Web Form Hacking and Hijacking - PowerPoint PPT Presentation

1 / 11

About This Presentation

Title:

Web Form Hacking and Hijacking

Description:

Web Form Hacking and Hijacking A presentation by Nathan Kammerzell Overview Why are people doing this? Phishing scams Email injection Protecting Forms Email CAPTCHA ... – PowerPoint PPT presentation

Number of Views:227

Avg rating:3.0/5.0

Slides: 12

Provided by: kamm1

Category:

Tags: captcha | form | hacking | hijacking | web

Transcript and Presenter's Notes

Title: Web Form Hacking and Hijacking

1
Web Form Hacking and Hijacking

A presentation by
Nathan Kammerzell

2
Overview

Why are people doing this?
Phishing scams
Email injection
Protecting Forms
Email
CAPTCHA
General

3
Why?

Because they can
Personal information
Business information
Spam
Spam Cartel
MONEY!

4
Phishing Scams

Social Engineering tactic
Goal Acquire passwords and other sensitive info.
Similarly named website, identical content
www.paypal.com or www.paypai.com?
www.ebay.com_at_members.tripod.com

5
Email Injection

Inject information into emails
Goal Using innocent sites for evil purposes
(spam)
How they find you Spiders get email address or
web form URL from the internet.

6
Injection (continued)

A little tweaking and the bot is ready to roll
The Headers
Bcc (list of spam victims)
Subject line, body content, etc. easily
inserted.
Intended recipient gets garbage. Email logs
reveal more information
Example of receipt -gt

7

Content-Type multipart/mixed
boundary"1588588624"
MIME-Version 1.0 Subject 40d7e77 To
_at_.com From somejerk_at_aol.com
This is a multi-part message in MIME format.
--1588588624 Content-Type
text/plain charset"us-ascii" MIME-Version
1.0 Content-Transfer-Encoding 7bit yyo
--1588588624--
subjectejrkjfkn_at_nowhere.com --/snip--

8
Protecting Forms Email Injection

Email Script Parsing
Pre-filled information in your header can be
changed by injection.
Important characters to filter , \n, \r

(I dont get it)
9
Protecting Forms CAPTCHA

CAPTCHA (Completely Automated Public Turing test
to tell Computers and Humans Apart
Gimpy, EZGimpy, - CMU
Dictionary, 1 7 words, distorted
BaffleText - PARC
Nonsense, color -gt B/W -gt repeat
The Downside
Bad for the visually impaired
audio CAPTCHAs in development

10
Protecting Forms - General

robots.txt
User-agent
Disallow /ltpage.htmlgt
Client-side Redirection
meta tag
Thresholds and Timeouts
many, many more defenses!

11
Sources

http//palisade.paladion.net misc., internet
security articles
http//anders.com article Form Post Hijacking
http//www.webappsec.org/whitepapers.shtml -
misc. articles on internet security

Write a Comment

User Comments (0)

About PowerShow.com

Recommended Relevance Latest Highest Rated Most Viewed

Sort by:

Related More from user

CrystalGraphics Presentations

World's Best PowerPoint Templates PowerPoint PPT Presentation

World's Best PowerPoint Templates - CrystalGraphics offers more PowerPoint templates than anyone else in the world, with over 4 million to choose from. Winner of the Standing Ovation Award for “Best PowerPoint Templates” from Presentations Magazine. They'll give your presentations a professional, memorable appearance - the kind of sophisticated look that today's audiences expect. Boasting an impressive range of designs, they will support your presentations with inspiring background photos or videos that support your themes, set the right mood, enhance your credibility and inspire your audiences.

CrystalGraphics 3D Character Slides for PowerPoint PowerPoint PPT Presentation

CrystalGraphics 3D Character Slides for PowerPoint - CrystalGraphics 3D Character Slides for PowerPoint

Chart and Diagram Slides for PowerPoint PowerPoint PPT Presentation

Chart and Diagram Slides for PowerPoint - Beautifully designed chart and diagram s for PowerPoint with visually stunning graphics and animation effects. Our new CrystalGraphics Chart and Diagram Slides for PowerPoint is a collection of over 1000 impressively designed data-driven chart and editable diagram s guaranteed to impress any audience. They are all artistically enhanced with visually stunning color, shadow and lighting effects. Many of them are also animated. And they’re ready for you to use in your PowerPoint presentations the moment you need them. – PowerPoint PPT presentation

