Question? Leave a message!




Top Ten Web Attacks

Top Ten Web Attacks 10
JadenNorton Profile Pic
JadenNorton,United States,Researcher
Published Date:14-07-2017
Website URL
Comment
Top Ten Web Attacks Saumil Shah Net-Square BlackHat Asia 2002, SingaporeTodayÕs battleground Ð the Web TodayÕs battleground Ð the Web ¥ Web sites and web applications rapidly growing. ¥ Complex business applications are now delivered over the web (HTTP). ¥ Increased Òweb hackingÓ activity. ¥ Worms on the web. ¥ How much damage can be done? ¥ Firewalls?Typical Web Application set-up Typical Web Application set-up SQL HTTP Firewall Database request (cleartext or SSL) Web app DB Web app Web Web Web app Client Server DB Web app HTTP reply (HTML, ¥Apache Plugins: Database Javascript, ¥IIS ¥Perl connection: VBscript, ¥Netscape ¥C/C++ ¥ADO, etc) etcÉ ¥JSP, etc ¥ODBC, etc.Traditional HackingÉLimitations Traditional HackingÉLimitations ¥ Modern network architectures are getting more robust and secure. ¥ Firewalls being used in almost all network roll-outs. ¥ OS vendors learning from past mistakes (?) and coming out with patches rapidly. ¥ Increased maturity in coding practices.Utility of Firewalls Utility of Firewalls ¥ Hacks on OS network services prevented by firewalls. Web app DB Web app Web Web app Server DB Web app wu-ftpd X X X X Sun RPC X X X X NT ipc X X X XUtility of Firewalls Utility of Firewalls ¥ Internal back-end application servers are on a non- routable IP network. Web app (private addresses) DB Web app Web Web app Server DB Web app X X X XUtility of Firewalls Utility of Firewalls ¥ Outbound access restricted. Why would a web server telnet out? Web app DB Web app Web Web app Server DB Web app X X X XFutility of Firewalls Futility of Firewalls ¥ E-commerce / Web hacking is unfettered. ¥ Web traffic is the most commonly allowed of protocols through Internet firewalls. ¥ Why fight the wall when youÕve got an open door? ¥ HTTP is perceived as ÒfriendlyÓ traffic. ¥ Content/Application based attacks are still perceived as rare.The Web HackerÕs Toolbox The Web HackerÕs Toolbox Essentially, all a web hacker needs is É ¥ a web browser, ¥ an Internet connection, ¥ É and a clear mind.Classifying Web Hacks Classifying Web Hacks Web Hacks fall under the following categories: ¥ URL Interpretation attacks ¥ Input Validation attacks ¥ SQL Injection attacks ¥ Impersonation attacks ¥ Buffer Overflow attacksFirewalls cannot preventÉ Firewalls cannot preventÉ Web Web Client Server ¥ URL Interpretation Attacks. web server mis- configurationFirewalls cannot preventÉ Firewalls cannot preventÉ Web app Web app Web Web Web app Client Server Web app ¥ Input Validation attacks. URL poor Interpretation checking attacks of user inputsFirewalls cannot preventÉ Firewalls cannot preventÉ Web app DB Web app Web Web Web app Client Server DB Web app ¥ SQL Query Poisoning URL Input Extend SQL Interpretation Validation statements attacks attacksFirewalls cannot preventÉ Firewalls cannot preventÉ Reverse- engineering HTTP cookies. Web app DB Web app Web Web Web app Client Server DB Web app ¥ HTTP session hijacking. URL Input SQL query ¥ Impersonation. Interpretation Validation poisoning attacks attacksWhy is Web Hacking so deadly? Why is Web Hacking so deadly? ¥ Ports 80 and 443 are usually allowed through firewalls. ¥ A single URL works its way into may components. ¥ And in most cases, the only defense is Òsecure codingÓ.The URL as a cruise missile The URL as a cruise missile http: // 10.0.0.1 / catalogue / display.asp ? pg = 1 & product = 7 Web app DB Web app Web Web app Server DB Web appWeb Hacks - net effects Web Hacks - net effects Web Hacks cause three types of effects: ¥ Extra information disclosure. (paths, etc.) ¥ Source code and arbitrary file content disclosure. ¥ Extra data disclosure (e.g. return all rows) ¥ Arbitrary command execution.The Web HackerÕs Toolbox The Web HackerÕs Toolbox Some desired accessories would be É ¥ a port scanner, ¥ netcat, ¥ vulnerability checker (e.g. whisker), ¥ OpenSSL, É etc.Hacking over SSL Hacking over SSL ¥ SSL Myth: ÒStrong 128 bit crypto stops hackers dead in their tracksÓ ¥ Using netcat and OpenSSL, it is possible to create a simple two-line SSL Proxy ¥ Listen on port 80 on a host and redirect requests to port 443 on a remote host through SSL. nc SSL web web client openssl serverThe Top 10 Web Hacking Techniques The Top 10 Web Hacking Techniques 1. URL Misinterpretation 2. Directory Browsing 3. Retrieving Ònon-webÓ Files 4. Reverse Proxying 5. Java Decompilation