SlideShare a Scribd company logo

Fortifying Ruby On Rails Web Application Security

OWASP Nagpur
OWASP Nagpur

OWASP Chapters All Day Hours 19 - OWASP Nagpur Session 2

Internet
1 of 13
Download to read offline
Chapters All DayTM Fortifying Ruby On Rails Web Application Framework Security By Sahil Tembhare OWASP Nagpur
Chapters All DayTM About Me Sahil Tembhare ● Engineering Student (Computer Science and Engineering) ● Part Time Bug Bounty Hunter ● Likes to code in Ruby and Rust ● One of the OWASP Nagpur Chapter Leader peeper35 on and
Chapters All DayTM Some of the Tech Giants are using Rails Application Development and configuration is such an ease, and therefore sometimes not easy to secure Why care about Rails?
Chapters All DayTM Sessions Goal 1. Securing your Rails Application 2. Keep a track of some of the CVE’s and patch them
Chapters All DayTM SQL Injection in Rails ● ORM’s does not completely prevents SQLi’s There are some methods in ActiveRecord (The ORM which Rails use) which can cause SQLi’s, one must know these methods and use them safely. One of these methods are - 1. delete_all() -> params[:id] = "1) OR 1=1--" User.delete_all(“id = #{params[:id]}”) This will become -> DELETE from “users” WHERE (id = 1) OR 1=1--) Which will result in deletion fo all the records from users table The delete_all() method takes string, array or hash argument. Strings are not escaped at all which causes the SQL Injection, the string needs to be escaped first.
Chapters All DayTM Ruby 2.x Universal RCE Deserialization Gadget Chain Ruby uses a gem (library) named Marshal for serialization and deserialization of objects Deserializing untrusted data can be dangerous ActiveSupport and ERB must be loaded already - these conditions are already satisfied by Ruby On Rails Now with all these conditions are satisfied we can hunt for the Gadget Chain There are some available gadget chains found by researchers require and autoload Complete research about the topic: https://www.elttam.com//blog/ruby-deserialization/
Chapters All DayTM Easy RCE in MiniMagick gem Vulnerable version - before 4.9.4 Fetching a remote image could cause a Remote Code Execution just using a single | (pipe) The Image.open from MiniMagick library takes input and passes it directly to Kernel#open And Kernel#open accepts a pipe character | followed by a command. Reference to CVE: https://twitter.com/VulmonFeeds/status/1149556950364856320
Chapters All DayTM CVE 2019-5418 - File Content Disclosure Affected Version: All Fixed in: 6.0.0.beta3 File Content Disclosure in ActionView The render function in ActionView causes this vulnerability render file: does not takes a proper file accept format The impact is only limited to the calls to render CVE Reference: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails-file-content-disclosure-cve-2019-5418/
Chapters All DayTM SSRF in Ruby’s native Resolver CVE 2017-0904 SSRF filters can be bypassed using resolv::getaddresses resolv::getaddresses is completely OS Dependent Playing around with IP’s can give blank values Resolv.getaddresses("127.0.0.1") -> ["127.0.0.1"] ~ expected result Resolv.getaddresses("127.000.000.1") -> [] ~ unexpected result require 'resolv' uri = "0x7f.1" # "0x7f.1" server_ips = Resolv.getaddresses(uri) # [] ~ The bug here blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] # ["127.0.0.1", "::1", "0.0.0.0"] (Code Snippets took from the reference site) (blocked_ips & server_ips).any? # false ~ Bypassed the filter Full reference: https://edoverflow.com/2017/ruby-resolv-bug/
Chapters All DayTM Demo Time CVE 2019-5418 - File Content Disclosure
Chapters All DayTM References and Further Reading ● https://rails-sqli.org/ ● https://www.elttam.com//blog/ruby-deserialization/ ● https://twitter.com/VulmonFeeds/status/1149556950364856320 ● https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails- file-content-disclosure-cve-2019-5418/ ● https://www.youtube.com/watch?v=HNyrUS1lsIE ● https://edoverflow.com/2017/ruby-resolv-bug/ ● https://hackerone.com/rails/hacktivity ● https://www.youtube.com/watch?v=AFOlxqQCTxs ● http://guides.rubyonrails.org/security.html ● https://github.com/OWASP/railsgoat
Chapters All DayTM Rails Security Checklist Let CanCanCan handle the authorization model in your app - https://github.com/CanCanCommunity/cancancan Devise for authentication part https://github.com/heartcombo/devise protect_from_forgery with: :exception on sensitive controller actions etc... Further Reading: https://guides.rubyonrails.org/security.html
Chapters All DayTM THANK YOU! Questions? peeper35 on and

