Got Invited for conducting the workshop on ‘Cyber Security’ at top notch engineering college. Sardar Patel Institute of Technology, Andheri on 3rd October, 2015. Student feedback:- https://drive.google.com/file/d/0B_uWWP1uW7TFWVdTanJFdTlqNkE/view?usp=sharing Appreciation letter:- https://drive.google.com/file/d/0B_uWWP1uW7TFMkVVUTR4V1JTN2c/view?usp=sharing

1. - Action against cyber crime
Presented by:-
Nilesh Sapariya
Security Researcher | CEH v8 | Blogger

2. This talk is NOT about #Hacking

3. This talk is about
How to kick start your career in to Information Security
How to protect organizations from cyber criminals
Understanding Difference between:-
Ever green - OWASP Top 10 Attack Methodology

4. Before We Start :- Disclaimer
 My posts have nothing to do with my company of organization I’m working. Its
strictly educational purpose only.
 All the knowledge provided on this slides area unit for academic functions solely.
The positioning is not any approach to blame for any misuse of the knowledge.
 This slides is completely meant for providing data on “Computer Security”,
“Computer Programming” and different connected topics and is not any
approach connected towards the terms “CRACKING” or “HACKING” (Unethical).
 The word “Hack” or “Hacking” that's used on this slides shall be considered
“Ethical Hack” or “Ethical Hacking” severally.
 We tend to believe solely in White Hat Hacking. On the opposite hand we tend to
condemn Black Hat Hacking.

5. Who Am I ?
 A researcher in Web Application Security
 A Bug Hunter Enthusiast
 3+ years of Experience in Information Security
 Listed in top sites hall of fame
 Speaker @Null Mumbai Chapter
 Blogging at http://shield4you.blogspot.in/
 A Twitter lover @nilesh_loganx

6. etc...

7. HOF + $$$ - Coming soon

8. Agenda
 The Importance of Cyber Security
 Different domains in Cyber Security
 Black Hat vs. White Hat vs. Grey Hat
 OWASP Top 10 Attack Methodology
 Deep Dive into XSS,CSRF and IDOR
 Practical Session on various attacks

9. Why Security In Demand ?

10. #Reason1 : Apple
https://zerodium.com/ios9.html

11. #Reason2 : Facebook
http://www.tripwire.com/state-of-security/latest-security-
news/facebook-awards-security-researches-100000/#.VcyB2X6GD-
U.twitter

12. #Reason3: Microsoft
http://blog.hackersonlineclub.com/2015/08/microsoft-
announced-to-increase-bug.html

13. #Reason4 : Ashley Madison
http://thehackernews.com/2015/08/ashley-madison-
hack_24.html

14. #Reason5 :
 http://www.computerworld.com/article/2496599/malware-
vulnerabilities/google-pays-record--31k-bounty-for-chrome-bugs.html

15. Why they pay this much for security ?

16.  http://thehackernews.com/2015/09/ashley-madison-password-cracked.html

17.  http://thehackernews.com/2015/09/hacking-satellite.html

18.  http://thehackernews.com/2015/07/united-airlines-hacked.html

19. Many more……

21. Primary Domains in Information Security
1. Web Application Security / Mobile Application security
2. Network Security
3. Digital forensics
4. Secure Code review
5. Compliance :- ISO/COBIT implementation
6. Fuzzing / Exploitation

22. Must for Info Sec guy:-
https://twitter.com/nilesh_loganx
Follow me + my followers ;)
http://null.co.in/
Subscribe to null mailing list + attend
free trainings

23. Take Away :-

26. Black Hat Hackers

27. White Hat Hackers

28. Grey Hat Hackers

29. OWASP Top 10 – Stick to the basic
 https://www.owasp.org/index.php/Top_10_2013-Top_10

30. Deep dive into different attacks

31. XSS
CSRF
IDOR

32. Why XSS, CSRF and IDOR ?
Easy to find
High impact
Account takeover
Misunderstood by many

33. Why XSS ?

34. #Reason 1

35. #Reason 2 : $$$

36. Highest paid XSS Reward
 http://www.paulosyibelo.com/2014/07/the-unseen-facebook-bug-
bounty-2014-x.html

37. Why you should care about XSS ?
 So XSS is involved in two recent big HACKS i.e. Apple Developer +
Ubuntu Forums
 Story on :- How I Secured Dating Site- Stored XSS

38.  http://mytechblog.com/other/apple/apple-developer-website-hacked-what-happened/
 http://blog.canonical.com/2013/07/30/ubuntu-forums-are-back-up-and-a-post-mortem/

39. A Story Of How I Landed On Dating Site and
Secured it- Stored XSS
 http://shield4you.blogspot.in/2015/08/a-story-of-how-i-landed-on-dating-site.html

40. What is XSS ?
According to OWASP:-
 Cross-Site Scripting (XSS) attacks are a type of injection, in which
malicious scripts are injected into otherwise benign and trusted web
sites
 https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

41. #3rd Position @OWASP

42. https://twitter.com/brutelogic/status/640141613134692352
 Credit : Brute Logic

