Author Topic: Web Security  (Read 24174 times)

Perspective

  • badfish
  • Jackass In Charge
  • Posts: 4635
  • Karma: +64/-22
    • http://jeff.bagu.org
Web Security
« on: August 15, 2005, 01:33:07 PM »
This thread is for info about web security.

General Resources
The Open Web Application Security Project (OWASP)
SANS Top 20 Internet Security Vulnerabilities

SQL Injection
Anyone who has a web app that interfaces with a backend DB should be aware of how easy it is to exploit an SQL Injection vulnerability. Here's a great article that describes the steps taken to gain acccess to a system using SQL Injection. The short answer is "validate your input!"
http://www.unixwiz.net/techtips/sql-injection.html
http://en.wikipedia.org/wiki/SQL_Injection

Cross-site Scripting
Any website that takes input from a user can be exploited by a cross-site scripting attack. This vulnerability can compromise the personal data of any of your users in a variety of ways. An attacker simply has to construct a link for a victim to click on, or submit some carefully crafted data to the application itself. Once again, the short answer to protecting against it is "validate your input!"
http://en.wikipedia.org/wiki/Cross_site_scripting
http://www-128.ibm.com/developerworks/security/library/s-csscript/
http://www.owasp.org/documentation/topten/a4.html

ARP Cache Poisoning
This only affects LAN's but is still interesting non the less.
http://www.oxid.it/downloads/apr-intro.swf
http://www.strandmark.com/switch/switch.shtml

DNS Cache Poisoning
Do you trust your nslookup?
http://en.wikipedia.org/wiki/DNS_cache_poisoning

Secure Authenication
Never use HTMLs "Basic Auth" for authentication, it use 64-bit encoding to send the password. The thing to note here is that it uses an encoding NOT a cipher and is therefore not secure. Always authenticate over SSL as well.
Also, consider using a Salted Hash to avoid dictionary attacks as well as sniffer/playback attacks.
http://www.developerfusion.co.uk/show/4679/2/

Denial of Service (DoS) Attacks
Used by script kiddies when they get banned from forums and by people who hate large coorporations and want to bring their servers down.
http://en.wikipedia.org/wiki/Denial_of_service_attack
« Last Edit: August 15, 2005, 11:10:13 PM by Perspective »

ober

  • Ashton Shagger
  • Ass Wipe
  • Posts: 14328
  • Karma: +73/-790
  • mini-ober is taking over
    • Windy Hill Web Solutions
Web Security
« Reply #1 on: August 15, 2005, 01:39:03 PM »
Awesome post.

Sang-drax

  • You created me, friend, you created me.
  • Jackass IV
  • Posts: 282
  • Karma: +10/-10
    • http://strandmark.com
Web Security
« Reply #2 on: August 15, 2005, 03:09:41 PM »
Quote from: Perspective
ARP Poisoning
This only affects LAN's but is still interesting non the less.
http://www.oxid.it/downloads/apr-intro.swf
This is interesting, I wrote a program and some text about this a while ago. It works. IPv6 doesn't have this problem, as the MAC addresses are included in the last 64 bits of the IPv6-address.
Is there a good solution to this problem? Bind each switch port to a MAC address? Cumbersome. Static ARP? Cumbersome.

Perspective

  • badfish
  • Jackass In Charge
  • Posts: 4635
  • Karma: +64/-22
    • http://jeff.bagu.org
Web Security
« Reply #3 on: August 15, 2005, 11:08:54 PM »
>> IPv6 doesn't have this problem, as the MAC addresses are included in the last 64 bits of the IPv6-address.

Cool, i didn't know that.

>>Is there a good solution to this problem?

Not that i know of. MAC addresses can change so they can't really be bound to a port. So long as there is a mechanism to update the MAC adresses there will be a way to abuse that mechanism. I suppose you could go super extreme and have encrypted authentication by a user with update privaleges and only allow them to touch the ARP Cache or something like that. But then new computers on the network need to be manually added by a user with the authority.


Cool article and program btw, Ill add that link to my OP.

Jake

  • Jackass In Charge
  • Posts: 8661
  • Karma: +83/-18
Web Security
« Reply #4 on: February 08, 2006, 07:52:25 PM »
email encoding
Protect yourself from email sniffing spam bots by encoding your email:
http://wbwip.com/wbw/emailencoder.html
Do not follow where the path may lead. Go instead where there is no path and leave a trail.