Recommended

What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0Matt Raible
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Java frameworks
Java frameworksJava frameworks
Java frameworksMurat Can ALPAY
 
Spring framework
Spring frameworkSpring framework
Spring frameworksrmelody
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 

Recommended

What's New in AppFuse 2.0
What's New in AppFuse 2.0What's New in AppFuse 2.0
What's New in AppFuse 2.0Matt Raible
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Spring boot competitive tests
Spring boot competitive testsSpring boot competitive tests
Spring boot competitive testsSkillPracticalEdTech
 
Spring competitive tests
Spring competitive testsSpring competitive tests
Spring competitive testsSkillPracticalEdTech
 
Java frameworks
Java frameworksJava frameworks
Java frameworksMurat Can ALPAY
 
Spring framework
Spring frameworkSpring framework
Spring frameworksrmelody
 
Vulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxVulnerable_and_outdated_components_suman.pptx
Vulnerable_and_outdated_components_suman.pptxSuman Astani
 
Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Robert Scholte
 
Codemotion 2015 spock_workshop
Codemotion 2015 spock_workshopCodemotion 2015 spock_workshop
Codemotion 2015 spock_workshopFernando Redondo Ramírez
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingKnoldus Inc.
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Franz Allan See
 
Spring Tutorial
Spring TutorialSpring Tutorial
Spring TutorialeMexo Technologies
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Robot framework
Robot frameworkRobot framework
Robot frameworkKushan Shalindra Amarasiri - Technical QE Specialist
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Edureka!
 
Selenium
SeleniumSelenium
SeleniumMayuresh Wadekar
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaEdureka!
 
SpringBoot
SpringBootSpringBoot
SpringBootJaran Flaath
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration TestNicole Gaehle, MSIST
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
Spring Boot
Spring BootSpring Boot
Spring BootJaran Flaath
 
Owasp lapse
Owasp lapseOwasp lapse
Owasp lapsen|u - The Open Security Community
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...Eric Smalling
 
Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuningJerry Kurian
 

More Related Content

What's hot

Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Robert Scholte
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingKnoldus Inc.
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introductionSagar Verma
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualizationsecurityxploded
 
The history of selenium
The history of seleniumThe history of selenium
The history of seleniumArun Motoori
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Franz Allan See
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysissecurityxploded
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Edureka!
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaEdureka!
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Androidsecurityxploded
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysissecurityxploded
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...Eric Smalling
 

What's hot (20)

Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)Apache Maven and Java 9 and 10 (Devoxx France 2018)
Apache Maven and Java 9 and 10 (Devoxx France 2018)
 
Codemotion 2015 spock_workshop
Codemotion 2015 spock_workshopCodemotion 2015 spock_workshop
Codemotion 2015 spock_workshop
 
Servlet to Spring: Internal Understanding
Servlet to Spring: Internal UnderstandingServlet to Spring: Internal Understanding
Servlet to Spring: Internal Understanding
 
Springboot introduction
Springboot introductionSpringboot introduction
Springboot introduction
 
Application Virtualization
Application VirtualizationApplication Virtualization
Application Virtualization
 
The history of selenium
The history of seleniumThe history of selenium
The history of selenium
 
Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12Robotframework Presentation - Pinoy Python Meetup 2011January12
Robotframework Presentation - Pinoy Python Meetup 2011January12
 
Spring Tutorial
Spring TutorialSpring Tutorial
Spring Tutorial
 
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox AnalysisAdvanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
Advanced Malware Analysis Training Session 6 - Malware Sandbox Analysis
 
Robot framework
Robot frameworkRobot framework
Robot framework
 
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
Spring Interview Questions and Answers | Spring Tutorial | Spring Framework T...
 
