middleware hacking

Hello From

$3cur!tyB3@t

Agenda• what is Middleware?• Vendors for Middleware?• Where it stands in a picture?• Types of Middleware?• Vulnerabilities in Middleware?• Importance of middleware patching?

What is Middleware ?

 What is Middleware?Middleware is the software that connects software components or enterprise applications. Middleware is the software layer that lies between the operating system and the applications on each side of a distributed computer network Typically, it supports complex, distributed business software applications.

https://docs.oracle.com/cd/E15523_01/core.1111/e10103/intro.htm#BABEICDD

Servers / Client This is middleware in my understanding..

Vendors for Middleware?

Where Middleware stands in picture

MIDDLEWARE

APP 1

APP 2

DATABASE

Where Middleware stands in picture

KERNEL

Network OS Service

Middleware

Distributed Application APP Server 1

APP Server 2APP Server 3

Types of Middleware?

OBJECT Oriented Middleware

RPC (remote procedure call)

MOM Message oriented Middleware

Event based Middleware

RPC (remote procedure call)

http://p.motionelements.com/stock-video/nature/me705539-inside-mcdonald-s-restaurant-hd-a0252.jpg

RPC (remote procedure call)

APPLICATION CALL(function)

CLIENT STUBmarshalling

(network portable format)

RPC RPC

SERVER STUBunmarshalling

Function execute and result

PROS* Distributed application* can call any function from anywhere

CONS• Platform Dependent• Language Dependent

RPC

RPC call

APP 1APP 2

Live Example RPC

OBJECT Oriented Middleware (ORB)CORBA The Common Object Request Broker Architecture

OBJECT Oriented Middleware (ORB)CORBA The Common Object Request Broker Architecture BY OMG Group

PROS• Platform Independent• Language Independent • ORB :- Object request broker• IIOP :- internet inter operable protocol.

APPLICATION CALL(function)

CLIENT STUB

ORB ORB

Skeleton

Function execute and result

IIOP :- internet inter operable protocol.

IDL

Live Example ORB

COM/DCOM

PROS

• MSIDL:- Microsoft IDL• DCE-RCP :-distributed computing Env-R.

CLIENT

Proxy

COM runtime lib in windows NT

COM runtime lib in windows NT

STUB

Function execute and result

DCE-RPC

Component object module and distributed component Object Module

MSIDL

Enterprise JAVA BeanJAVA RMI (Remote Method Invocation)

PROS• Platform Independent • JAVA RMI .

WEB Browser

WEB APP

RMI registry/ JVM RMI registry/ JVM

JDBC

DATABASEIDL

RMI-IIOP

Vulnerabilities in Middleware

ISSUES• OVERFLOWS• WEB Application TOP 10• Architecture flow• Say No to Scanner’s

Importance of middleware patching?

Thank You…!