SMT 1-2 Web Security Overview
Summary
TLDRThis web security session delves into common vulnerabilities, focusing on the OWASP Top 10, which lists critical web security risks updated every few years. It covers client-side issues like XSS, CSRF, and authentication, and server-side threats including SQL injection, SSRF, and local file inclusion. The session explains the importance of proper configuration, software updates, and secure authentication practices to mitigate risks like injection attacks and path traversal, which can lead to unauthorized access and data leaks.
Takeaways
- 🌐 Web security is crucial for protecting against vulnerabilities on both client and server sides.
- 🔒 The OWASP Top 10 is a widely recognized list of web security vulnerabilities that are updated every 3-4 years.
- 📉 Injection attacks, including SQL, OS, and LDAP, have consistently ranked as a top vulnerability but dropped to third in the 2021 version.
- 🔑 Broken authentication is a persistent issue, always ranking highly and including access control and session management flaws.
- 📝 Cross-Site Scripting (XSS) has been a notable vulnerability, but SSRF (Server Side Request Forgery) has been added in the latest version.
- 🛠️ Security misconfiguration is a recurring issue, highlighting the importance of proper settings to maintain security.
- 🔄 Outdated components are a significant risk, with regular software updates being essential to protect against vulnerabilities.
- 📜 Local File Inclusion (LFI) allows attackers to include and potentially leak local server files through user input.
- 🔄 Path Traversal enables attackers to access unauthorized files by manipulating directory paths.
- 📁 File upload vulnerabilities can lead to the execution of malicious code on the server if arbitrary file uploads are allowed.
- 💡 Understanding and mitigating these vulnerabilities is key to enhancing web application security.
Q & A
What is the main focus of the web security session described in the transcript?
-The main focus of the session is to provide an overview of web security, covering topics such as the OWASP Top 10, client-side and server-side vulnerabilities, including XSS, CSRF, authentication, SQL injection, SSRF, LFI, path traversal, and file upload vulnerabilities.
What is the OWASP Top 10 project?
-The OWASP Top 10 project is a list of the 10 most critical web security vulnerabilities that are regularly updated every 3 or 4 years. It is widely referenced by standards, books, papers, and organizations for understanding and addressing web security risks.
Why is the injection vulnerability significant in web security?
-Injection vulnerabilities, including SQL, OS command, and LDAP injection, are significant because they have consistently ranked high in the OWASP Top 10, indicating their potential to have a major impact on web security.
What is the difference between authentication and authorization in the context of web security?
-Authentication is the process of verifying who the user is, typically through passwords. Authorization, on the other hand, is the process of verifying what applications and data a user can access. Authorization always takes place after authentication.
Why should client-side authentication be avoided in web applications?
-Client-side authentication should be avoided because it can be easily manipulated and bypassed. Developers should authenticate on the server-side to ensure security.
What is Local File Inclusion (LFI) vulnerability, and how can it be exploited?
-LFI is a vulnerability that allows an attacker to include files that are locally present on the server. It can be exploited by providing the path to the file as user input, potentially leading to the leakage of sensitive information.
What is Path Traversal, and how does it differ from Local File Inclusion?
-Path Traversal is a vulnerability that allows attackers to access files on the web server that they should not have access to by manipulating the file path. Unlike LFI, which focuses on including local files, Path Traversal focuses on accessing unauthorized files by traversing the directory structure.
What techniques can be used to bypass Path Traversal security measures?
-Techniques to bypass Path Traversal security measures include using '../' to represent the parent directory, encoding slashes as '%2F' or '%5C', and utilizing alternative representations like 'dot-dot-slash' to traverse directories.
What is a file upload vulnerability, and how can it be exploited by an attacker?
-A file upload vulnerability occurs when a web service allows users to upload files to the server without proper validation. Attackers can exploit this by uploading malicious files to the server's file system, potentially leading to the execution of arbitrary code or OS commands.
What is a webshell, and how is it related to file upload vulnerabilities?