43. Types of XSS
1. Stored XSS (Persistent)
2. Reflected XSS (Non-Persistent)
3. DOM XSS
4. TRACE XSS
5. Self XSS

44. 1. Stored XSS

45. 2. Reflected XSS

46. 3. DOM based XSS
 Basically all HTML documents have an associated DOM, consisting of
objects representing the document properties from the point of view
of the browse
 Whenever a script is executed client-side, the browser provides the
code with the DOM of the HTML page where the script runs, thus,
offering access to various properties of the page and their values,
populated by the browser from its perspective.
 The script code never gets to the server

47. E.g. Marktplaats- Bug Bounty – DOM based XSS - Fixed

49. Self XSS – Microsoft – NA

50. How they fixed it?

51. Demo:
bWAPP – Windows / VM machine
Burp suite-pro
Download link:-
http://sourceforge.net/projects/bwapp/

52. Set up:-
Attacker - Windows 8 Victim - Kali Linux
Internet
Consider this as public forum which is vulnerable to XSS

54. XSS Bug – Video

55. What is CSRF ?
 Wiki Says :-
http://en.wikipedia.org/wiki/Cross-site_request_forgery

56. Description
“Cross-site Request Forgery is a vulnerability in a
website that allows attackers to force victims to
perform security-sensitive actions on that site
without their knowledge.”

57. #8th Position @OWASP

58. Why CSRF so important ?

59. Highest paid bounty for CSRF: 10,000$
 http://yasserali.com/hacking-paypal-accounts-with-one-click/

60. Latest | News
 Pay pal Defaced by CSRF

61. Latest | News
 Facebook Hacked #CSRF
Link: http://pyx.io/blog/facebook-csrf-leading-to-full-account-takeover

62. Latest | News Blogger hacked # CSRF
 Blogger hacked # CSRF

63. Latest | News
 Blackberry CSRF leading to takeover user profile information
 http://shield4you.blogspot.in/2015/08/how-i-hacked-blackberrycom-to-update.html
 https://twitter.com/nilesh_loganx/status/630357485262663681

64. How this works ?

65. Anatomy of CSRF Attack
 Step 1: Attacker hosts web pages with pre-populated HTML form data.
 Step 2: Victim browses to attacker’s HTML form.
 Step 3: Page automatically submits pre-populated form data to a site
where victim has access (No verification done by server as browser is
performing request by checking cookies)
 Step 4: Site Authenticates request (with attacker’s form data) as coming
from victim
Result : Attacker’s form data is accepted by server since it was sent from
legitimate user.

66. For more details about CSRF
Its all about CSRF - null Mumbai Meet 10 January 2015 Null/OWASP
Chapter
http://www.slideshare.net/Nilesh_logan/null-its-all-about-csrf
Cross Site Request Forgery - Anti-CSRF token bypass
http://shield4you.blogspot.in/2015/03/cross-site-request-forger-anti-
csrf.html

67. CSRF Bug – Video

68. Practical time 
bWAPP – Windows / VM machine
Burp suite-pro
Download link:-
http://sourceforge.net/projects/bwapp/

69. IDOR
I Insecure
D Direct
O Object
R Reference

70. #4th Position @OWASP

71. Highest paid bounty for IDOR - $20,000
 https://fin1te.net/articles/hijacking-a-facebook-account-with-sms/

72. Example 1:- As simple as that
 https://hackerone.com/reports/49356

73. Example 2 :- Delete Credit Cards from any
Twitter Account
 https://hackerone.com/reports/27404

74. Business Impact :-
 Sensitive information retrieval via parameters
 Deleting another user’s information
 Change delivery address of an order.
 View someone's else profile on behalf of authorised user
 Reclaiming other user’s data

75. Problem ?
1. No Secure Access model.
2. Numeric IDs.
3. Error message show and tell
4. Inconsistent ID sources
E.g. /abcd/test/123
/abcd/?test=123

76. Practical time 
bWAPP – Windows / VM machine
Burp suite-pro
Download link:-
http://sourceforge.net/projects/bwapp/

77. IDOR Bug – Video

78. Lets have Challenge

79. Before we start :- Final Takeaway
 https://twitter.com/brutelogic/status/649247337190137857

80. Hold on !!!
The First reporter will get gift vouchers ;)

81. Online testing site – Test without going jail
TARGET 1
http://testasp.vulnweb.com (Forum - ASP)
Bug to find
1. Open redirection
2. Reflected XSS
3. Stored XSS

82. PS:
 This presentation is purely to give idea about one of information
security domain (web application) inside view.
 Its up to you to decide right carrier path according to your choice /
likes / dislikes

83. Questions ?

84. Thank you 
Comments | Feedback | Suggestions
 Twitter : https://twitter.com/nilesh_loganx
 Email: nilesh.s.sapariya@gmail.com
 Blog: http://shield4you.blogspot.in/
 LinkedIn: https://www.linkedin.com/pub/nilesh-sapariya/39/33/735
 Slide share: http://www.slideshare.net/Nilesh_logan