DEF CON 27 - BEN SADEGHIPOUR - owning the clout through ssrf and pdf generators

This document discusses SQL injection (SQLI), which is a code injection technique used to attack data-driven applications. SQLI works by inserting malicious SQL statements into entry fields for execution on the backend database. This allows attackers to read sensitive data, modify database contents, and perform administration tasks. The document outlines common SQLI attack methods like error-based and union-based techniques. It also categorizes SQLI attacks as in-band, inferential/blind, or out-of-band based on how results are returned. Examples are provided to illustrate how SQLI exploits vulnerabilities in dynamic SQL queries.

General Waf detection and bypassing techniques. Main focus to demonstrate that how to take right approach to analyse the behaviour of web application firewall and then create test cases to bypass the same.

Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. XSS has been one of the top vulnerabilities on the OWASP Top Ten list for many years. While XSS attacks can compromise user sessions and steal sensitive data, developers can prevent XSS through proper input sanitization and output encoding. As web applications continue to grow in use, jobs in web application security and penetration testing are also expected to increase significantly in the coming years.

Cross Site Scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise benign and trusted websites. XSS has been a top web application vulnerability since 1996. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when malicious scripts come from URLs, while stored XSS happens when scripts are stored on websites. XSS can be used to steal cookies and sessions, redirect users, alter website contents, and damage an organization's reputation. Developers can prevent XSS through input validation, output encoding, and using the HttpOnly flag.

As long as code and data cannot be distinguished by machines, Injection attacks will prevail. Injection flaws are very prevalent, particularly in legacy code. Injection flaws occur when an application sends untrusted data to an interpreter. This talk will focus on different injection flaws, challenges associated with it and possible ways to mitigate it.

The slide consists of: An explanation for SQL injections. First order and second order SQL injections. Methods: Normal and Blind SQL injections with examples. Examples: Injection using true/false, drop table and update table commands. Prevention using dynamic embedded SQL queries. Conclusion and References.

Key Points What is Cross Site Request Forgery (CSRF)? How Attack Can Happen? Damages caused by CSRF? Mitigations What is Cross Site Request Forgery (CSRF)? CSRF is an attack in which attacker forges the request as a trusted user. The request is essentially made to send unintended data to the site. A vulnerable web application assumes that the data is coming from a trusted user. The root cause is – request coming from browser is trusted by server blindly, if CSRF protection is not implemented. This “blind trust” lets attacker create a forged request, and make the victim perform that request. How Attack Can Happen? Attacker knows about target application, on which the attack is to be performed Attacker forges request and sends it to victim who may be logged into the website by embedding that forged request into a hyperlink Victim clicks on it, and unknowingly sends malicious request to website Website accepts it and processes it. Thus the attacker is successful in performing the attack. Damages caused by CSRF? In Net-banking attacker can forge the request and send it to victim to steal money from Victim’s account Personal health information can be stolen or modified in a hospital database Attacker force victim to perform unwanted action which affect their profile Mitigation Techniques Can be mitigate by two ways CSRF token (a cookie which is introduced in each form and validated by web app) Captcha (implemented to ensure that the request is being performed by a human interaction)

This document provides an overview of the OWASP Top 10 Risk Rating Methodology. It explains how risks are rated based on four factors: threat agent, attack vector, technical impact, and business impact. Each factor is given a rating of 1-3 (easy to difficult) and these ratings are multiplied together to calculate an overall weighted risk rating. An example of how this methodology would be applied to an SQL injection vulnerability is also provided.

This document provides an overview of the Laravel PHP framework. It describes key Laravel concepts like MVC architecture, Eloquent ORM, Blade templating, routing, controllers, authentication, Artisan CLI, and Inversion of Control using service providers. It also lists requirements to set up a Laravel project and ways to create one using the Laravel installer or Composer.

This document provides an introduction and overview of REST APIs. It defines REST as an architectural style based on web standards like HTTP that defines resources that are accessed via common operations like GET, PUT, POST, and DELETE. It outlines best practices for REST API design, including using nouns in URIs, plural resource names, GET for retrieval only, HTTP status codes, and versioning. It also covers concepts like filtering, sorting, paging, and common queries.

This document provides an overview of the Laravel PHP framework, including instructions for installation, directory structure, MVC concepts, and a sample "task list" application to demonstrate basic Laravel features. The summary covers creating a Laravel project, defining a database migration and Eloquent model, adding routes and views with Blade templating, performing validation and CRUD operations, and more.

The document discusses cross-site scripting (XSS) flaws that occur when untrusted user data is included on a webpage without validation or encoding. XSS allows attackers to execute scripts in a victim's browser by tricking them into visiting a malicious website. The document provides examples of XSS payloads and links to learn more about prevention and filters.

