Blog Home  Home Feed your aggregator (RSS 2.0)  
kevin Mocha - Web 2.0 Security (part 1)
Bookmarks collected from web.
 
Archive
<September 2010>
SunMonTueWedThuFriSat
2930311234
567891011
12131415161718
19202122232425
262728293012
3456789
Navigation
Visual C# FAQ
All-In-One Code Framework
SharePoint Dev Wiki
Flash8
Home
Code format
ASP.NET Tutorial
ASP.NET Video
CSS Tutorial
Internet Memory
C++ Tutorial
Users
Kevin Mocha429
Total Posts429
Comments10
Categories
 
 
 
 
 
  Design
 
 
 
 
 
  Research
 
 
 
 
 
Blogroll
Contact
Send mail to the author(s) Email Me

Disclaimer
The opinions expressed herein are my own personal opinions and do not represent my employer's view in anyway.

Sign In
 Sunday, March 07, 2010
Web 2.0 Security (part 1) by Kevin Mocha

Web 2.0 addresses the new web technologies that are used to bring more interactivity to web
applications.

Additionally, Web 2.0 also includes a behavioral shift on the web, where users are
encouraged to customize their own content on web applications rather than view static/
generic content supplied by an organization.

In addition to the technology and behavior changes, Web 2.0 can also mean the shift
from shrink-wrapped software to software as a service.

 

Another aspect of Web 2.0 are mash-up and plug-in pages. (Personal google page)

 

Injection attacks are based on a single problem that persists in many technologies: namely,
no strict separation exists between program instructions and user data (also referred to as
user input). This problem allows for attackers to sneak program instructions into places
where the developer expected only benign data. By sneaking in program instructions, the
attacker can instruct the program to perform actions of the attacker’s choosing.

 

Input Injection

 

SQL Injection

 

SELECT id FROM user_table WHERE username = '' OR 1=1 -- ' AND password
= PASSWORD('x')

 

Injection attacks are not necessary blind attacks. Many web applications are developed
with open-source tools. To make injection attacks more successful, download free or
evaluation copies of products and set up your own test system. Once you have found an
error in your test system, it is highly probable that the same issue will exist on all web
applications using that tool.

 

Cure: 1. constrain data types, escape user input, prepared statements (the best)

 

XPath Injection

//users[username/text()='admin' and password/text()='' or '1'='1' ]/id/text()

 

Command Injection (Escape)

Directory Transversal Attacks
XXE (XML eXternal Entity) Attacks (prohibit the external entity in XML parser)

LDAP Injection
whitelisting characters—that is, allow
alphanumeric characters (a–z, A–Z, and 0–9) and deny all other characters.
Buffer Overflows
The injection aspect of buffer overflows is that the attacker injects
machine instructions (called shell code) into some user input. The attacker somewhat needs to
know where the shell code will end up in the memory of the computer running the web
application. Then the attacker overwrites the return address to point to the memory location
of the shell code.

Sunday, March 07, 2010 5:08:42 AM UTC  #    Comments [0]    |   |  Trackback
Copyright © 2010 Kevin Mocha. All rights reserved.
DasBlog 'Portal' theme by Johnny Hughes.
Pick a theme: