Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college.
Sardar Patel Institute of Technology, Andheri on 3rd October, 2015.
Student feedback:-
https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing
Appreciation letter:-
https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing
3. This talk is about
How to kick start your career in to Information Security
How to protect organizations from cyber criminals
Understanding Difference between:-
Ever green - OWASP Top 10 Attack Methodology
4. Before We Start :- Disclaimer
My posts have nothing to do with my company of organization I’m working. Its
strictly educational purpose only.
All the knowledge provided on this slides area unit for academic functions solely.
The positioning is not any approach to blame for any misuse of the knowledge.
This slides is completely meant for providing data on “Computer Security”,
“Computer Programming” and different connected topics and is not any
approach connected towards the terms “CRACKING” or “HACKING” (Unethical).
The word “Hack” or “Hacking” that's used on this slides shall be considered
“Ethical Hack” or “Ethical Hacking” severally.
We tend to believe solely in White Hat Hacking. On the opposite hand we tend to
condemn Black Hat Hacking.
5. Who Am I ?
A researcher in Web Application Security
A Bug Hunter Enthusiast
3+ years of Experience in Information Security
Listed in top sites hall of fame
Speaker @Null Mumbai Chapter
Blogging at http://shield4you.blogspot.in/
A Twitter lover @nilesh_loganx
8. Agenda
The Importance of Cyber Security
Different domains in Cyber Security
Black Hat vs. White Hat vs. Grey Hat
OWASP Top 10 Attack Methodology
Deep Dive into XSS,CSRF and IDOR
Practical Session on various attacks
21. Primary Domains in Information Security
1. Web Application Security / Mobile Application security
2. Network Security
3. Digital forensics
4. Secure Code review
5. Compliance :- ISO/COBIT implementation
6. Fuzzing / Exploitation
22. Must for Info Sec guy:-
https://twitter.com/nilesh_loganx
Follow me + my followers ;)
http://null.co.in/
Subscribe to null mailing list + attend
free trainings
37. Why you should care about XSS ?
So XSS is involved in two recent big HACKS i.e. Apple Developer +
Ubuntu Forums
Story on :- How I Secured Dating Site- Stored XSS
39. A Story Of How I Landed On Dating Site and
Secured it- Stored XSS
http://shield4you.blogspot.in/2015/08/a-story-of-how-i-landed-on-dating-site.html
40. What is XSS ?
According to OWASP:-
Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted web
sites
https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
46. 3. DOM based XSS
Basically all HTML documents have an associated DOM, consisting of
objects representing the document properties from the point of view
of the browse
Whenever a script is executed client-side, the browser provides the
code with the DOM of the HTML page where the script runs, thus,
offering access to various properties of the page and their values,
populated by the browser from its perspective.
The script code never gets to the server
55. What is CSRF ?
Wiki Says :-
http://en.wikipedia.org/wiki/Cross-site_request_forgery
56. Description
“Cross-site Request Forgery is a vulnerability in a
website that allows attackers to force victims to
perform security-sensitive actions on that site
without their knowledge.”
63. Latest | News
Blackberry CSRF leading to takeover user profile information
http://shield4you.blogspot.in/2015/08/how-i-hacked-blackberrycom-to-update.html
https://twitter.com/nilesh_loganx/status/630357485262663681
65. Anatomy of CSRF Attack
Step 1: Attacker hosts web pages with pre-populated HTML form data.
Step 2: Victim browses to attacker’s HTML form.
Step 3: Page automatically submits pre-populated form data to a site
where victim has access (No verification done by server as browser is
performing request by checking cookies)
Step 4: Site Authenticates request (with attacker’s form data) as coming
from victim
Result : Attacker’s form data is accepted by server since it was sent from
legitimate user.
66. For more details about CSRF
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP
Chapter
http://www.slideshare.net/Nilesh_logan/null-its-all-about-csrf
Cross Site Request Forgery - Anti-CSRF token bypass
http://shield4you.blogspot.in/2015/03/cross-site-request-forger-anti-
csrf.html
71. Highest paid bounty for IDOR - $20,000
https://fin1te.net/articles/hijacking-a-facebook-account-with-sms/
72. Example 1:- As simple as that
https://hackerone.com/reports/49356
73. Example 2 :- Delete Credit Cards from any
Twitter Account
https://hackerone.com/reports/27404
74. Business Impact :-
Sensitive information retrieval via parameters
Deleting another user’s information
Change delivery address of an order.
View someone's else profile on behalf of authorised user
Reclaiming other user’s data
75. Problem ?
1. No Secure Access model.
2. Numeric IDs.
3. Error message show and tell
4. Inconsistent ID sources
E.g. /abcd/test/123
/abcd/?test=123
76. Practical time
bWAPP – Windows / VM machine
Burp suite-pro
Download link:-
http://sourceforge.net/projects/bwapp/
81. Online testing site – Test without going jail
TARGET 1
http://testasp.vulnweb.com (Forum - ASP)
Bug to find
1. Open redirection
2. Reflected XSS
3. Stored XSS
82. PS:
This presentation is purely to give idea about one of information
security domain (web application) inside view.
Its up to you to decide right carrier path according to your choice /
likes / dislikes