- Laravel is a popular PHP MVC framework that provides tools like Eloquent ORM, Blade templating, routing, and Artisan CLI to help developers build applications faster. - Key Laravel features include Eloquent for database access, Blade templating engine, routing system, middleware, and Artisan CLI commands for common tasks like migrations and seeding. - The document discusses Laravel's file structure, installing via Composer, and provides best practices for coding with Laravel like avoiding large queries and using middleware, validation, and CSRF protection.

The document provides an overview of key features and capabilities of Burp Suite, a popular web application security testing tool. It discusses how to configure Burp Suite for optimal performance, techniques for proxying and filtering traffic, exploiting vulnerabilities using the intruder tool, passive and active scanning with the scanner, replaying requests with the repeater, crawling sites with the spider, analyzing tokens with the sequencer, decoding responses with the decoder, comparing responses with the comparer, searching with engagement tools, extending functionality with extender, maintaining the state of assessments, and references for additional learning. The document is intended to help users get started with Burp Suite and leverage its full capabilities as a "pro."

This document provides an introduction to SQL injection basics. It defines SQL injection as executing a SQL query or statement by injecting it into a user input field. The document outlines why SQL injection is studied, provides a sample database structure, and describes generic SQL queries and operators like UNION and ORDER BY. It also categorizes different types of SQL injection and attacks. The remainder of the document previews upcoming topics on blind SQL injection, data extraction techniques, and prevention.

Microsoft powerpoint presentation for BTech academic seminar.This seminar discuses about penetration testing, penetration testing tools, web application vulnerabilities, impact of vulnerabilities and security recommendations.

The document discusses common security threats such as URL spoofing, man-in-the-middle attacks, cross-frame scripting, SQL injection, rainbow table matching, denial of service attacks, cross-site scripting, cross-site request forgery, brute force attacks, and dictionary attacks. For each threat, it describes variations, prevention methods such as input validation, access control, and encryption, and detection techniques like monitoring for anomalous behavior.

This document discusses various techniques for optimizing the frontend performance of web applications. It provides 5 rules: 1) Only optimize when it makes a meaningful difference. 2) Download resources in parallel to reduce page load time. 3) Eliminate unnecessary requests through techniques like merging, inlining, sprites and caching. 4) Defer parsing of JavaScripts when possible to improve perceived page load speeds. 5) Consider factors like server location and content delivery networks to improve global performance.

The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.

The presentation about how the site works on the Internet and what happens when you open it in your browser. What happens under the hood of the server and browser. How to measure the performance of the CS-Cart project simply and without technical knowledge :) And of course, why all the online-performance-testing services lie, or dont provides a clear view ;) https://www.simtechdev.com/cloud-hosting --- Cloud hosting for CS-Cart, Multi-Vendor, WordPress, and Magento by Simtech Development - AWS and CS-Cart certified hosting provider free installation & migration | free 24/7 server monitoring | free daily backups | free SSL | and more...

The increasing capabilities and performance of the web platform allow for more feature-rich user experiences. How can JavaScript based applications utilize information security and cryptography principles? This session will explore the current state of JavaScript and Web Cryptography. We will review some basic concepts and definitions, discuss the role of TLS/SSL, show some working examples that apply cryptography to real-world use cases and take a peek at the upcoming W3C WebCryptoAPI. Code samples will use CryptoJS in the browser and the Node.js Crypto module on the server. An extended example will secure the popular TodoMVC project using PBKDF2 for key generation, HMAC for data integrity and AES for encryption.

The document provides an overview of web development. It discusses how the web was created in 1989 by Tim Berners-Lee and the initial technologies of HTTP, HTML, and URLs. It then explains how a basic web application works with a browser connecting to a web server to request and receive HTML files and other resources. The document also summarizes key concepts in web development including front-end versus back-end code, common programming languages and frameworks, database usage, and standards that allow interoperability across systems.

Learn all the basics of web app development including bootstrap, handlebars templates, jquery and angularjs, as well as using hybrid app deployment on a phone.

Crash course introduction to web development for WordPress covering acronyms, buzzwords and concepts that often leave outsiders mystified. Overview of primary development processes and what software and tools are needed to play the game. We’ll cover what you need to go from zero to developer and hopefully how to have fun on the way. WordPress development tools explained for beginners: ftp, git, svn, php, html, css, sass, js, jquery, IDEs, themes, child themes, the Loop, hooks, APIs, CLI, agile, bootstrap, slack, linting, sniffing … etc.

Drupal is an open source content management system (CMS) written in PHP and uses a MySQL database. It allows users to build dynamic websites and provides features like content authoring, taxonomy, views, and customizable modules. The document discusses Drupal fundamentals like nodes, modules, blocks, menus, and user permissions. It also provides an overview of using HTML, CSS, PHP, and MySQL to develop websites with Drupal.

