Professional Documents
Culture Documents
ATTACKS AND
MITIGATION
Detox Technologies
OWASP Top 10 - OWASP Top 10 -
2013 2017
1. Injection 1. Injection
2. Broken Authentication and 2. Broken Authentication
Session Management
3. Sensitive Data Exposure
3. Cross-Site Scripting (XSS)
4. XML External Entities (XXE)
4. Insecure Direct Object
References (IDOR) 5. Broken Access Control
5. Security Misconfiguration 6. Security Misconfiguration
6. Sensitive Data Exposure 7. Cross-Site Scripting (XSS)
7. Missing Function Level Access 8. Insecure Deserialization.
Control
9. Using Components with
8. Cross Site Request Forgery Known Vulnerabilities
(CSRF)
10. Insufficient Logging &
9. Using Components with Known
Monitoring
Vulnerabilities
10. Unvalidated Redirects and
Forwards
INJECTION
Any attack of tricking the interpreter at
backend to serve any unauthorized data or
perform any unauthorized action
Command Injection
OS Injection
LDAP Injection
SQL Injection
SQL Injection
EXAMPLES
API
PARAMETERIZED QUERY
PREPARED STATEMENTS
WHITELIST CHARACTERS
ENCODING
LENGTH LIMITING
BROKEN AUTHENTICATION• User authentication credentials aren’t
properly protected when stored using
hashing or encryption
Strong Password
Secure Channel
Properly Implemented MFA
Server Issued Session ID with High Entropy
Logical Vulnerabilities to avoid session hijacking
Avoid XSS
SENSITIVE DATA EXPOSURE
What is your sensitive data
How is it stored
How it is attacked
An application encrypts credit card numbers in a database using
automatic database encryption. However, this data is automatically
decrypted when retrieved, allowing a SQL injection flaw to retrieve
credit card numbers in clear text. Alternatives include not storing
credit card numbers, using tokenization, or using public key
encryption.
MITIGATIONS
XML EXTERNAL ENTITIES
What is XXE
Who can be attacked
What can XXE Do
<?xml version="1.0" encoding="ISO-8859-
How to attack 1"?> <!DOCTYPE foo [ <!ELEMENT foo
ANY > <!ENTITY xxe SYSTEM
"file:///etc/passwd" >]>
<foo>&xxe;</foo>
MITIGATIONS
BROKEN ACCESS CONTROL (BAC)
MITIGATIONS
Unnecessary ports/pages open
Improper Error Handling
Lack of security headers
Outdated versions of technologies/tools/libraries/plugins
Default accounts and passwords in place
Logical and business vulnerabilities
SECURITY MISCONFIGURATION
MITIGATION
MITIGATIONS
INSECURE
DESERIALIZATION
What is serialization
What can insecure deserialization do
MITIGATIONS
USING COMPONENTS WITH KNOWN
VULNERABILITIES
Server
Plugins
Services
Functions vulnerable to
Libraries buffer overflow
Languages
Apache 1.x
Tomcat 7.x
IIS 6.0
SSH 2.x Vulnerable WP
plugins
Update
Discard outdated
Constantly monitor
MITIGATION
INSUFFICIENT LOGGING AND
MONITORING
A major US retailer
reportedly had an internal
malware analysis sandbox
analyzing attachments. The
Logging vs Monitoring sandbox software had
Why is logging Necessary detected potentially
unwanted software, but no
one responded to this
detection. The sandbox had
been producing warnings
An attacker uses scans for users using a for some time before the
common password. They can take over all breach was detected due to
fraudulent card transactions
accounts using this password. For all other
by an external bank.
users, this scan leaves only one false login
behind. After some days, this may be
repeated with a different password.
Best Practices
Backups
IDS/IPS
Centralized Access
MITIGATIONS
CONCLUSION
THANK YOU