This presentation covers introductory explanations of most common security vulnerabilities in web application.

1. SeCURITY 101
Navneet Kumar

2. AGENDA
✘ SQLi
○ Auth Bypass
○ Blind SQLi
✘ CSRF
✘ XSS
✘ Session Management
✘ Attack Chaining

3. SQL InJECTION
Injection of a SQL query via input data
plane To modify/query sensitive data
from database

4. SQL InJECTION
statement = "SELECT * FROM users WHERE name = '" +
userName + "';"
SELECT * FROM users WHERE name = '' OR '1'='1';
' OR '1'='1' --
' OR '1'='1' ({
' OR '1'='1' /*
UserName =

5. BliND SQL InJECTION
SQLi where attacker is Blind to SQL error
response and uses true/false response
to exploit
https://www.facebook.com?id=1008 AND substring(@@version, 1, 1)=5

6. DEMO

7. Cross Site REQUEST FORGERY (CSRF)
Attacker executes request on vulnerable
domain with victim’s authenticated
context to perform state changing
actions

8. SAME ORIGIN POLICY
Origin = Scheme + Hostname +
Port
http://www.example.com:81/dir/page2.html

9. CSRF Exploit
<form action="http://bank.com/transfer.do" method="POST">
<input type="hidden" name="acct" value="Navneet"/>
<input type="hidden" name="amount" value="1000$"/>
<input type="submit" value="Win An iPad"/>
</form>
Browser sends the session cookies automatically

10. CSRF PreventION
<input type="hidden" name="csrfmiddlewaretoken" value="KbyUmh" />Token Pattern
Set-Cookie: Csrf-token=i8XNjC; expires=23-Jul-2015 Max-Age=31449600; Path=/
X-Csrf-Token: i8XNjC
Header Pattern
1
2

11. DEMO

12. Cross Site SCRIPTING (XSS)
Attacker injects malicious client side scripts to
be executed in context of vulnerable domain
Reflected Persistent DOM XSS

13. XSS type
http://facebook.com?q=<script>alert('xss')</script>Reflected
<script>
document.write("Site is at: " + document.location.href + ".");
</script>]
Dom XSS
$('div').html('welcome to' + username + 'Meeting')
//My username is saved as
userName = "<script>alert('xss')</script>"
Persistent

14. XSS reflection
An alert is common XSS
reflection

15. DEMO

16. Session MaNAGEMENT
HTTP is stateless protocol so a web
session is created to maintain state

17. COOKIE Security
Attribute Value Meaning
Secure true Only send through https
http-only True Disable script access
Domain secure.example.com Send for that domain & subdomains
Expires 31-Jul-2016 13:45 Persist it till expiry date
Set-Cookie:SID=AYQEV;Domain=.gmail.com; Path=/; Expires=Wed, 13 Jan
2021 22:23:01 GMT;Secure;HttpOnly

18. Attack ChaiNING
CSRF XSS Cookie

19. DEMO

20. thanks!
Any questions?