The document discusses securing web applications from common vulnerabilities like cross-site scripting (XSS) and cross-site request forgery (CSRF). It outlines various techniques attackers use to exploit these issues, such as injecting malicious scripts into user input or forging unauthorized requests. The document then provides recommendations for developers to prevent these attacks, such as carefully validating and encoding all user input, and authenticating that requests are intended by the user.

- The document discusses securing Rails web applications by improving on the framework's default security settings. - It emphasizes using HTTPS to encrypt traffic, securing certificates with tools like Let's Encrypt, and strengthening configurations using the Mozilla SSL Configuration Generator. - Content Security Policies provide an added layer of security by restricting what content can be loaded from external sources, reducing vulnerabilities, though they require careful configuration. - HTTP Public Key Pinning can lock users out if misconfigured, so caution is advised. Overall, the talk provides guidance on tightening security beyond Rails defaults.

Slides for "HTML5 Security Realities" talk at W3Conf: Practical Standards for Web Professionals 2013. Brad Hill - PayPal @hillbrad

Lecture slides for COMP 3512. Suitable for Web 2 course in a degree following CIT/CIS/CS ACM model curriculum.

"Through cooperation between browser vendors and standards bodies in the recent past, numerous standards have been created to enforce stronger client-side control for web applications. As web appsec practitioners continue to shift from mitigating vulnerabilities to implementing proactive controls, each new standard adds another layer of defense for attack patterns previously accepted as risks. With the most basic controls complete, attention is shifting toward mitigating more complex threats. As a result of the drive to control for these threats client-side, standards such as SubResource Integrity (SRI), Content Security Policy (CSP), and HTTP Public Key Pinning (HPKP) carry larger implementation risks than others such as HTTP Strict Transport Security (HSTS). Builders supporting legacy applications actively make trade-offs between implementing the latest standards versus accepting risks simply because of the increased risks newer web standards pose.  In this talk, we'll strictly explore the risks posed by SRI, CSP, and HPKP; demonstrate effective mitigation strategies and compromises which may make these standards more accessible to builders and defenders supporting legacy applications; as well as examine emergent properties of standards such as HPKP to cover previously unforeseen scenarios. As a bonus for the breakers, we'll explore and demonstrate exploitations of the emergent risks in these more volatile standards, to include multiple vulnerabilities uncovered quite literally during our research for this talk (which will hopefully be mitigated by d-day)." (Source: Black Hat USA 2016, Las Vegas)

The document summarizes various techniques for exploiting vulnerabilities in web applications, including exploiting logged out XSS vulnerabilities, CSRF protected XSS, XSS via HTTP headers, file upload issues, and encoding tricks for SQL injection. It discusses using techniques like browser password managers, session fixation, persistent data stores, and Flash to circumvent protections.

This document provides an overview of unusual web application security bugs and exploitation techniques discussed by Alex Kuznetsov, including exploiting logged out XSS vulnerabilities, CSRF protected XSS, XSS via HTTP headers, file upload issues, PHP oddities, SQL injection encoding attacks, and more obscure bugs involving cookies, timing attacks, and cookie policies. The talk outlines new and creative ways to bypass input validation and achieve remote code execution or sensitive data disclosure on vulnerable sites.

Zend Framework is an open source PHP framework that follows the model-view-controller (MVC) pattern to promote best practices. It has many features like simplicity, extensibility, and full documentation. Google Gears is a browser plugin that allows web applications to work offline and store data locally. It includes a database, caching, and background processing to improve performance and responsiveness even without internet access. Google Gears aims to bridge the gap between desktop and web applications and its components are simple to use.

The document provides 10 tips for securing ASP.NET applications. It discusses common web attacks like cross-site request forgery and session fixation, and defenses against them such as using secret tokens and regenerating session IDs. It also covers proper use of cryptography, input validation, authorization, cookies, password security, and restricting application trust levels.

The document provides an overview of scaling principles for web applications, beginning with optimizing a single server application and progressing to more advanced architectures involving load balancing, multiple web/application servers, and multiple database servers. It discusses profiling applications to identify bottlenecks, various caching and optimization strategies, Apache configuration for handling load, and links to additional resources on related topics.

The document provides an overview of scaling principles for web applications, beginning with optimizing a single server application and progressing to more advanced architectures involving load balancing, multiple web/application servers, and multiple database servers. It discusses profiling applications to identify bottlenecks, various caching and optimization strategies, Apache configuration for prefork MPM, and load balancing technologies like DNS round robin, Apache reverse proxy, HAProxy and Pound. Links are provided to additional resources on related topics.