Selenium
SeleniumSelenium
Selenium
 
Selenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | EdurekaSelenium Maven With Eclipse | Edureka
Selenium Maven With Eclipse | Edureka
 
SpringBoot
SpringBootSpringBoot
SpringBoot
 
Vm Penetration Test
Vm Penetration TestVm Penetration Test
Vm Penetration Test
 
Advanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to AndroidAdvanced Malware Analysis Training Session 8 - Introduction to Android
Advanced Malware Analysis Training Session 8 - Introduction to Android
 
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware AnalysisReversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
Reversing & Malware Analysis Training Part 9 - Advanced Malware Analysis
 
Spring Boot
Spring BootSpring Boot
Spring Boot
 
Owasp lapse
Owasp lapseOwasp lapse
Owasp lapse
 
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...So. many. vulnerabilities. Why are containers such a mess and what to do abou...
So. many. vulnerabilities. Why are containers such a mess and what to do abou...
 

Similar to Fortifying Ruby On Rails Web Application Security

Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing3S Labs
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuningJerry Kurian
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationSecurity Bootcamp
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs SecurityJason Ross
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEDavid Jorm
 
GraalVM Overview Compact version
GraalVM Overview Compact versionGraalVM Overview Compact version
GraalVM Overview Compact versionscalaconfjp
 
A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!Muhammad Ghazali
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoringOracle Korea
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringDonghuKIM2
 
Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Untung D Saptoto
 
Selenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolSelenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolAtsushi Sano
 
Selenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzSelenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzTraining Institute
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5Soheil Khodayari
 
selenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfselenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfAnuragMourya8
 
Mobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMichael Palotas
 
Java online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingJava online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingVyshnavi Reddy
 

Similar to Fortifying Ruby On Rails Web Application Security (20)

Ruby on Rails Penetration Testing
Ruby on Rails Penetration TestingRuby on Rails Penetration Testing
Ruby on Rails Penetration Testing
 
Java performance tuning
Java performance tuningJava performance tuning
Java performance tuning
 
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web applicationNguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
Nguyen Phuong Truong Anh - Some new vulnerabilities in modern web application
 
Nodejs Security
Nodejs SecurityNodejs Security
Nodejs Security
 
Auscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCEAuscert 2022 - log4shell and history of Java deserialisation RCE
Auscert 2022 - log4shell and history of Java deserialisation RCE
 
SOHIL_RM (1).pptx
SOHIL_RM (1).pptxSOHIL_RM (1).pptx
SOHIL_RM (1).pptx
 
GraalVM Overview Compact version
GraalVM Overview Compact versionGraalVM Overview Compact version
GraalVM Overview Compact version
 
A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!A Good PHP Framework For Beginners Like Me!
A Good PHP Framework For Beginners Like Me!
 
Spring boot microservice metrics monitoring
Spring boot microservice metrics monitoringSpring boot microservice metrics monitoring
Spring boot microservice metrics monitoring
 
Spring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics MonitoringSpring Boot - Microservice Metrics Monitoring
Spring Boot - Microservice Metrics Monitoring
 
Web application development with laravel php framework version 4
Web application development with laravel php framework version 4Web application development with laravel php framework version 4
Web application development with laravel php framework version 4
 
oraclewls-jrebel
oraclewls-jrebeloraclewls-jrebel
oraclewls-jrebel
 
Selenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing ToolSelenium RC - Web Application Testing Tool
Selenium RC - Web Application Testing Tool
 
Selenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemzSelenium training-course-content-syllabus-credo systemz
Selenium training-course-content-syllabus-credo systemz
 
.net Framework
.net Framework.net Framework
.net Framework
 
Web Development with Laravel 5
Web Development with Laravel 5Web Development with Laravel 5
Web Development with Laravel 5
 
selenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdfselenium-webdriver-interview-questions.pdf
selenium-webdriver-interview-questions.pdf
 
Speedy TDD with Rails
Speedy TDD with RailsSpeedy TDD with Rails
Speedy TDD with Rails
 
Mobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructureMobile Test Automation using one API and one infrastructure
Mobile Test Automation using one API and one infrastructure
 
Java online training, java training in bangalore, java training
Java online training, java training in bangalore, java trainingJava online training, java training in bangalore, java training
Java online training, java training in bangalore, java training
 

