Transcript complementary ppt

The attacks
●
XSS
–
type 1: non-persistent
–
type 2: persistent
–
Advanced: other keywords (<style>, prompt()) or
other technologies such as Flash
The attacks
●
SQL Injection
–
first order: non-persistent
–
second order: persistent
The attacks
●
Cross Channel Scripting
–
Similar to XSS and SQLI (contains all non-XSS, nonSQLI code injection vulnerabilites)
–
examples:
●
Xpath Injection: unsanitzed data used in XML
●
Malicious File Upload
●
Open Redirects: (http://www.vulnerable.com?redirect=http://www.attacker.com)
●
Path Traversal (http://foo.com/../../barfile)
The attacks
●
Session Management
–
credentials sent over unencrypted HTTP
–
weak password recovery questions
–
weak CAPTCHAs
–
predicable authentication id values
–
insecure session cookies
The attacks
●
Cross-Site Request Forgery
–
Alice is logged into her bank account
–
Trudy sends Alice an e-mail containing a link with a
request to transfer money to Trudy's account
–
●
could require a click (<a href=”malicious_link”>)
●
or not (<img src=”malicious link”>)
When the request is sent by Alice (eg by attempting to
view the image), her authentication cookie is sent
with it
The attacks
●
SSL/Server Config
–
misconfigurations in the web server or SSL
Information Leakage
●
Various methods of gaining sensitive information
such as database names, source code or user
names
–
die() function
–
path vulnerabilities