X

Download Website Vulnerabilities PowerPoint Presentation


Login   OR  Register
X


Iframe embed code :



Presentation url :

X

Description :

Website vulnerabilities has SQL Injections, Cross Site Scripting (XSS). Know about website vulnerabilities with this website vulnerabilities powerpoint (ppt) presentation.

Tags :

web security | website security | computer virus | hackers | website hack | hacking | website vulnerabilities | malicious attacks | mobile malware | mal attacks | website vulnerabilities

Home / Computers & Web / Computers & Web Presentations / Website Vulnerabilities PowerPoint Presentation

Website Vulnerabilities PowerPoint Presentation

Ppt Presentation Embed Code   Zoom Ppt Presentation

About This Presentation


Description : Website vulnerabilities has SQL Injections, Cross Site Scripting (XSS). Know about website vulnerabi... Read More

Tags : web security | website security | computer virus | hackers | website hack | hacking | website vulnerabilities | malicious attacks | mobile malware | mal attacks | website vulnerabilities

Published on : Mar 20, 2018
Views : 234 | Downloads : 0


Download Now

Share on Social Media

             

User Presentation
SlidesFinder: Advertise with us
Related Presentation
Free PowerPoint Templates
Donuts Free PowerPoint Template

Donuts

Views : 628

Nature Abstract Free PowerPoint Template

Nature Abstract

Views : 274

Whilte Tulip Free PowerPoint Template

Whilte Tulip

Views : 311

Snow Man Free PowerPoint Template

Snow Man

Views : 309

Male Female Free PowerPoint Template

Male Female

Views : 366

Social Media Words Free PowerPoint Template

Social Media Words

Views : 286

Ice Hockey Free PowerPoint Template

Ice Hockey

Views : 845

Dental Brush Free PowerPoint Template

Dental Brush

Views : 303

Bales Free PowerPoint Template

Bales

Views : 363

Columns Free PowerPoint Template

Columns

Views : 270

Quit Smoking Free PowerPoint Template

Quit Smoking

Views : 414

Mahatma Gandhi Free PowerPoint Template

Mahatma Gandhi

Views : 739

Pigeon Free PowerPoint Template

Pigeon

Views : 277

Gifts Free PowerPoint Template

Gifts

Views : 389

Vegetables Free PowerPoint Template

Vegetables

Views : 385

Maple Leaf Free PowerPoint Template

Maple Leaf

Views : 326

Saturn Free PowerPoint Template

Saturn

Views : 378

Meditation Free PowerPoint Template

Meditation

Views : 214

Website Vulnerabilities
Presentation Transcript
Collapse/Expand

Slide 1 - by Brian Vees SECURITY VULNERABILITIES IN WEBSITES
Slide 2 - SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities Five Types of Vulnerabilities
Slide 3 - A very common, and easy to exploit vulnerability Requires basic SQL knowledge The basic idea: Find a user-inputted field that most likely is used to query a database Insert text in the field which will then merge with the SQL query being executed Examine the results to gain info about the database Using this info, write better queries to receive potentially private data SQL Injection
Slide 4 - Given a sample login prompt on a webpage: Query to validate username might look like this: Entering a single apostrophe “breaks out” of the intended SQL code, allowing other code to be executed SQL Injection - Example query = "select * from user where username='" + tbUserName.Text + "'";
Slide 5 - Entering this data causes the following query to be sent to the database: Since 1=1 is always true, this query returns all users in the database SQL Injection – Example (Cont.) select * from user where username='' or 1=1 --'
Slide 6 - SQL injection to obtain error messages containing useful data SQL injection to delete data ('drop [tablename]--) SQL injection to execute files exec sp_oamethod @o, 'run', NULL, 'executable.exe' Other Examples
Slide 7 - “Escape” apostrophes String replacement on SQL-specific character combinations (“--”) Safest: reject any bad input rather than attempting to “cleanse” it Not necessarily plausible: names like O’Brien and other valid input contain apostrophes SQL Injection Prevention
Slide 8 - A very simple method of finding valid usernames Username Enumeration Invalid Username Valid Username
Slide 9 - Use the same error message for invalid password and invalid username This way an attacker has no idea whether or not the username is correct Username Enumeration Prevention
Slide 10 - Another type of code injection, but with client-side script Can be used to bypass client-side security, as well as gain other information (session cookies) Yahoo! and even Google have previously fallen victim to this vulnerability Cross Site Scripting
Slide 11 - This form echoes what the user entered in the case of an invalid login (i.e. invalid characters) What if we input JavaScript? XSS Example
Slide 12 - Consider if we now input the following code: With this data, we can bypass cookie-based security Also, external, lengthier scripts can be injected: Why Is XSS Dangerous?
Slide 13 - User input cleansing Don’t echo user input back unless it is necessary XSS Prevention
Slide 14 - Potentially the most dangerous vulnerability Stems from unsecure settings on a web server Remote Code Execution
Slide 15 - In PHP, the register globals setting is often set to “on” to ease development This allows for global variables to be set remotely require($page . “.php”); If $page is not initialized, any arbitrary file can be included and will be executed on that server Remote Code Execution Example
Slide 16 - There are several XML specifications that are also vulnerable to remote code execution Improperly validated XML can “break out” of the XML, and execute malicious code XML Vulnerabilities
Slide 17 - Ensure web server configuration is secure (namely, if using PHP, turn register_globals off) Validate user input Remote Code Execution Prevention
Slide 18 - An attack on server-side functions that can perform formatting (such as C’s printf) Special characters are used to read or write sections of memory that normally would not be accessible String Formatting Vulnerabilities
Slide 19 - %s can be used to continue reading data off the stack until an illegal memory address is attempted to be accessed, crashing the program %x can be used to print areas of memory that are normally not accessible %d, %u, and %x can be used to overwrite the instruction pointer, allowing the execution of user-defined code String Formatting Example
Slide 20 - Make sure and verify all user input Replace or reject special characters (“%”) String Formatting Vulnerability Prevention
Slide 21 - What is the golden rule that will stop the majority of these website attacks? Conclusion Validate User Input!