Related Presentations

Ethical Hacking Penetrating Web 2'0 Security PowerPoint PPT Presentation

Ethical Hacking Penetrating Web 2'0 Security - Almost every Web site with a login is vulnerable. Layer 7 Denial of Service ... One client posts active content, with script tags or other programming content ... | PowerPoint PPT presentation | free to view

HACKNOTES - Web Security PowerPoint PPT Presentation

HACKNOTES - Web Security - Title: PowerPoint Presentation Last modified by: Administrator Created Date: 1/1/1601 12:00:00 AM Document presentation format: Other titles | PowerPoint PPT presentation | free to view

Ethical Hacking for Educators PowerPoint PPT Presentation

Ethical Hacking for Educators - Draper builds a 'blue box' used with whistle allows phreaks to make free calls. ... Software, KPMG, Fleet International, Cingular Wireless, Columbia Daily Tribune, ... | PowerPoint PPT presentation | free to view

Web Hacking PowerPoint PPT Presentation

Web Hacking - Chapter 12 Web Hacking Revised 5-1-09 Web-Crawling Tools wget is a simple command-line tool to download a page, and can be used in scripts Available for Linux and ... | PowerPoint PPT presentation | free to view

Secure Web Site Design PowerPoint PPT Presentation

Secure Web Site Design - New code written for every web site. Written in: C, PHP, Perl, Python, ... MySpace.com ensures HTML contains no script , body , onclick, a href=javascript: ... | PowerPoint PPT presentation | free to view

Web Hacking PowerPoint PPT Presentation

Web Hacking - Some of the most devastating Internet worms have historically exploited these ... Burp Suite. Proxy, Repeater, Sequencer, Spider, Intruder ... | PowerPoint PPT presentation | free to view

Hard Problems in Automated Penetration Testing PowerPoint PPT Presentation

Hard Problems in Automated Penetration Testing - ... trend away from hacking for fame toward hacking for fortune... Most of the patient information can be accessed by hacking through the web applications. ... | PowerPoint PPT presentation | free to view

Web Application Security Vulnerabilities PowerPoint PPT Presentation

Web Application Security Vulnerabilities - National Chi Nan University. Puli, 545 Nantou, Taiwan. ycchen@ncnu.edu.tw ... user's session token, attack the local machine, or spoof content to fool the user. ... | PowerPoint PPT presentation | free to view

Securing Web Applications PowerPoint PPT Presentation

Securing Web Applications - Min Song IS/CS698 Application Security Applications are part of your security perimeter. Application Security Attackers won t attack your firewall. | PowerPoint PPT presentation | free to view

Web Application Security PowerPoint PPT Presentation

Web Application Security - Qwest Glitch exposes customer data -Securityfocus.com. May 23, 2002. Hackers attack ... The application sends data to the client using a hidden field in a form. ... | PowerPoint PPT presentation | free to view

Hardening web applications against malware attacks PowerPoint PPT Presentation

Hardening web applications against malware attacks - Hardening web applications against malware attacks. Erwin Geirnaert. OWASP BE Board Member. ZION SECURITY. erwin.geirnaert@zionsecurity.com +3216297922 | PowerPoint PPT presentation | free to view

$The Fundamentals of Hacking: An 0\/3r\/!3vv PowerPoint PPT Presentation$

The Fundamentals of Hacking: An 0\/3r\/!3vv - This could be used to bypass the access control restrictions. How To Use FTP Bounce ... at that site is available on port 8080, a port normally blocked by a firewall. ... | PowerPoint PPT presentation | free to view

Designing Secure Web Applications PowerPoint PPT Presentation

Designing Secure Web Applications - Newsgroup or message board postings. Designing Secure Web Applications. 36 ... Feedback, reviews, message boards, etc. Error messages that quote user input ... | PowerPoint PPT presentation | free to view

What Is Cryptojacking And How To Prevent It? PowerPoint PPT Presentation

What Is Cryptojacking And How To Prevent It? - Cryptojacking is a form of cyber attack in which a hacker hijacks a target's processing power in order to mine cryptocurrency on the hacker's behalf. For more information, you can visit us at www.bitex.global | PowerPoint PPT presentation | free to view

