl.Illinois.edu Welcome! to the Materials Research Laboratory Central Research Facilities Orientation for New Researchers Where are the MRL ESB Central Supercon Research 4-digit room #s

836 views • 55 slides
New Concept of Beauty Unique way to take Care of Hair Combines beauty style and shape with the

New Concept of Beauty Unique way to take Care of Hair Combines beauty style and shape with the

New Concept of Beauty Unique way to take Care of Hair Combines beauty style and shape with the styling line. We believe beauty starts from the Hair Hair represent the inner charm that each end one of us wish to show and take care of. Choose the

398 views • 10 slides

More recommend