Computer and Network Infrastructure Attacks - PowerPoint PPT Presentation

1 / 5
About This Presentation
Title:

Computer and Network Infrastructure Attacks

Description:

Computer and Network Infrastructure Attacks. 2. The OWASP Top Ten: a list of the ... applications arriving in MMS messages and keep Bluetooth in undiscoverable mode. ... – PowerPoint PPT presentation

Number of Views:92
Avg rating:3.0/5.0
Slides: 6
Provided by: steven170
Category:

less

Transcript and Presenter's Notes

Title: Computer and Network Infrastructure Attacks


1
Computer and Network Infrastructure Attacks
Kazumi Nakandakari
1. What is OWASP ?
  • 2. The OWASP Top Ten a list of the 10 most
    dangerous current Web application security flaws.
  • 1) Unvalidated Input 2) Broken Access Control
  • 3) Broken Authentication and Session Management
  • 4) Cross Site Scripting 5) Buffer Overflow
  • 6) Injection Flaws 7) Improper Error Handling
  • 8) Insecure Storage 9) Application Denial of
    Service
  • 10) Insecure Configuration Management

2
SQL Injection(One of top 10 vulnerability in web
applications)
  • Username

Password
Kazumi
' or '' '
Query looks like this
Wrong user name
"SELECT id FROM logins WHERE username
Kazumi' and password '' or '' ''"
The '' '' will aways evaluate to TRUE since an
empty string is equal to an emptystring.  You
provide the wrong username and password, this is
how the where clause is evaluated FALSE and
FALSE or TRUEThis first one comes from username
'bob' is false. The second one comes from
password '' is false. The last one comes from
'' '' is always true. Since the 'and' operator
has a higher precedence that the 'or', you
evaluate it first.  FALSE and FALSE or TRUE
(FALSE and FALSE) or TRUE FALSE or TRUEand
when you perform a logical OR, if either left or
right side is true, the whole thing is TRUE.
TRUE
3
Detection mechanism for SQL injection
  • You must check and determine information that a
    user entered. You should prevent them from
    appearing in the form of input, or escaping them
    whether characters are special.
  • Use reusable components in several languages to
    help prevent many forms of injection as well as
    CodeSeeker which is an application level firewall
    released by OWASP.

4
Commwarrior.C
  • Commwarrior.C is a Bluetooth and MMS worm.
  • Commwarrior.C uses Bluetooth for spreading by
    searching other phone numbers. Subsequently, it
    will send MMS messages infected with copies of
    itself to phone numbers found in the phonebook.
    The SIS files (commw.sis) that Comwarrior sends
    are renamed randomly, so it isnt possible for
    users to avoid receiving malicious file names.

5
Detection mechanism for Commwarrior.C
  • Download F-Secure Mobile AntiVirus program.
  • Dont install unknown applications arriving in
    MMS messages and keep Bluetooth in undiscoverable
    mode.
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Computer and Network Infrastructure Attacks" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!