How White Hat Hackers Operate - TeleTrusT...(Web) application penetration tests Internal / external...
Transcript of How White Hat Hackers Operate - TeleTrusT...(Web) application penetration tests Internal / external...
Andreas Falkenberg, Senior Security Consultant, SEC Consult Deutschland Unternehmensberatung
GmbH
How White Hat Hackers Operate
About me
Andreas Falkenberg, M.Sc.
Security Consultant @ SEC ConsultSource code audits(Web) application penetration tests Internal / external network audits
Speaker @OWASP AppSecEu 2011, Dublin, IrelandIEEE ICWS 2013, Santa Clara, CA, USAISACA Chapter Meeting, August 2014, KL MalaysiaLecturer FH Technikum Wien, AT
Web App Security SS 2014, Web App Security WS 2014/2015
2© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Canada
India
Singapore
LithuaniaGermany
Austria Central and Easter Europe
Moscow
Qatar
US
3
50+ White Hat Hackers
ISO/IEC 27001 certified
Delivery Centers in
- Austria,
- Germany,
- Lithuania,
- Singapore,
- Switzerland
strong customer base in Europe and Asia
Established 2002
SEC Consult in a Nutshell
3© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Canada
India
Singapore
LithuaniaGermany
Austria Central and Easter Europe
Moscow
Qatar
US
4
50+ White Hat Hackers
ISO/IEC 27001 certified
Delivery Centers in
- Austria,
- Germany,
- Lithuania,
- Singapore,
- Switzerland
strong customer base in Europe and Asia
Established 2002
SEC Consult in a Nutshell
4
White Hat Hackers find…
- REAL vulnerabilities in…
- REAL software.
- REAL consequences are the result if those
vulnerabilities are exploited!
and disclose them responsibly.
© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure Process
… A defined process on how to publish vulnerabilities
…“rules of engagement“ for White Hat Hackers.
Identificationof
Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
1. 2. 3. 4.
Responsible Disclosure
5© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A WellDefined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
- Be creative!
- Be confident!
- In Capture the Flag Events
- In Courses at University / School
- @ SEC Consult
- In Customer Projects
- As a Researcher
6© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A WellDefined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
7© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A WellDefined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
8
AVG Admin
Server
Admin Client
Client
Client
Client
Admin.exe
Problem:
AuthN logic
on client-side
Problem:
All Users / PW-Hashes
send to client during AuthN
© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A WellDefined Process
Notification over a secure channel…
Responsible Disclosure – A Well Defined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
9© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A WellDefined Process
Notification over a secure channel (not always easy)
Responsible Disclosure – A Well Defined ProcessResponsible Disclosure – A Well Defined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
10© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Vendor provides fix and publishes patch (fast!?)…
~ 1
Year
Till
Patch
Responsible Disclosure – A Well Defined ProcessResponsible Disclosure – A Well Defined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
11
Is this
Responsible
Disclosure?
© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Vendor provides fix and publishes patch (or not)…
Responsible Disclosure – A Well Defined ProcessResponsible Disclosure – A Well Defined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
12© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure – A Well Defined ProcessResponsible Disclosure – A Well Defined ProcessIdentification
of Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
https://www.sec-consult.com/en/Vulnerability-Lab/Advisories.htm
13© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Responsible Disclosure Done
… is the „rule of engagement“ for a White Hat Hacker.
… a fun process with some interesting twists & turns.
… shows how (in)significant security is to certain vendors.
Identificationof
Vulnerability
Vendor
Notification
VulnerabilityValidation
andResolution
Public Disclosure
1. 2. 3. 4.
Responsible Disclosure…
14© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
• Internship Junior
Security Consultant
• Security Consultant
• White Hat Security
Specialist
We want you!
15© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015
Q && A
Thank you!
16© Andreas Falkenberg, SEC Consult Deutschland Unternehmensberatung GmbH, 2015