Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Common Web Vulnerabilities

advertisement 
Introduction to the OWASP Top 10
A3: BROKEN AUTHENTICATION
AND SESSION MANAGEMENT
HTTP is stateless…
 This means a user’s credentials must be
passed with each request
 Passing credentials creates an opportunity for
attackers to steal the credentials
 URLs, form fields, and cookies offer varying
levels of (in)security
Encryption
 First line of defense
 Encoding ≠ Encryption!
 Base64 is not secure
 Use SSL to provide transport layer encryption
of logged on sessions
 And remember…
 URLs could be exposed as referrer data
 Any reference not using SSL exposes
credentials
Example
 Anyone heard of FireSheep???
 Firefox plugin that made it easy to steal logon
credentials
 The technique used is known as SideJacking
 Exploitation of a session key to gain access to
information or services
 Takes advantage of sites that allow/leak
unencrypted session information
 XSS attacks can also be used to steal session
keys
SideJacking Scorecard
Protection
 Universally deploy SSL
 Any content that is brought in unencypted will
expose session information!
 Use an architecture that’s simple, centralized,
and standardized…
 CAS
Introduction to the OWASP Top 10
A4: INSECURE DIRECT OBJECT
REFERENCES
Insecure Direct Object Reference
 The ability of a user to reference a file or
function without permission
 A failure of authorization control
Common Mistake
 Simply excluding unauthorized functions
from menus and options
 Malicious users can easily tamper with
requests to the server
 URL parameters, form data, cookies
Prevention
 Validate every direct object reference on the
server
 Verify type of access for files
 Read, Write, Delete
 Provide indirect references to files
 OWASP Enterprise Security API (ESAPI) provides
tools to do this
References
 OWASP Broken Authentication Wiki Page
 http://www.owasp.org/index.php/Top_10_2010-A3
 SideJacking Scorecard
 https://www.digitalsociety.org/2010/11/online-services-
security-report-card
 Implementing CAS
 http://www4.nau.edu/its/sia/
 OWASP Direct Object Reference Wiki Page
 http://www.owasp.org/index.php/Top_10_2010-A4
 OWASP ESAPI
 http://www.owasp.org/index.php/ESAPI
Related documents
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Origins, Cookies and Security * Oh My!
Origins, Cookies and Security * Oh My!
PROPOSED ADVERTISEMENT
PROPOSED ADVERTISEMENT
Application Security 101
Application Security 101
What is an OWASP? Open Web Application Security Project 
What is an OWASP? Open Web Application Security Project 
IUTGetRoot
IUTGetRoot
Laboratory work 2 SEC
Laboratory work 2 SEC
Training_Instructor_Agreement
Training_Instructor_Agreement
Presentation Tagline - OWASP AppSec USA 2011
Presentation Tagline - OWASP AppSec USA 2011
Security Policies - Personal Web Pages
Security Policies - Personal Web Pages
Media: An_introduction_to_penetration_testing
Media: An_introduction_to_penetration_testing
OWASP Plan - Strawman - OWASP AppSec USA 2011
OWASP Plan - Strawman - OWASP AppSec USA 2011
The Secure SDLC Panel Real answers from real experience
The Secure SDLC Panel Real answers from real experience
OWASP Live CD / WebGoat Live Demo
OWASP Live CD / WebGoat Live Demo
WebSecurity_Commonsecuritythreats_and_hacking
WebSecurity_Commonsecuritythreats_and_hacking
John-Reynders-Web-Security-Testing
John-Reynders-Web-Security-Testing
PPTX - OWASP AppSec USA 2011
PPTX - OWASP AppSec USA 2011
OWASP's Ten Most Critical Web Application Security Vulnerabilities
OWASP's Ten Most Critical Web Application Security Vulnerabilities
CyberSecology Reporting Template
CyberSecology Reporting Template
Application Security Tools
Application Security Tools
OWASPIL-2014-06-16_OWASP-Top-10_-_Security
OWASPIL-2014-06-16_OWASP-Top-10_-_Security
The Secure SDLC Panel Real answers from real experience
The Secure SDLC Panel Real answers from real experience
Download
advertisement