Upload File

top 10 web server security flaws

12
Top 10 Web Server Security flaws Abertay ID 1007639 Adam Smith ID 1001775

Upload: tobybear30

Post on 22-Apr-2015

1.312 views

Category:

Technology


3 download

Report

DESCRIPTION

 

TRANSCRIPT

  • 1. Top 10 Web ServerSecurity flaws
    Abertay ID 1007639
    Adam Smith ID 1001775
  • 2. SQL Injection
    Types of SQL Injection
    First Order Attack(FOA)
    Second Order Attack(SOA)
    Lateral Injection(LI)
    Threats ?
    Vulnerabilities ?
    Countermeasures ?
  • 3. XSS
    Types of XSS attacks
    Stored
    Reflected
    Dom based
    Threats ?
    Vulnerabilities ?
    Countermeasures ?
    .
  • 4. Broken Authentication andSession Management
    Threats ?
    Vulnerabilities ?
    Countermeasures ?
  • 5. Insecure Direct Object References
    Threats ?
    Vulnerabilities ?
    Countermeasures ?
  • 6. CSRF attacks are also known by a number of other names
    XSRF
    Sea Surf
    Session Riding
    Hostile Linking.
    Cross-Site Request Forgery
    Threats ?
    Vulnerabilities ?
    Countermeasures ?
    CSRF
  • 7. Security Misconfiguration
    Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. All these settings should be defined, implemented, and maintained as many are not shipped with secure defaults. This includes keeping all software up to date, including all code libraries used by the application.
  • 8. Insecure Cryptographic storage
    Many web applications do not properly protect sensitive data, such as credit cards, SSNs, and authentication credentials, with appropriate encryption or hashing. Attackers may steal or modify such weakly protected data to conduct identity theft, credit card fraud, or other crimes.
  • 9. Failure to Restrict URL access
    Many web applications check URL access rights before rendering protected links and buttons. However, applications need to perform similar access control checks each time these pages are accessed, or attackers will be able to forge URLs to access these hidden pages anyway.
  • 10. Insufficient Transport Layer Protection
    Applications frequently fail to authenticate, encrypt, and protect the confidentiality and integrity of sensitive network traffic. When they do, they sometimes support weak algorithms, use expired or invalid certificates, or do not use them correctly.
  • 11. Redirects and Forwards
    Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.
  • 12. Conclusions

TOP Server V5 Features and New Release

Top 8 room server resume samples

Go4hosting top-class-dedicated-server-hosting-provider

Top 5 Server Operating Systems

Implementation Flaws

Common Flaws

Flaws Theme

owasp Top 10 2007 For Print - Um€¦ · A2 – Injection Flaws Injection flaws, particularly SQL injection, are common in web applications. Injection occurs when user-supplied data

Fixes and flaws 2000 uneven lies for common flaws

Top Ten Tips for Team Foundation Server

Top 20 OpenSSH Server Best Security Practices

Top BI Enhancements for SQL Server 2012

TOP Server Maximizing Your Results

Flaws in Practice Flaws in Practice

OWASP Top 10 Schulung › ... › 2018 › OWASP_Top_10_Homepage.pdfEntwicklung der OWASP Top 10 OWASP Top Ten - 2010 OWASP Top Ten - 2013 OWASP Top Ten –2017 A1 –Injection Flaws

OWASP Top 10 – 2010...OWASP Top 10 – 2007 (Previous) OWASP Top 10 – 2010 (New) A2 – Injection Flaws A1 – Injection ... • May also allow full database schema, or account

2: In-depth analysis of the top four flaws of the next ... · the top four flaws of the next generation web protocol. 2 ... looking for these flaws in implementations and putting

Software Flaws

Top 8 ice cream server resume samples

Top 10 PowerShell Features in Server 2012

TOP Server – The Ultimate I/O Server Device Integration for Invensys

OWASP Top 10 2007 - cat slave diary – mostly useless ... · 8& A2!INJECTION!FLAWS! Injections,particularlySQLinjections,arecommoninwebapplications.Injectionsarepossibleduetointerminglingofuser

Hunting flaws in Microsoft SQL Server - Black Hat | Home

Design Flaws

Architectural Recovery of JBoss Application Server › pubs › tech_report › TR-ECE-2005-02.pdf · Design flaws We are looking for detecting architectural flaws using object-oriented

TOP Server V5.4 Features and New Release

TOP Server V5.5 Features and New Release

Top 8 web server administrator resume samples

TOP Server Features and New Release

Hunting flaws in Microsoft SQL Server - Black Hat | Home Hunting flaws in Microsoft SQL Server Cesar Cerrudo Independant Security Researcher Aaron Newman CTO/Founder, Application Security,

Welding flaws

Injection Flaws

Hunting flaws in Microsoft SQL Server · Saving DTS packages in SQL Server ¥ When DTS Package is saved in SQL Server — Encoded using proprietary algorithm — Stored in msdb.dbo.sysdtspackages

TOP Server V5.6 – Features and New Release

TOP Server (5