Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science
  3. Information Security

Common Web Vulnerabilities

advertisement 
Introduction to the OWASP Top 10
A3: BROKEN AUTHENTICATION
AND SESSION MANAGEMENT
HTTP is stateless…
 This means a user’s credentials must be
passed with each request
 Passing credentials creates an opportunity for
attackers to steal the credentials
 URLs, form fields, and cookies offer varying
levels of (in)security
Encryption
 First line of defense
 Encoding ≠ Encryption!
 Base64 is not secure
 Use SSL to provide transport layer encryption
of logged on sessions
 And remember…
 URLs could be exposed as referrer data
 Any reference not using SSL exposes
credentials
Example
 Anyone heard of FireSheep???
 Firefox plugin that made it easy to steal logon
credentials
 The technique used is known as SideJacking
 Exploitation of a session key to gain access to
information or services
 Takes advantage of sites that allow/leak
unencrypted session information
 XSS attacks can also be used to steal session
keys
SideJacking Scorecard
Protection
 Universally deploy SSL
 Any content that is brought in unencypted will
expose session information!
 Use an architecture that’s simple, centralized,
and standardized…
 CAS
Introduction to the OWASP Top 10
A4: INSECURE DIRECT OBJECT
REFERENCES
Insecure Direct Object Reference
 The ability of a user to reference a file or
function without permission
 A failure of authorization control
Common Mistake
 Simply excluding unauthorized functions
from menus and options
 Malicious users can easily tamper with
requests to the server
 URL parameters, form data, cookies
Prevention
 Validate every direct object reference on the
server
 Verify type of access for files
 Read, Write, Delete
 Provide indirect references to files
 OWASP Enterprise Security API (ESAPI) provides
tools to do this
References
 OWASP Broken Authentication Wiki Page
 http://www.owasp.org/index.php/Top_10_2010-A3
 SideJacking Scorecard
 https://www.digitalsociety.org/2010/11/online-services-
security-report-card
 Implementing CAS
 http://www4.nau.edu/its/sia/
 OWASP Direct Object Reference Wiki Page
 http://www.owasp.org/index.php/Top_10_2010-A4
 OWASP ESAPI
 http://www.owasp.org/index.php/ESAPI
Related documents
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Dangerous Wi-Fi Access Point: Attacks to Benign Smartphone
Origins, Cookies and Security * Oh My!
Origins, Cookies and Security * Oh My!
PROPOSED ADVERTISEMENT
PROPOSED ADVERTISEMENT
Application Security 101
Application Security 101
What is an OWASP? Open Web Application Security Project 
What is an OWASP? Open Web Application Security Project 
IUTGetRoot
IUTGetRoot
Laboratory work 2 SEC
Laboratory work 2 SEC
Training_Instructor_Agreement
Training_Instructor_Agreement
Presentation Tagline - OWASP AppSec USA 2011
Presentation Tagline - OWASP AppSec USA 2011
Security Policies - Personal Web Pages
Security Policies - Personal Web Pages
Media: An_introduction_to_penetration_testing
Media: An_introduction_to_penetration_testing
OWASP Plan - Strawman - OWASP AppSec USA 2011
OWASP Plan - Strawman - OWASP AppSec USA 2011
Download
advertisement