Upload File

web security

15
Web Security Thet Aung Min Latt Managing Director Diamond Intelligence Co., Ltd [email protected]

Upload: thet-aung-min-latt

Post on 02-Jul-2015

177 views

Category:

Internet


0 download

Report

DESCRIPTION

Web Security issues and advice

TRANSCRIPT

Page 1: Web security

Web Security

Thet Aung Min Latt

Managing Director

Diamond Intelligence Co., Ltd

[email protected]

Page 2: Web security

Finding the flaw

• Stolen user credentials

• Weak passwords

• Code vulnerabilities

• Dangerous configurations

Page 3: Web security

In the public

• ext:sql intext:@gmail.com intext:password

• inurl:/backup intitle:index of backup intext:*sql

• intext:phpMyAdmin SQL Dump filetype:sqlintext:INS...

• inurl:.php? intext:CHARACTER_SETS,COLLATIONS, ?intitle:phpmyadmin

Page 4: Web security

Owning your box

• The cost

• The responsibility

Page 5: Web security

Shell

• Shell

Page 6: Web security

Know it

• Recognize a backdoor

• File name patterns/location

• File modification date

• File permissions/ownership

• File contents

• Log analysis

Page 7: Web security

File

Page 8: Web security

File contents

Page 9: Web security

The Log

Page 10: Web security

Strange URL in access log

• http://www.Victim-website.com.mm/mailto.php

• http://www.Victim-website.com.mm/mailto.php?symlink&symlinkserver

• http://www.Victim-website.com.mm/mailto.php?database

• http://www.Victim-website.com.mm/mailto.php

• http://www.Victim-website.com.mm/aboutus_photo/2005068737dunush.php

Page 11: Web security

Malicious Redirect Code Within

The .htaccess File

Page 12: Web security

Advice

• Only administer your website from a deviceyou trust is free of malware.

• Do not administer your site from a free Wi-Fi hotspot

• Keep your website up to date

• Use strong passwords and change them on aregular basis.

• Back up your site at least once a month.

Page 13: Web security

Tip

• Curious

• Everything is test

Page 14: Web security

Reference

• blog.malwarebytes.org

Page 15: Web security

Q&A

Thanks


Web Filter and Web Security Web Security Gateway Web ... · Web Filter, Web Security, or Web Security Gateway • Windows Server 2003 R2 32- bit • Windows Server 2008 32- bit •

Web - Web security

Web$Security: Web$Application$Security...CSE$484$/$CSE$M$584:$Computer$Security$and$Privacy$ $ Web$Security: Web$Application$Security $ Spring2015 ’ Franziska’(Franzi)Roesner’’

Testing web security security of web sites and applications

Upgrading Websense Web Security Software (Websense Web Security

Web Services Security (WS-Security)

Remote Filtering - Web Security, Email Security, Data Security

FDA Security Awareness Web Site - NIST · 2018-09-27 · FDA Security Awareness Web Site . The Security Awareness Web Site provides ongoing security awareness including useful security

Cisco IronPort Email & Web Security€¦ · Security Gateway. Application-Specific Security Gateways. SECURITY MANAGEMENT. Appliance. Internet. WEB. Security Gateway. SensorBase (The

Getting Started - Web Security, Email Security, Data Security

Web Security and Network Security

Web Security: Web Application Security [continued]courses.cs.washington.edu/courses/cse484/17sp/slides/cse484-lect… · Web Security: Web Application Security [continued] Spring

Network World QuickPulse Web Security Challenges How to Overcome Web Security ... · 2015. 9. 17. · Network World QuickPulse * Web Security Challenges How to Overcome Web Security

cWatch Web Security - Quick Start Guide · Comodo cWatch Web Security - Quick Start Guide Comodo cWatch Web Security - Quick Start Guide • cWatch Web Security is a cloud-based security

Deployment Guide - Web Security, Email Security, Data Security

Web security