-A webshell is a script or program that is uploaded to a web server and allows an attacker to execute OS commands remotely through the website. It is related to file upload vulnerabilities because if an attacker can upload a webshell to the server, they can gain unauthorized control over the system.
Outlines
🛡️ Web Security Overview and OAS Top 10
This paragraph introduces the web security session, highlighting the distinction between client-side and server-side vulnerabilities. The client side is prone to XSS, CSRF, and client-side authentication issues, while the server side faces SQL injection, SSRF, local file inclusion, path traversal, and file upload risks. The Open Web Application Security Project (OWASP) Top 10 is discussed as a critical list of web security vulnerabilities updated every 3-4 years. The paragraph also reviews the changes in the ranking of vulnerabilities from 2013 to 2021, emphasizing the importance of proper configuration and regular software updates to mitigate risks.
🔒 Authentication vs. Authorization and Security Vulnerabilities
The second paragraph delves into the concepts of authentication and authorization, explaining that authentication verifies user identity while authorization determines access to applications and data. It cautions against client-side authentication due to its susceptibility to manipulation. The paragraph then discusses local file inclusion (LFI), a vulnerability where user input can lead to the inclusion of unintended local files, potentially leaking sensitive information. It also touches on path traversal, where attackers can access unauthorized files by manipulating file paths. Several path traversal techniques are presented, including the use of directory traversal payloads and URL encoding to bypass security measures.
Mindmap
Keywords
💡Web Security
💡OWASP Top 10
💡Injection
💡Broken Authentication
💡XSS (Cross-Site Scripting)
💡SSRF (Server-Side Request Forgery)
💡Configuration
💡Outdated Components
💡Client-Side Authentication
💡Local File Inclusion (LFI)
💡Path Traversal
💡File Upload Vulnerability
Highlights
Web security session focuses on an overview of web security vulnerabilities including a WAS, top 10 overview, and various client and server-side issues.
Client-side vulnerabilities include XSS, CSRF, and client-side authentication, while server-side issues encompass SQL injection, SSRF, local file inclusion, path traversal, and file upload.
OAS top 10 project lists 10 web security vulnerabilities with significant impact, first published in 2003 and regularly updated.
The OAS top 10 list is widely referenced by standards, books, papers, and organizations for its comprehensive vulnerability coverage.
Injection, including SQL, OS command, and LDAP injection, was the top vulnerability in 2013 and 2017 but dropped to number three in the 2021 version.
Broken authentication consistently ranks high, indicating the importance of robust access control and session management.
XSS, or cross-site scripting, has been a prominent vulnerability in recent years, affecting web applications.
SSRF, or server-side request forgery, has been added to the latest version of the OAS top 10, highlighting its growing significance.
Security configuration and outdated components are emphasized as important vulnerabilities, underscoring the need for regular software updates.
Using known vulnerable components is a recurring issue, ranked consistently across different versions of the OAS top 10.
Injection vulnerabilities occur when user input is not validated, leading to potential security breaches.
SSRF allows attackers to make the server request to another server, exploiting vulnerabilities when importing remote resources.
Authentication is about verifying user identity, typically through passwords, while authorization is about access control to applications and data.
Client-side authentication can be easily manipulated; server-side authentication is recommended for security.
Local file inclusion (LFI) is a vulnerability where user input can lead to the inclusion of unintended local files on the server.
Path traversal allows attackers to access unauthorized files on the web server by manipulating directory paths.
File upload vulnerability can enable attackers to upload malicious files to the server, potentially executing arbitrary code.
Webshell is a type of file that, when uploaded, allows execution of OS commands through the web application.
