SlideShare a Scribd company logo

Web Vulnerabilities_NGAN Seok Chern

Quek Lilian
Quek Lilian

The document discusses various website vulnerabilities and methods of attack, as well as countermeasures. It describes common attacks like cross-site scripting, SQL injection, buffer overflows, and directory traversals. It also covers exploiting error messages, vulnerabilities in website configuration files, and reasons for attacking websites, such as defacing or stealing credit card numbers. The document emphasizes the importance of validating and sanitizing user input, controlling access rights, updating servers with patches, and modifying error messages to prevent attacks.

1 of 16
Download to read offline
WEBSITE VULNERABILITIES Ngan Seok Chern MCP | CEH | MVP – ASP / ASP.NET seokchern85@hotmail.com http://blog.scnetstudio.com
Agenda  Web application setup  Why attack  Type of attack & countermeasure
Web Application Setup
Why Attack ?  DefacingWebsite  Sealing credit card information  exploting server-side scripting  exploiting buffer overflow  and etc
Step 1. Scanning 2. Gather Information 3.Testing 4. Plan 5. Launch
Type of Attack  Cross-site Scripting / XSS Flaws  SQL Injection  Buffer Overflow  DirectoryTraversal  Error message interception attack  Web.config  and etc
Cross-site Scripting / XSS Flaws  Typically found in web applications which allow code injection by malicious users into the web pages viewed by other users.  JavaScript is commonly used.  During an attack "everything looks fine" to the end-user.  <script> </script>  Countermeasure :  Validate all your sources.  Filtering script output.
SQL Injection  SQL to manipulate database’s data  Execute from address bar, queries / searches.  SELECT fieldlist FROM table WHERE field = '$EMAIL';  SELECT fieldlist FROM table WHERE field = 'anything' OR 'x'='x';  Countermeasure:  Check user input.  Validate and sanitize user input that passed to database.
Buffer Overflow  Where a process stores data in a buffer outside the memory the programmer set aside for it.  Countermeasure:  Validate input length.  Check and pay extra care on loop function which carry data.
Directory Traversal  Attacker able to browse directories and files.  Expose the directory structure of application and often the underlying web server and operating system.  Eg. “../Images/logo.gif”  Countermeasure:  Define access right to the protected area  Apply checks/hot fixes  Update web server with patches in timely manner
Error Message Attack  Based on error message that show.  Example:  Your password is incorrect.  Connecting to the database on ……. With …..is not unsuccessful.  Countermeasure:  Modify and display common error message.
Web.config  Connection String Information  Example:  Data Source=190.190.200.100,1433;Network Library=DBMSSOCN;Initial Catalog=myDataBase;User ID=myUsername;Password=myPassword;  Countermeasure:  Encrypt your web.config.  aspnet_regiis.exe -pef "connectionStrings Name" "C:InetpubwwwrootMySite" –prov "DataProtectionConfigurationProvider”
Web.config (Original)
Web.config (Encrypted)
Summary  Programmer played important roles.  Patches your server.
Thank you Q&A

More Related Content

Web Vulnerabilities_NGAN Seok Chern

  • 1. WEBSITE VULNERABILITIES Ngan Seok Chern MCP | CEH | MVP – ASP / ASP.NET seokchern85@hotmail.com http://blog.scnetstudio.com
  • 2. Agenda  Web application setup  Why attack  Type of attack & countermeasure
  • 4. Why Attack ?  DefacingWebsite  Sealing credit card information  exploting server-side scripting  exploiting buffer overflow  and etc
  • 6. Type of Attack  Cross-site Scripting / XSS Flaws  SQL Injection  Buffer Overflow  DirectoryTraversal  Error message interception attack  Web.config  and etc
  • 7. Cross-site Scripting / XSS Flaws  Typically found in web applications which allow code injection by malicious users into the web pages viewed by other users.  JavaScript is commonly used.  During an attack "everything looks fine" to the end-user.  <script> </script>  Countermeasure :  Validate all your sources.  Filtering script output.
  • 8. SQL Injection  SQL to manipulate database’s data  Execute from address bar, queries / searches.  SELECT fieldlist FROM table WHERE field = '$EMAIL';  SELECT fieldlist FROM table WHERE field = 'anything' OR 'x'='x';  Countermeasure:  Check user input.  Validate and sanitize user input that passed to database.
  • 9. Buffer Overflow  Where a process stores data in a buffer outside the memory the programmer set aside for it.  Countermeasure:  Validate input length.  Check and pay extra care on loop function which carry data.
  • 10. Directory Traversal  Attacker able to browse directories and files.  Expose the directory structure of application and often the underlying web server and operating system.  Eg. “../Images/logo.gif”  Countermeasure:  Define access right to the protected area  Apply checks/hot fixes  Update web server with patches in timely manner
  • 11. Error Message Attack  Based on error message that show.  Example:  Your password is incorrect.  Connecting to the database on ……. With …..is not unsuccessful.  Countermeasure:  Modify and display common error message.
  • 12. Web.config  Connection String Information  Example:  Data Source=190.190.200.100,1433;Network Library=DBMSSOCN;Initial Catalog=myDataBase;User ID=myUsername;Password=myPassword;  Countermeasure:  Encrypt your web.config.  aspnet_regiis.exe -pef "connectionStrings Name" "C:InetpubwwwrootMySite" –prov "DataProtectionConfigurationProvider”
  • 15. Summary  Programmer played important roles.  Patches your server.