More from OWASP Nagpur

Open Source Everything
Open Source EverythingOpen Source Everything
Open Source EverythingOWASP Nagpur
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug BountiesOWASP Nagpur
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur
 
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019OWASP Nagpur
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur
 

More from OWASP Nagpur (7)

Open Source Everything
Open Source EverythingOpen Source Everything
Open Source Everything
 
SSRF For Bug Bounties
SSRF For Bug BountiesSSRF For Bug Bounties
SSRF For Bug Bounties
 
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and ProfitOWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
OWASP Nagpur - Attacking Web Applications Business Logic for Fun and Profit
 
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
DevSecOps Introduction Tushar Joshi - Owasp Nagpur Meetup 12 May 2019
 
OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101OWASP Nagpur Meet #3 RF Hacking 101
OWASP Nagpur Meet #3 RF Hacking 101
 
OWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android REOWASP Nagpur Meet #3 Android RE
OWASP Nagpur Meet #3 Android RE
 
OWASP Nagpur Meet #4
OWASP Nagpur Meet #4 OWASP Nagpur Meet #4
OWASP Nagpur Meet #4
 

Recently uploaded

CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Onlineanilsa9823
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Standkumarajju5765
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.soniya singh
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...Diya Sharma
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Servicesexy call girls service in goa
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...APNIC
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Delhi Call girls
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.soniya singh
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024APNIC
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Sheetaleventcompany
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Servicegwenoracqe6
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceDelhi Call girls
 

Recently uploaded (20)

CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service OnlineCALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
CALL ON ➥8923113531 🔝Call Girls Lucknow Lucknow best sexual service Online
 
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night StandHot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
Hot Call Girls |Delhi |Hauz Khas ☎ 9711199171 Book Your One night Stand
 
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Green Park Escort Service Delhi N.C.R.
 
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in DubaiRussian Call Girls in %(+971524965298 )# Call Girls in Dubai
Russian Call Girls in %(+971524965298 )# Call Girls in Dubai
 
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
₹5.5k {Cash Payment}New Friends Colony Call Girls In [Delhi NIHARIKA] 🔝|97111...
 
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine ServiceHot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
Hot Service (+9316020077 ) Goa Call Girls Real Photos and Genuine Service
 
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Pratap Nagar Delhi 💯Call Us 🔝8264348440🔝
 
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
'Future Evolution of the Internet' delivered by Geoff Huston at Everything Op...
 
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
Best VIP Call Girls Noida Sector 75 Call Me: 8448380779
 
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Defence Colony Delhi 💯Call Us 🔝8264348440🔝
 
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Sukhdev Vihar Delhi 💯Call Us 🔝8264348440🔝
 
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
Call Now ☎ 8264348440 !! Call Girls in Shahpur Jat Escort Service Delhi N.C.R.
 
On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024On Starlink, presented by Geoff Huston at NZNOG 2024
On Starlink, presented by Geoff Huston at NZNOG 2024
 
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
Call Girls Service Chandigarh Lucky ❤️ 7710465962 Independent Call Girls In C...
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
Call Girls In Model Towh Delhi 💯Call Us 🔝8264348440🔝
 
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl ServiceRussian Call girl in Ajman +971563133746 Ajman Call girl Service
Russian Call girl in Ajman +971563133746 Ajman Call girl Service
 
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No AdvanceRohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
Rohini Sector 6 Call Girls Delhi 9999965857 @Sabina Saikh No Advance
 
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
@9999965857 🫦 Sexy Desi Call Girls Laxmi Nagar 💓 High Profile Escorts Delhi 🫶
 
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort ServiceEnjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
Enjoy Night⚡Call Girls Dlf City Phase 3 Gurgaon >༒8448380779 Escort Service
 

