Upload File

web application exploits and defenses

prev
next
out of 2
Download Web Application Exploits and Defenses

Upload: nilmani-kumar

Post on 09-Apr-2018

218 views

Category:

Documents


0 download

Report

TRANSCRIPT

  • 8/7/2019 Web Application Exploits and Defenses

    1/2

    Google Code University

    Web Application Exploits and Defenses

    A Codelab by Bruce Leban, Mugdha Bendre, and Parisa Tabriz

    UPDATED July 13, 2010: We have changed the name of the codelab application to Gruyere and have

    moved the location to this page. Please update your bookmarks.

    Want to beat the hackers at their own game?

    Learn how hackers find security vulnerabilities!

    Learn how hackers exploit web applications!Learn how to stop them!

    This codelab shows how web application vulnerabilities can be exploited and how to defend against these attacks.

    The best way to learn things is by doing, so you'll get a chance to do some real penetration testing, actually

    exploiting a real application. Specifically, you'll learn the following:

    How an application can be attacked using common web security vulnerabilities, like cross-site scripting

    vulnerabilities (XSS) and cross-site request forgery (XSRF).How to find, fix, and avoid these common vulnerabilities and other bugs that have a security impact, such as

    denial-of-service, information disclosure, or remote code execution.

    To get the most out of this lab, you should have some familiarity with how a web application works (e.g., general

    knowledge of HTML, templates, cookies, AJAX, etc.).

    GruyereThis codelab is built around Gruyere /rujr/ - a

    small, cheesy web application that allows its users to

    publish snippets of text and store assorted files.

    "Unfortunately," Gruyere has multiple security bugs

    ranging from cross-site scripting and cross-site request

    forgery, to information disclosure, denial of service, and

    remote code execution. The goal of this codelab is to

    guide you through discovering some of these bugs and

    learning ways to fix them both in Gruyere and in

    general.

    The codelab is organized by types of vulnerabilities. In

    each section, you'll find a brief description of avulnerability and a task to find an instance of that

    vulnerability in Gruyere. Your job is to play the role of a

    malicious hacker and find and exploit the security bugs.

    In this codelab, you'll use both black-box hacking and

    white-box hacking. In black box hacking, you try to

    find security bugs by experimenting with the application

    and manipulating input fields and URL parameters, trying

    to cause application errors, and looking at the HTTP

    requests and responses to guess server behavior. You do not have access to the source code, although

    understanding how to view source and being able to view http headers (as you can in Chrome or LiveHTTPHeaders

    for Firefox) is valuable. Using a web proxy like Burp or WebScarab may be helpful in creating or modifying requests.

    In white-box hacking, you have access to the source code and can use automated or manual analysis to identify

    bugs. You can treat Gruyere as if it's open source: you can read through the source code to try to find bugs. Gruyere

    Application Exploits and Defenses http://google-gruyere.app

    1/13/2011 1

    Generated by Foxit PDF Creator Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.

  • 8/7/2019 Web Application Exploits and Defenses

    2/2

    is written in Python, so some familiarity with Python can be helpful. However, the security vulnerabilities covered

    are not Python-specific and you can do most of the lab without even looking at the code. You can run a local instance

    of Gruyere to assist in your hacking: for example, you can create an administrator account on your local instance to

    learn how administrative features work and then apply that knowledge to the instance you want to hack. Security

    researchers use both hacking techniques, often in combination, in real life.

    We'll tag each challenge to indicate which techniques are required to solve them:

    Challenges that can be solved just by using black box techniques.

    Challenges that require that you look at the Gruyere source code.

    Challenges that require some specific knowledge of Gruyere that will be given in the first hint.

    WARNING: Accessing or attacking a computer system without authorization is illegal in many jurisdictions. While

    doing this codelab, you are specifically granted authorization to attack the Gruyere application as directed. You may

    not attack Gruyere in ways other than described in this codelab, nor may you attack App Engine directly or any

    other Google service. You should use what you learn from the codelab to make your own applications more secure.

    You should not use it to attack any applications other than your own, and only do that with permission from the

    appropriate authorities (e.g., your company's security team).

    Continue >>

    Google 2010 Terms of ServiceThe code portions of this codelab are licensed under the Creative Commons Attribution-No Derivative Works 3.0 United States license. Brief excerpts of the code may be used for educational or instructional purposesprovided this notice is kept intact. Except as otherwise noted the remainder of this codelab is licensed under the Creative CommonsAttribution 3.0 United States license .

