1 / 16

Evil Code and how to defend against it CSCI 4300

Evil Code and how to defend against it CSCI 4300. http://shiflett.org/php-security.pdf http://phpsec.org/projects/guide/2.html. Defense against form input attacks: data filtering. Dispatch method. Dispatch script example. Spoofed form input. Whitelist Input Verification.

lilike
Download Presentation

Evil Code and how to defend against it CSCI 4300

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Evil Code and how to defend against itCSCI 4300 http://shiflett.org/php-security.pdf http://phpsec.org/projects/guide/2.html

  2. Defense against form input attacks: data filtering

  3. Dispatch method

  4. Dispatch script example

  5. Spoofed form input

  6. Whitelist Input Verification

  7. Whitelist Email address verification

  8. Simple message board

  9. Message Board Attack

  10. Message Board defense • Security tip: use pre-existing PHP functions; they are more efficient and less likely to contain security holes.

  11. Cross-Site Request forgeries • Victim has authenticated to target site T • Evil site E forges a privileged request to T • Forged request succeeds by virtue of victim’s authentication tokens.

  12. Cross-Site Request Forgery example • Target site, stox.com: <input type=text name=stock> <input type=text name=n_shares> <input type=submit> • Evil site, evil-hackers.org <img src=http://stox.com?name=IBM&n_shares=1000000>

  13. CSRF defense: form tokens

  14. Database Credentials • Place db.inc outside of document root, so it cannot be accessed via a URL!

  15. SQL injection attack • <?php //get $uname and $passwd ... mysql_query (“select * from user where uname=‘$uname’ and password=‘$passwd’”) Evil input: Uname = my_uname Passwd= mypassd’; delete from user where ‘a’=‘a’

More Related