中央大学电子计算机中心多媒体与网路应用资讯推广课程.ppt

《中央大学电子计算机中心多媒体与网路应用资讯推广课程.ppt》由会员分享，可在线阅读，更多相关《中央大学电子计算机中心多媒体与网路应用资讯推广课程.ppt（53页珍藏版）》请在淘文阁 - 分享文档赚钱的网站上搜索。

1、中央大学电子计算机中心多媒体与网路应用资讯推广课程 Still waters run deep.流静水深流静水深,人静心深人静心深 Where there is life,there is hope。有生命必有希望。有生命必有希望Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session2Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session3不要做不要做壞事！壞事！4不要被不要被抓到！抓到！5不要被不要被抓到！抓到！6不要說我教的不要說我教的7Agenda嘴砲OWSAP Top 10SQL injecti

2、onXSScookie&session8網頁安全？早年 vs 現代靜態 vs 動態有程式 就有漏洞!9ways to attackOSweb serverweb application10attack scenariosattack web server gain privilege steal informations to attack usersattack other user steal informations execute other attacksmay be composite11Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&sess

3、ion1213OWASP Top 10-2010A1:InjectionA2:Cross-Site Scripting(XSS)A3:Broken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF)14OWASP Top 10-2010A6:Security MisconfigurationA7:Insecure Cryptographic StorageA8:Failure to Restrict URL AccessA9:In

4、sufficient Transport Layer ProtectionA10:Unvalidated Redirects and Forwards15OWASP Top 10-2010A1:InjectionA2:Cross-Site Scripting(XSS)A3:Broken Authentication and Session ManagementA4:Insecure Direct Object ReferencesA5:Cross-Site Request Forgery(CSRF)16OWASP Top 10-2010A6:Security MisconfigurationA

5、7:Insecure Cryptographic StorageA8:Failure to Restrict URL AccessA9:Insufficient Transport Layer ProtectionA10:Unvalidated Redirects and Forwards17Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session18Injections駭客的填空遊戲where can attacker inject?database(MySQL,MS SQL,PostgreSQL.)no-sql Directory Service

6、(LDAP)system command!19how SQL works in weblogin page for exampleclientweb serversql serverrequest whitid and pwdselect from account where id=id and pwd=pwdreturn result return login success/failed20Why SQL?廣大使用儲存大量的網站資料injection friendly21how injections work?以MySQL為例子$query=“select from account whe

7、re id=$id and pwd=$pwd$id=or 1=1-select from account where id=-.22attack skillsunionblind attack23影響資料被偷/被改獲得網站權限整個網站被拿下#24how to defensesafe API過濾逃脫字元 不要直接把使用者輸入加入query找程式掃描弱點25Practice26Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session27XSSCross Site Scripting在別人的網站上寫程式！28background knowledgeHTTP

8、 GETHTTP POST29how to attackattack using POST/GETthe“scripting”in the serverstrange url30how to attackjavascript/31example http:/ Orange”)32what may happened?take you to bad sitesend your information to attackerJust For Fun!33Just For Fun SamyMySpace XSS attackSamy is my hero!Infection34Big Site als

9、o XSSableMySpaceFacebooktwitterPlurk.35how to defensefor server該逃的還是要逃找程式掃描弱點for user看到奇怪連結要警覺瀏覽器/防毒軟體36practice37Agenda嘴砲OWSAP Top 10SQL injectionXSScookie&session38background knowledgecookiesessionA cookie is a piece of text stored by a users web browser.A cookie can be used for authentication,sto

10、ring site preferences,shopping cart contents,the identifier for a server-based session,or anything else that can be accomplished through storing text data.The session information is stored on the web server using the session identifier(session ID)generated as a result of the first(sometimes the firs

11、t authenticated)request from the end user running a web browser.The storage of session IDs and the associated session data(user name,account number,etc.)on the web server is accomplished using a variety of techniques including,but not limited to:local memory,flat files,and databases.394041如果偷到了cooki

12、e可以.42how to steal it?4344把cookie送到雲端!用GET/POST方式讓網頁把cookie送走/ex:.join(sever side is simplejust keep the cookie45哪個白痴會點這鬼連結http:/ ( (ex:iframe長寬設0或1)ugly url EVERY WHEREhttps:/ agent/header綁IP*不要被攻擊成功*48鎖定user agent/header if(isset($_SESSIONHTTP_USER_AGENT)if($_SESSIONHTTP_USER_AGENT!=md5($_SERVERHTTP_USER_AGENT)exit();else$_SESSIONHTTP_USER_AGENT=md5($_SERVERHTTP_USER_AGENT);但是.當你偷的到cookie 會拿不到header嗎?49Practice50Q&A?51end52Reference53http:/www.owasp.org/http:/en.wikipedia.org/http:/goo.gl/cA3ahttp:/goo.gl/IwGbXhttp:/goo.gl/uQ4I1