    Application Exploits and Defenses http://google-gruyere.app

    1/13/2011 1

    Generated by Foxit PDF Creator Foxit Softwarehttp://www.foxitsoftware.com For evaluation only.


‘FOR OFFICIAL USE ONLY’ Space and Naval Warfare Systems ...info.publicintelligence.net/cyberwarfarebrief.pdf · Network Attacks, Exploits, and Defenses. −Commissioned in January

Top Ten Web Application Defenses v12

OWASP The OWASP Foundation · OWASP 3 Input Validation Attacks: Cause, Exploits, Impacts Cause: Failure to properly validate data at the entry and exit points of the application Exploits:

The Ether Wars: Exploits, counter-exploits and honeypots ... CON 27/DEF CON 27... · ConsenSys Diligence | The Ether Wars: Exploits, counter-exploits and honeypots on Ethereum 2 About

The State of the State of Application Exploits in Security

OWASP The OWASP Foundation...OWASP 3 Input Validation Attacks: Cause, Exploits, Impacts Cause: Failure to properly validate data at the entry and exit points of the application Exploits:

Cross Site Scripting (XSS) Exploits & Defenses

Cross Domain Injection and Exploits - OWASP Domain Injection and Exploits Meeting (Sep-15-2009) ... CSRF on both XML and JS-Array ... application servers like Tomcat or WebLogic

16: Exploits and Defenses Up and Down the Stack

Defenses, Application-Level Attacks, etc. Nick Feamster CS 7260 April 4, 2007

Pseudomonas aeruginosa Human opportunistic pathogen – exploits some break in hosts’ defenses in which to initiate infection

Low-level Software Security: Attacks and Defenses · 12 FOSAD'07: Low-level Software Security All defenses are limited (correct software is better) Only prevent some exploits: e.g.,

CRIMINAL DEFENSES LAW 1: CRIMINAL LAW CRIMINAL DEFENSES

Les exploits

Software Exploits

22: Exploits and Defenses Up and Down the Stack

Real Time Application Defenses - The Reality of AppSensor & ESAPI

Memory Error Exploits and Defenses - Stony Brook Universityseclab.cs.sunysb.edu/sekar/cse509/ln/memerr-rand.pdf · 2020-02-06 · slide 25. Chaining RETs for Fun and Profit Can chain

Utilizing Code Reuse/ROP in PHP Application Exploits

The Devil is in the Constants: Bypassing Defenses in …2017/09/09  · Many defenses against ROP exploits exist, which can significantly raise the bar against attackers. Although

Horseless Carriage Exploits and Eavesdropping Defenses Boston 2009 Copyright 2009, James M. Atkinson

Application-Level Attacks, Network-Level Defenses

Real Time Application Defenses

Salmonella exploits NLRP12-dependent innate immune ... · PDF fileSalmonella exploits NLRP12-dependent innate immune signaling to suppress host defenses during infection ... host defense

Defenses 4 main types of Defenses 4 main types of Defenses

Memory Exploits & Defenses - Computer Sciencecs.unc.edu/~fabian/courses/CS600.624/slides/exploits.pdf · exploits We need a defense ... The Exploit Note: •Library offset is limited

Common Exploits

Utilizing Code Reuse/ROP in PHP Application Exploits...Stefan Esser • Utilizing Code Reuse/ROP in PHP Application Exploits • July 2010 • Introduction (V) Return Oriented Programming

Application Security as a Service: Start Your Application ... · 5 The Majority of Security Breaches Today are From Application Vulnerabilities Security incidents from exploits against

and Defenses Systems Attacks CSC 591 · Source: Kaspersky Security Bulletin 2015 Distribution of exploits per application 2015. Source: Kaspersky Security Bulletin 2017 Distribution

IT Vulnerabilities, Tech Exploits, and Cyber Defenses Cable / Satellite POS Packet Sniffing / AP impersonation ... Network Hacking ToolsNetwork Hacking ToolsSlide Title Packet Analyzers

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES 1

Security exploits of Google application specific passwords & Chrome’s OAuth2 tokens

Cross Site Scripting (XSS) Exploits & Defenses › › DC_ED_OWASP_XSS... · OWASP 6 High Profile XSS Defacements April fools 2007: Tennis star vows to give up tennis to persue CCIE

Application-Level Attacks, Network-Level Defenses Nick Feamster CS 7260 April 9, 2007