Best Ethical Hacking Course PowerPoint PPT Presentation

Best Ethical Hacking Course - Many of the companies even they are recruiting the certified hacker in their association which becomes routine nowadays.People who are seeking about to know on ethical hacking can follow the sessions by our instructors. You can learn more about the hacking techniques from these given below categories. | PowerPoint PPT presentation | free to view

The Nitty Gritty of Website Security PowerPoint PPT Presentation

The Nitty Gritty of Website Security - Website security is geared towards ensuring the security of websites and web applications and preventing and/or responding effectively to cyber threats. | PowerPoint PPT presentation | free to view

ITT Certified Ethical Hacker Certification Study Group PowerPoint PPT Presentation

ITT Certified Ethical Hacker Certification Study Group - ITT Certified Ethical Hacker Certification Study Group Wk 4 -DoS, Session Hijacking, and Hacking Webservers (Chapters 7 & 8 of CEH Study Guide) CEH Study Group ... | PowerPoint PPT presentation | free to view

$The Fundamentals of Hacking: An 0\/3r\/!3vv PowerPoint PPT Presentation$

The Fundamentals of Hacking: An 0\/3r\/!3vv - The Fundamentals of Hacking: An 0\/3r\/!3vv Jen Johnson Miria Grunick Five Phases of an Attack Phase 1: Reconnaissance Phase 2: Scanning Phase 3: Gaining Access Phase ... | PowerPoint PPT presentation | free to view

Web Security PowerPoint PPT Presentation

Web Security - Web Security Dr. Department of Computer Science and Information Engineering, National Central University * | PowerPoint PPT presentation | free to view

Website Defacement & Domain Hijacking on the Rise: Cloud Security Threat – State of the Internet PowerPoint PPT Presentation

Website Defacement & Domain Hijacking on the Rise: Cloud Security Threat – State of the Internet - In today’s business climate, your website is your brand, your public face and your business platform. Now imagine if attackers were to hijack your website and replace your content with something offensive, illegal, inflammatory or embarrassing. Website defacement, where attackers replace your website’s content so users see what the attackers want, can be devastating for your business. And these types of attacks are on the rise. Read this short article to learn more about this cloud security threat and then get all the details in the full Q1 2015 State of the Internet Security Report at http://bit.ly/1KfWTrG | PowerPoint PPT presentation | free to view

Web Application Security PowerPoint PPT Presentation

Web Application Security - Number of Hacks. 4. The Problem is Real ... 75% of hacks occur at the Application level (Gartner) ... Types of Application Hacks. 9. Hidden Field Manipulation ... | PowerPoint PPT presentation | free to view

HACKNOTES Web Security PowerPoint PPT Presentation

HACKNOTES Web Security - Information Networking Security and Assurance Lab. National Chung Cheng ... request doesn't receive administrator right, then user impersonation still works, ... | PowerPoint PPT presentation | free to view

Web Application Security PowerPoint PPT Presentation

Web Application Security - Pick pages for indexing early on, designate them as public, give them their own subdirectory ... 'But I'm an artist, and code is my canvas! ... | PowerPoint PPT presentation | free to view

Web Security PowerPoint PPT Presentation

Web Security - Web Security Adam C. Champion and Dong Xuan CSE 4471: Information Security Summary Web based on plaintext HTTP protocol (stateless) Web security threats include ... | PowerPoint PPT presentation | free to view

Ethical Hacking PowerPoint PPT Presentation

Ethical Hacking - Ethical Hacking Keith Brooks CIO and Director of Services Vanessa Brooks, Inc. Twitter/Skype: lotusevangelist keith@vanessabrooks.com Adapted from Zephyr Gauray s ... | PowerPoint PPT presentation | free to view

Secure Web Site Design PowerPoint PPT Presentation

Secure Web Site Design - ... Imperva Kavado Interdo F5 TrafficShield Citrix NetScaler CheckPoint Web Intelligence Our focus: web app code Common web-site attacks: Denial of Service: ... | PowerPoint PPT presentation | free to view

Lesson 17-Web Components PowerPoint PPT Presentation

Lesson 17-Web Components - Lesson 17-Web Components Background The World Wide Web was invented in 1990 by Tim Berners-Lee to give physicists a convenient method of exchanging information. | PowerPoint PPT presentation | free to view