Slides of PHPReboot meetup on 13th February, 2016 on Web Application Security.
Video recording of session will also be uploaded. Please check comments of http://www.meetup.com/PHPReboot/events/228005833/ for link of YouTube video of session.
Ansh Systems Pvt. Ltd. 11+ Years experience in Web App Development Twitter: kapilsharmainfo Facebook: kapilsharmainfo Linkedin: kapilsharmainfo github: kapilsharma Blog: blog.kapilsharma.info Slides: speakerdeck.com/ kapilsharma
= "SELECT * FROM user WHERE user_id=" + userId; $sql = 'SELECT * FROM user WHERE user_id=' . $userId; userid = 10 OR 1=1 SELECT * FROM user WHERE user_id = '1' OR 1=1
Authentication & Session Mgmt Custom Auth/Session Mgmt. Password not hashed in database Exposed Session ID (in URL) No Wrong password limit (Brute Force) Allowing weak passwords No session timeout Session Hijacking/Fixation Avoid Remember me
Insecure Direct Object Reference Cross Site Scripting (XSS) Broken Authentication & Session Mgmt Injection Vulnerable if Out of date software Unnecessary services enabled Default Account/PW enabled Security Settings Stack Trace
Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure Direct Object Reference Cross Site Scripting (XSS) Broken Authentication & Session Mgmt Injection Having multiple roles Access Control List
Insecure Direct Object Reference Security Misconfiguration Sensitive Data Exposure Missing Function Level Access Control Cross Site Request Forgery 21 phpreboot.github.io, phpreboot.com Kapil Sharma OWASP Top 10
Top 10 User login to my bank.com Open hacker.site in another tab <h1>Hi innocent user</h1> Check image below <img src=“www.bank.com/transfer? to=hacker&amount =1000&remark=hacked" />
known Vulnerabilities Cross Site Request Forgery (CSRF) Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure Direct Object Reference Cross Site Scripting (XSS) Broken Authentication & Session Mgmt Injection
Cross Site Request Forgery (CSRF) Missing Function Level Access Control Sensitive Data Exposure Security Misconfigur Insecure Direct Obje Cross Site Scripting Broken Authenticatio Injection X.Y.Z Major Minor Patch https://security.sensiolabs.org OWASP Top 10
Top 10 Components with known Vulnerabilities Cross Site Request Forgery (CSRF) Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure Direct Object Reference Cross Site Scripting (XSS) Broken Authentication & Session Mgmt Injection
Top 10 https://example.com/redirect? http://hacker.com http://example.com/boringpage? fwd=admin.php Avoid Redirect & Forward If used, don’t include parameter If included, validate them
Top 10 Components with known Vulnerabilities Cross Site Request Forgery (CSRF) Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure Direct Object Reference Cross Site Scripting (XSS) Broken Authentication & Session Mgmt Injection