SLIDE 1
Security #MiSSConcepts
Ammarit Thongthua, CISSP CISM
Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I - - PowerPoint PPT Presentation
Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I - - PowerPoint PPT Presentation
Security #MiSSConcepts Ammarit Thongthua, CISSP CISM # Who am I
SLIDE 2
SLIDE 3
Security #MiSSConcepts
SLIDE 4
Security #MiSSConcepts
use use use use understand understand take take
SLIDE 5
#Expected
Security Security protection we protection we
#Expected
SLIDE 6
#Reality
Security protection we get in
SLIDE 7
Security by Obscurity Security by Obscurity Security by Obscurity Security by Obscurity
SLIDE 8
Security by Obscurity
Obscurity = make nobody know or make it hard to see
Example:
- Path hiding
- Path hiding
- Hidden field
- Hidden/Remove object
- Change service port number
- Referrer, HTTP special Header
SLIDE 9
Security by Obscurity
https://www.somewebsite.com/page/admin/login.aspx admin/login.aspx
Path hiding Path hiding
SLIDE 10
Security by Obscurity
https://www.somewebsite.com/abc/123/admin.php /abc/123/admin.php
Path hiding Path hiding
SLIDE 11
Security by Obscurity
Path hiding Path hiding
SLIDE 12
Security by Obscurity
Path hiding Path hiding -
- Temp File, Back Up
Temp File, Back Up
SLIDE 13
Dirbuster Dirbuster
Security by Obscurity
SLIDE 14
Prepare path dictionary
Basic : /admin , /test, /abc, /xyz Well known : /administrator /manager, /wp-admin, /console
- Security by Obscurity
Dirbuster Dirbuster
Advance : /admin-path, /
Temp File, Back Up
Path + .zip , .rar , .bak Ex; /admin http://testsite.com/admin.zip http://testsite.com/admin.rar http://testsite.com/admin.bak
SLIDE 15
Security by Obscurity
Hidden filed Hidden filed
SLIDE 16
Security by Obscurity
Hidden filed Hidden filed
SLIDE 17
Security by Obscurity
Hidden filed Hidden filed
SLIDE 18
Security by Obscurity
Hidden filed Hidden filed
SLIDE 19
Security by Obscurity
Disabled Disabled
SLIDE 20
Security by Obscurity
Hidden/Remove object Hidden/Remove object
SLIDE 21
Security by Obscurity
Hidden/Remove object Hidden/Remove object
SLIDE 22
Security by Obscurity
Hidden/Remove object Hidden/Remove object
SLIDE 23
Security by Obscurity
Change service port number Change service port number
SLIDE 24
Security by Obscurity
Change service port number Change service port number
SLIDE 25
Security by Obscurity
HTTP Referrer HTTP Referrer
SLIDE 26
Security by Obscurity
HTTP special Header HTTP special Header
SLIDE 27
Security by Obscurity
HTTP special Header HTTP special Header
SLIDE 28
HTTP special Header HTTP special Header
Security by Obscurity
SLIDE 29
Header name What it means
x-forwarded-for Originating IP of a client connection to the server
Security by Obscurity
HTTP special Header Example HTTP special Header Example
x-forwarded-for Originating IP of a client connection to the server x-forwarded-host Origination host name x-forwarded-server Originating server name x-wap-profile A reference to the user-agent profile as specified. x-imsi The imsi number. Identifies the end user. x-msisdn The end users phone number
Ref: https://mobiforge.com/design-development/useful-x-headers
SLIDE 30
Encode = Encrypt ? Encode = Encrypt ? Encode = Encrypt ? Encode = Encrypt ?
SLIDE 31
BASE 64 password in database
Encode != Encrypt
SLIDE 32
BASE 64 password Cookie
Encode != Encrypt
SLIDE 33
Encode != Encrypt
SLIDE 34
BASE 64 decode by zap proxy
Encode != Encrypt
SLIDE 35
- !
! ! ! !"# !"# $%&'( $%&'(
SLIDE 36
Example
Shift-bit + Add letter GD + Fake Pad (==)
Weak hashing algorithm
Shift-bit + Add letter GD + Fake Pad (==) Password = QGDbGDtGDtGDxGDpGDsGDe==
Remove GD => Qbttxpse Shift back => Password
SLIDE 37
Encrypted password ? Encrypted password ? Encrypted password ? Encrypted password ?
SLIDE 38
Encrypted Password ?
password A03aBe/q54f== Config file Database Web Server Attacker
SLIDE 39
Password hashing ? Password hashing ? Password hashing ? Password hashing ?
SLIDE 40
Weak hashing algorithm
SLIDE 41
Weak hashing algorithm
SLIDE 42
Encrypt data with secure algorithm is OK. Encrypt data with secure algorithm is OK. No more need to concern
SLIDE 43
More things to concern for the encryption
- Implementation
Encryption
- Implementation
- Key length (bits)
- Mode (ECB, CBC, OFB, CFB)
SLIDE 44
SLIDE 45
ECB mode weakness in real case ? ECB mode weakness in real case ?
SLIDE 46
- ! !"" ##$#$#
ECB block shuffler
! !"" ##$#$# ##### ! !""##!!$"" "!# ######## #!!#$" $ " "##!!$"" "!#
SLIDE 47
- ! !"" ##$#$#
#####
ECB block shuffler
##### ! !""##!!$"" "!# ######## #!!#$" $ " "##!!$"" "!# ###% #!!#$" $ " " ##$#$#
SLIDE 48
https://fitnessxx.com/cutomer.php?
ECB block shuffler
###%
https://fitnessxx.com/cutomer.php? data= #!!#$" $ " " ##$#$#
SLIDE 49
ECB block shuffler
SLIDE 50
Is encrypted data secured when secure algorithm and Is encrypted data secured when secure algorithm and Mode?
SLIDE 51
Yes, But Yes, But
SLIDE 52
Replay Attack
SLIDE 53
Replay Attack
SLIDE 54
Authentication Check at on load
- Tamper Data and reject
Cookie Expired date is work
- Cookie Editor
Other Security #MiSSConcepts
- Cookie Editor
Protection by WAF is sufficient
- Evasion (Ex; admin';--)
- Unsupported SSL cipher suite
- Pollution technique
- WAFW00F Input validate
HTTPS is sufficient
SLIDE 55
SLIDE 56
Other Security #MiSSConcepts No vulnerability found in VA/Pentest = Secured
SLIDE 57
Secure by design Put the right solutions to the right jobs
Conclusion
Put the right solutions to the right jobs Security Source code review Perform regular vulnerability assessment /
penetration test
SLIDE 58