Transcripts
welcome back to the web security session
today we are going to look at web
security overview which includes a was
top 10 overview client side
authentication local file inclusion path
Traverse and file
upload before we get started let's recap
this figure on the left side is the
client and on the right side is the
server on each side there are
vulnerabilities or security issues that
can occur on the client side we have xss
csrf and client side authentication
while on the server side we have SQL
injection ssrf local file inclusion path
Traverse and file upload we will dive
into this topic
later let's start with OAS top 10 OAS
top 10 project is a list of 10 web
security vulnerabilities that can have a
significant impact on security first
published in 2003 it is regularly
updated many standards books papers and
organizations refer to this OAS top 10
project the security vulnerabilities
list is updated every 3 or 4 years
regularly this is what the OAS top 10
tables look like for previous years in
the previous slide we learned that OAS
top 10 list serious vulnerabilities and
that they are updated every 3 or 4 years
and on the right side is the latest 2021
version let's check the content of this
table together the injection was top one
in both the 2013 and 2017 ranks but
dropped to number three in the latest
version the injection includes SQL OS
command injection and ldap injection
broken authentication is always in the
top rank this includes broken access
control and broken authentication and
session management xss also known as
cross- site scripting is out in the
latest version instead the ssrf or
server side request forgery has now been
added to the latest version security
configuration is a five in the latest
version a six in the 2017 version and a
six in the 2013 version this means
proper configuration is important in
security also outdated component is rank
six which means regular updates of the
latest version of the software can
protect from many vulnerabilities it was
also ranked nine in both the 2013 and
2017 tables as using known vulnerable
components and using components with
known vulnerabilities so do update your
software and keep it the latest because
it can protect you from many
vulnerabilities now let's see what
injection and S srfr the injection
includes SQL OS command and ldap
injection and it occurs when a web
application uses the user input without
validating the user input on the other
hand attackers use ssrf and make the
server request to the other server ssrf
occurs when a web application Imports a
remote resource without validating the
URL provider Ed by the
user before we talk in detail about
client side authentication let's look at
authorization versus authentication
authentication is the process of
verifying who the user is it works
through passwords in General on the
other hand authorization is the process
of verifying what applications and data
a user can access to authorization
always takes place after
authentication when authentication is
processed on the client side it can be
easily manipulated and bypassed
developers never authenticate using
JavaScript instead they authenticate on
the server
side let's move on to local file
inclusion local file inclusion is the
process of including files that are
locally present on the server this
vulnerability can occur when a page
receives the path to the file that has
to be included as user
input for example here we have the
following URL the following server URL
can be act like this instead of this URL
with read PHP as written in the subtitle
we can use other URL which is also shown
in the subtitle if there is a local file
located in the URL the local file
slcp passwd can also be included with
that we can leak the contents in slcp
passwd if you understand the lfi
vulnerability that we covered in the
previous video you can understand path
Traverse a past traversal vulnerability
allows the attackers to access files on
the web server that they should not
access the attacker can call other apis
by accessing the parent path d da means
Parent Directory which means the
attacker can access files in The Parent
Directory in other words the attacker
can Traverse the
server now let's take a look at some
examples of path Traverse bypass
techniques let's take a look one by one
at this payload first is this in the
subtitle which is the parent
directory second we have do percent 2f
which is the hex decimal expression of a
sci code for slash we can also change do
slash with percent to e and it would
make it like this in the
subtitle then we have. backlash backs
slash can also be encoded as percent 5c
we can also express it like this in the
subtitle finally we have this as shown
in the
subtitle there are also many other types
of payloads besides
this let's move on to the file upload
vulnerability file upload means
uploading some files to a server through
a web service users can upload photos
and documents to the server so that they
can share them with other users if the
server has a file upload vulnerability
the attacker can upload the malicious
file to the server's file system if
users can upload the arbitrary file to
the web service operating directory they
can execute the arbitrary code on the
server OS commands may be executed with
functions supported by the web
application language example is shown in
the
subtitle this is called webshell when
you successfully upload a webshell to
the web server you can run OS commands
through the website
浏览更多相关视频
SMT 1-4 Server Side Security (1)
CompTIA Security+ SY0-701 Course - 2.3 Explain Various Types of Vulnerabilities
SMT 1-3 Client Side Security
Cross-Site Scripting Attacks: What You Need to Know Now
CompTIA Security+ SY0-701 Course - 2.4 Analyze Indicators of Malicious Activity. - PART B
37. OCR GCSE (J277) 1.4 Preventing vulnerabilities
5.0 / 5 (0 votes)