Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Do you really want to delete this prezi?
Neither you, nor the coeditors you shared it with will be able to recover it again.
Make your likes visible on Facebook?
You can change this under Settings & Account at any time.
Introduction to Web Vulnerabilities
Transcript of Introduction to Web Vulnerabilities
Why Security Matters
Security is not just the act of defending the technical capacity of an entity to continue to function in the virtual space. Security is a posture, a commitment, a process of making sure that your users are safe, and that your enemies, if you have any, cannot compromise your project and its capacities.
Packet Sniffing/Man In The Middle Attacks
The most simple attacks are not based in breaching site or server security at all, but are based in the routing of traffic, the harvesting of credentials of your users and of monitoring communications. These attacks are ever present. The most simple defense is using SSL, but even this is not a guaranteed defense,
Introduction to Web Vulnerabilities
What We Will Be Discussing
In the space of an hour we cannot review the more complex threats in detail. Rather than discussing the technicalities of exploits we will be focusing on four common vectors of attack (packet sniffing/man-in-the-middle attacks, cross site scripting, SQL injections and Wordpress vulnerabilities), as well as some tools that can be used to test and some techniques for mitigation.
The Threats That Are Primarily Faced In The Web-Space Do Not Come From Advanced Highly Technical Threats. Rather, Most Threats Are Based In Simple And Easy To Mitigate Attacks.
Plugins And Backend Vulnerabilities
Vulnerability Scanning and Research
Cross Site scripting, which has been known by many names in the past, is not so much a specific attack as much as a term that encompasses any number of attacks that may be thrown at a site. In this sort of attack the attacker uses any input vector (modifying cookies, inputing code into the address bar, manipulating forms and so on) on the site to begin injecting code into the site. A website is based in a file structure and series of applications that run on a machine somewhere. The target of the cross-site scripting attack is not the site itself, but the machine, which is used to execute the code. These attacks come in many forms, and can either be persistent or only functional for that specific session.
SQL Injections are a form of attack on any site that has an underlying SQL based database system, which includes sites that use things like MongoDB, CouchDB and so on. In this attack the attacker uses any open field to inject code that one tries to get the underlying system to run. Most SQL Injection based attacks aim at the database itself, and try to force the database to become visible to the attacker, others are based in attempting to create users with administrative privileges that can then be used to comandeer the site.
Many of the vulnerabilities in content management based websites (anything running Wordpress, Drupal and so on) are present as vulnerabilities in the underlying core system and the plugins that users install to increase functionality. These are often coded by programmers that may move on and abandon the project over time, or may be maintained, but not patched or updated by the administrators of the site. Pay attention to news about vulnerabilities in your underlying system and the patching cycle, and make sure your software if updated.
Though the most sophisticated attacks do take time to learn how to execute and understand, most websites are taken over or exploited due to simple to use methods. Many of these methods involve user error (phishing, weak passwords, default passwords), but many others involve simple technical means. With some simple tools you can scan for these more basic vulnerabilities automatically.
Security, like many things in life, are collective endeavors. This is the case with the disclosure of vulnerabilities and the development of countermeasures. In the vulnerability cycle a bug is announced, a patch is created and the users adopt the patch, ideally. This is not often what happens. But, if done correctly, patching is a very effective means of mitigation.
For those that have the time and skill segmentation is a very effective means of protecting information and limiting the scope of any breach. The elements of the site (code base, underlying server system and databases) can be separated from one another either through containerization (Docker and other methods) or through virtualization. This is a somewhat complex and not bulletproof solution, but it raises the cost of an attack.