Computing | Computer Security | Linux Security | Industrial Control Systems Security | Penetration Testing | Exploitation | Social Engineering | Metasploit | encryption | IDS/IPS | HoneyPots | Securing Web/Apps

Securing Web Applications and Softwares

Denial of Service

DOS attacks are attacks on the availability of a service.

Type of Attacks

• DHCP
  DHCP use DORA (Demand - Offer - Request - Acknowledgement)
  'D'-Flood: Technique & DHCP STARV: Tool
• Network
  • The idea here is to destroy commnication on the network
  • Most networks are switched
  • which have CAM-Table (mapping IP:MAC)
  • if the CAM is filled then the switch degrades to a HUB
  • So the trick here is to fill this table and then BAM!

  • 
       # = N
       OLD = 8 (normal bandwidth consumption, for example 8)
                8
       NEW =(N)^
    
       

  • Tool:

    
       macof -i eth1
       

  • Mitigation by implementing port security on the switch
• Webserver
  • Connection Threshold
  • Bandwidth Congestion
• Individual Machine Attack - Tool: LOIC

Connection Threshold

On a TCP/IP connection handshake, attackers can attack on the Open State (Time between Sync and Ack(

One mititgation state is to reduce the Open State wait time (usually 4s). However the attacker can send Sync packets at a rate greater than the rate the servers drops the packets. We can use hping3

 hping3 server.address -S -a spoofed.address --flood

 option -S (enable sync flag) -a to spoof addresss.

Bandwidth Congestion - DDOS

Distributed Denial of Service - Practically you need a Botnet (such as PRO-RAT)

        |||||||||||||||||
        VVVVVVVVVVVVVVVVV
        -----------------
         Buffer Space
        -----------------
              ||
        -----------------
           Webserver
        -----------------

Web-Application Vulnerabilities

https://www.owasp.org/ OWASP - Open Wen App. Security Project

Top Vulnerabilities

• Sequel Injection
• Cross Site Scripting
• Buffer Overflow

Sequel Injection

Hackers are interested in getting user names and passwords but this is not easy. Typically they need to find some zero day Vulnerabilities in either the firewall, database or both.

A better way is to inject SQL queries directly into the database:

  SELECT * FROM WHERE COL NAME = PASSWORD

  1'or'1'='1

  

One good defense to this type of attack is:

• Validate Characters
• Ensure Length of Query is Limited

Cross Site Scripting Attacks

The Vulnerabilities provides the attacker the ability to induce his source code into the source code of the web application.

<script>alert(xss);</script>

If the Vulnerability is found

• Redirect Users
• Cookie Stealing
• Session Hijacking
• Cookie Manager
• Website Defacement

Defense

• Encrypted Session ID

Buffer Overflows

• IDA Pro
• You need to Understand Stacks

Sources and Links

• infosec institute
• Cisco Mitigator
• Defeating DDOS Attacks

http:///wiki/?securingwebapps

01dec16

admin

---

Replies

• <admin 30nov16 00:45>