Fortifying Ruby On Rails Web Application Security

  • 1. Chapters All DayTM Fortifying Ruby On Rails Web Application Framework Security By Sahil Tembhare OWASP Nagpur
  • 2. Chapters All DayTM About Me Sahil Tembhare ● Engineering Student (Computer Science and Engineering) ● Part Time Bug Bounty Hunter ● Likes to code in Ruby and Rust ● One of the OWASP Nagpur Chapter Leader peeper35 on and
  • 3. Chapters All DayTM Some of the Tech Giants are using Rails Application Development and configuration is such an ease, and therefore sometimes not easy to secure Why care about Rails?
  • 4. Chapters All DayTM Sessions Goal 1. Securing your Rails Application 2. Keep a track of some of the CVE’s and patch them
  • 5. Chapters All DayTM SQL Injection in Rails ● ORM’s does not completely prevents SQLi’s There are some methods in ActiveRecord (The ORM which Rails use) which can cause SQLi’s, one must know these methods and use them safely. One of these methods are - 1. delete_all() -> params[:id] = "1) OR 1=1--" User.delete_all(“id = #{params[:id]}”) This will become -> DELETE from “users” WHERE (id = 1) OR 1=1--) Which will result in deletion fo all the records from users table The delete_all() method takes string, array or hash argument. Strings are not escaped at all which causes the SQL Injection, the string needs to be escaped first.
  • 6. Chapters All DayTM Ruby 2.x Universal RCE Deserialization Gadget Chain Ruby uses a gem (library) named Marshal for serialization and deserialization of objects Deserializing untrusted data can be dangerous ActiveSupport and ERB must be loaded already - these conditions are already satisfied by Ruby On Rails Now with all these conditions are satisfied we can hunt for the Gadget Chain There are some available gadget chains found by researchers require and autoload Complete research about the topic: https://www.elttam.com//blog/ruby-deserialization/
  • 7. Chapters All DayTM Easy RCE in MiniMagick gem Vulnerable version - before 4.9.4 Fetching a remote image could cause a Remote Code Execution just using a single | (pipe) The Image.open from MiniMagick library takes input and passes it directly to Kernel#open And Kernel#open accepts a pipe character | followed by a command. Reference to CVE: https://twitter.com/VulmonFeeds/status/1149556950364856320
  • 8. Chapters All DayTM CVE 2019-5418 - File Content Disclosure Affected Version: All Fixed in: 6.0.0.beta3 File Content Disclosure in ActionView The render function in ActionView causes this vulnerability render file: does not takes a proper file accept format The impact is only limited to the calls to render CVE Reference: https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails-file-content-disclosure-cve-2019-5418/
  • 9. Chapters All DayTM SSRF in Ruby’s native Resolver CVE 2017-0904 SSRF filters can be bypassed using resolv::getaddresses resolv::getaddresses is completely OS Dependent Playing around with IP’s can give blank values Resolv.getaddresses("127.0.0.1") -> ["127.0.0.1"] ~ expected result Resolv.getaddresses("127.000.000.1") -> [] ~ unexpected result require 'resolv' uri = "0x7f.1" # "0x7f.1" server_ips = Resolv.getaddresses(uri) # [] ~ The bug here blocked_ips = ["127.0.0.1", "::1", "0.0.0.0"] # ["127.0.0.1", "::1", "0.0.0.0"] (Code Snippets took from the reference site) (blocked_ips & server_ips).any? # false ~ Bypassed the filter Full reference: https://edoverflow.com/2017/ruby-resolv-bug/
  • 10. Chapters All DayTM Demo Time CVE 2019-5418 - File Content Disclosure
  • 11. Chapters All DayTM References and Further Reading ● https://rails-sqli.org/ ● https://www.elttam.com//blog/ruby-deserialization/ ● https://twitter.com/VulmonFeeds/status/1149556950364856320 ● https://www.netsparker.com/web-vulnerability-scanner/vulnerabilities/ruby-on-rails- file-content-disclosure-cve-2019-5418/ ● https://www.youtube.com/watch?v=HNyrUS1lsIE ● https://edoverflow.com/2017/ruby-resolv-bug/ ● https://hackerone.com/rails/hacktivity ● https://www.youtube.com/watch?v=AFOlxqQCTxs ● http://guides.rubyonrails.org/security.html ● https://github.com/OWASP/railsgoat
  • 12. Chapters All DayTM Rails Security Checklist Let CanCanCan handle the authorization model in your app - https://github.com/CanCanCommunity/cancancan Devise for authentication part https://github.com/heartcombo/devise protect_from_forgery with: :exception on sensitive controller actions etc... Further Reading: https://guides.rubyonrails.org/security.html
  • 13. Chapters All DayTM THANK YOU! Questions? peeper35 on and