The attacks - PowerPoint PPT Presentation

About This Presentation
Title:

The attacks

Description:

The attacks XSS type 1: non-persistent type 2: persistent Advanced: other keywords (, prompt()) or other technologies such as Flash The attacks SQL Injection ... – PowerPoint PPT presentation

Number of Views:60
Avg rating:3.0/5.0
Slides: 8
Provided by: csNorthwe
Category:
Tags: attacks | channel | open

less

Transcript and Presenter's Notes

Title: The attacks


1
The attacks
  • XSS
  • type 1 non-persistent
  • type 2 persistent
  • Advanced other keywords (ltstylegt, prompt()) or
    other technologies such as Flash

2
The attacks
  • SQL Injection
  • first order non-persistent
  • second order persistent

3
The attacks
  • Cross Channel Scripting
  • Similar to XSS and SQLI (contains all non-XSS,
    non-SQLI code injection vulnerabilites)
  • examples
  • Xpath Injection unsanitzed data used in XML
  • Malicious File Upload
  • Open Redirects (http//www.vulnerable.com?redirec
    thttp//www.attacker.com)
  • Path Traversal (http//foo.com/../../barfile)

4
The attacks
  • Session Management
  • credentials sent over unencrypted HTTP
  • weak password recovery questions
  • weak CAPTCHAs
  • predicable authentication id values
  • insecure session cookies

5
The attacks
  • Cross-Site Request Forgery
  • Alice is logged into her bank account
  • Trudy sends Alice an e-mail containing a link
    with a request to transfer money to Trudy's
    account
  • could require a click (lta hrefmalicious_linkgt)
  • or not (ltimg srcmalicious linkgt)
  • When the request is sent by Alice (eg by
    attempting to view the image), her authentication
    cookie is sent with it

6
The attacks
  • SSL/Server Config
  • misconfigurations in the web server or SSL

7
Information Leakage
  • Various methods of gaining sensitive information
    such as database names, source code or user names
  • die() function
  • path vulnerabilities
Write a Comment
User Comments (0)
About PowerShow.com