Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting for Developers

Chris Cornutt
February 07, 2019
Technology
0
100

Pentesting for Developers

While secure development practices are an important part of keeping your application and its data protected, you also have to prove your defenses are working. Developers are used to things like unit testing and even functional testing but some feel out of their depth when it comes to security testing. Effective security testing, or pentesting, is easier than you might think.

We’ll start by introducing some of the techniques and tools you can use to test your own applications and finish with a contest to see how much you’ve learned.

Chris Cornutt

February 07, 2019
Tweet

More Decks by Chris Cornutt

See All by Chris Cornutt
Securing Legacy Applications
ccornutt
0
94
Securing Legacy Applications - Longhorn PHP 2018
ccornutt
1
150
Pieces of Auth
ccornutt
0
290
Securing Legacy Applications
ccornutt
0
360
Build Security In
ccornutt
0
170
Introduction to Slim 3
ccornutt
0
150
Securing Legacy Applications
ccornutt
0
32
PHP Security, Redfined
ccornutt
0
240
PHP Security Bootcamp
ccornutt
2
230

Other Decks in Technology

See All in Technology
ServiceNow Knowledge 24の歩き方 EYストラテジー・アンド・コンサルティング
manarobot
0
200
エンジニアのキャリアをちょっと楽しくする3本の軸/Three Pillars to Make an Engineer's Career More Enjoyable
kwappa
0
2.7k
DMM.com アルファ室採用案内資料
hsugita
1
150
APIファーストなプロダクトマネジメントの実践 〜SaaSus Platformでの例〜 / "Practicing API-First Product Management - An Example with SaaSus Platform
oztick139
0
110
アクセス制御にまつわる改善 / Improving access control
itkq
0
540
LLM開発・活用の舞台裏@2024.04.25
yushin_n
1
310
TechFeed Experts Night#27 〜 フロントエンドフレームワーク最前線 (Svelte)
baseballyama
1
520
プロンプトエンジニアリングでがんばらない-Agentic Workflow へ-近藤憲児
kenjikondobai
2
720
Postman v10リリース後を振り返る / Looking back at Postman v10 after release
yokawasa
1
160
Java EE/Jakarta EEの現状と将来 ―クラウドネイティブ時代にJava EEは対応できるのか?―
takakiyo
1
160
Delivering Millions of Messages within seconds @ Duolingo
pelelgrino
0
350
アクセシビリティを考慮したUI/CSSフレームワーク・ライブラリ選定
yajihum
2
1k

Featured

See All Featured
The Brand Is Dead. Long Live the Brand.
mthomps
49
29k
Infographics Made Easy
chrislema
238
18k
4 Signs Your Business is Dying
shpigford
175
21k
Typedesign – Prime Four
hannesfritz
36
2.1k
Clear Off the Table
cherdarchuk
84
310k
Making Projects Easy
brettharned
108
5.5k
Faster Mobile Websites
deanohume
299
30k
How GitHub Uses GitHub to Build GitHub
holman
468
290k
Code Reviewing Like a Champion
maltzj
514
39k
BBQ
matthewcrist
80
8.8k
GraphQLとの向き合い方2022年版
quramy
32
12k
Designing the Hi-DPI Web
ddemaree
276
33k

Transcript

  1. PENTESTING FOR DEVELOPERS Chris Cornutt - Sunshine PHP 2019 for

    setup: http://signup.capturetf.com
  2. None

  3. We’ll Cover… • The most common issues in web application

    security • The top vulnerability types • Tools and techniques …and then the really fun stuff

  4. What this is not • A step-by-step guide into fixing

    the issues we find • A comprehensive listing of everything to test • An assurance that your application is completely secure

  5. Setup Time Do you have your environment yet? http://signup.capturetf.com

  6. Cross-Site Scripting

  7. Cross-Site Scripting (XSS) • Injection attack • User-supplied content used

    without validation, filtering or escaping • Different contexts: HTML, HTML attributes, Javascript, CSS, XML…

  8. Cross-Site Scripting (XSS) http://mycoolsite.com?user=user1 http://mycoolsite.com?user=<script>alert(1)</script> <?php echo $_GET[‘user’]; ?>

  9. Direct Object Reference

  10. Direct Object Reference • “Security through obscurity” • Magic URLs

    • Inadequate authentication/authorization protection http://mycoolsite.com/user/view/1 http://mycoolsite.com/admin http://mycoolsite.com/debug

  11. Poor Auth Practices

  12. Poor Auth Practices • User-controllable functionality • Not universally enforced

    • Plain-text credentials • Poor password policies/reset handling • Federation vs Local

  13. SQL Injection

  14. SQL Injection • Bypass controls to execute arbitrary SQL •

    Usually caused by string concatenation • Prepared statements/bound parameters

  15. SQL Injection $sql = ‘select * from users where username

    = “foo” and password = “‘.$password.’” $password = ‘ccornutt’; $password = ‘“” or 1=1; select * from users where username = “foo” and password = “” or 1=1;

  16. Information Exposure

  17. Information Exposure • Exposing sensitive information publicly • Error messages

    • Unprotected directories or files in the document root • Public-facing files considered “secret”

  18. Let’s get hacking… uh, I mean, testing!

  19. Challenge #1

  20. Challenge #1 Hints Hidden data Authorization Encryption

  21. Challenge #2

  22. Challenge #2 Hints Public Information Poor Auth Handling Obscurity

  23. Challenge #3

  24. Challenge #3 Hints Filter User input

  25. Challenge #4

  26. Challenge #4 Hints Poor Authentication Handling Default credentials

  27. Challenge #5

  28. Challenge #5 Hints User Input Serialization

  29. Challenge #6

  30. Challenge #6 Hints User Input SQL Injection

  31. Challenge #7

  32. [email protected] @enygma

  33. Thanks! @enygma @securingphp https://websec.io [email protected]