Vulnerability Risk Mitigation Part 1

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
8 hours 20 minutes
Difficulty
Advanced
CEU/CPE
9
Video Transcription
00:00
>> Vulnerability Risk Mitigation part 1.
00:00
The learning objectives for this lesson are;
00:00
to differentiate between types
00:00
of web application vulnerabilities,
00:00
to define web application components,
00:00
and to implement protection strategies
00:00
for web applications.
00:00
Let's get started. Web application components.
00:00
Before we can go into any of
00:00
the vulnerabilities and the ways
00:00
we can help remedy those,
00:00
we're going to discuss the different parts
00:00
of web technology
00:00
to help us understand
00:00
the different parts that can become vulnerable.
00:00
The first part we're going to discuss is
00:00
client-side processing versus server-side processing.
00:00
This is a description of where
00:00
the work is being performed.
00:00
Is it being performed on
00:00
the client's machine or
00:00
is it being performed at the server?
00:00
Web apps have begun to shift
00:00
the work away from server-side,
00:00
more towards client-side lately.
00:00
JSON Representational State Transfer or REST.
00:00
This is a text format that's
00:00
used to store and transmit data.
00:00
It's similar to XML, although it's simpler.
00:00
It is a data exchange based on web technologies.
00:00
Simple Object Access Protocol or SOAP.
00:00
This is an interface communication mechanism.
00:00
SOAP is a protocol instead
00:00
of being an architecture like REST.
00:00
SOAP APIs can be exploited by SQL injection.
00:00
Browser Extensions.
00:00
These are adding additional
00:00
functionality to our browsers.
00:00
It's not accessible by the code launched by the browser,
00:00
and plugins can be called by website code.
00:00
These are the add-ons that we add onto
00:00
Chrome or to Firefox that allow us to say,
00:00
HTTPS everywhere forces every website
00:00
that we visit to use HTTPS.
00:00
It may be U-block origin,
00:00
which helps us to block
00:00
malicious content or scripts on websites.
00:00
But all of these add
00:00
additional functionality to our browsers.
00:00
Hypertext Markup Language 5, or HTML5,
00:00
and Asynchronous JavaScript and XML or AJAX.
00:00
These are designed to replace
00:00
the flawed functionality of plugins,
00:00
but they also bring with them their own new problems.
00:00
HTML5 features that you're going to want to
00:00
consider when you're looking to
00:00
secure a web application would be web messaging,
00:00
cross-origin resource sharing,
00:00
WebSockets, server-sent events, local,
00:00
offline or web storage, client-side databases,
00:00
geo-location requests, WebWorders,
00:00
Tabnapping, and Sandboxed Frames.
00:00
Machine code versus bytecode.
00:00
Bytecode represents the intermediary state of
00:00
source code that is created by
00:00
a high-level language when it's compiled.
00:00
It's designed to be
00:00
processed by an interpreter on the target system.
00:00
The interpreter translate the bytecode into machine code.
00:00
Now, machine code is the lowest level of source code
00:00
that the devices on the machine can understand.
00:00
Software composition analysis.
00:00
This is the process where the software will be
00:00
analyzed to see if it
00:00
contains any open source components,
00:00
and that they are themselves secure because
00:00
these open source components that we're including
00:00
with our own software programs,
00:00
they can contain their own vulnerabilities.
00:00
This can be performed manually,
00:00
but it's usually performed with automation tools.
00:00
A good example of one of these tools is
00:00
the OWASP dependency check tool.
00:00
This will scan source code and it will identify
00:00
any publicly known vulnerabilities in
00:00
the code and also the libraries that it's using.
00:00
Web application vulnerabilities.
00:00
The first one we're going to discuss is a race condition.
00:00
This occurs when several processes
00:00
are needed to complete a task.
00:00
The apps can be manipulated by altering
00:00
the assumptions that are made on
00:00
the processes and their outcomes.
00:00
The next is a buffer overflow.
00:00
This is when we fill the temporary memory space up.
00:00
By doing this, a well-designed attack can add
00:00
information to the end of
00:00
the buffer in hopes that it will be executed.
00:00
You could do this to access other parts of
00:00
the system memory and
00:00
also for code insertion and execution.
00:00
The defenses for this would
00:00
include patching, secure coding,
00:00
address space layout randomization or ASLR,
00:00
and data execution protection or DEP.
00:00
Broken authentication.
00:00
This is when an app
00:00
doesn't protect authentication mechanisms,
00:00
it will allow an attacker to
00:00
compromise user sessions or passwords.
00:00
An example would be session identifiers in a URL.
00:00
You've logged onto a website,
00:00
and in the URL, if you look,
00:00
you've got a session ID.
00:00
If we modify that session ID,
00:00
we might be able to take over someone else's session.
00:00
Defenses against this would
00:00
include slowing down failed login attempts,
00:00
server-side session management that creates
00:00
a random session identifier rather than
00:00
one that's easily guessed or follows a pattern,
00:00
and not using session IDs and URLs or session timeouts.
00:00
Insecure references.
00:00
This is a class of vulnerabilities that is
00:00
related to weak access controls.
00:00
An app takes user-supplied input and then uses that to
00:00
give access to areas that
00:00
normally shouldn't be accessible to that user.
00:00
An example of this is having a user ID in the URL,
00:00
similar to the one we just discussed.
00:00
But if you see a customer ID
00:00
or something that uniquely
00:00
identifies that user in the URL,
00:00
chances are you can change that to
00:00
another number and be able to look into
00:00
someone else's profile because
00:00
you're using their user ID now in the URL.
00:00
Weak ciphers and cipher suites.
00:00
Weak ciphers are the individual encryption ciphers
00:00
that are not considered safe for modern use.
00:00
Examples would be DES,
00:00
SHA-1, and MD5.
00:00
Now cipher suites, on the other hand,
00:00
are all the parts together that deliver a total function.
00:00
TLS is an example of
00:00
this because it contains key exchange,
00:00
digital signature, encryption, and hashing capabilities.
00:00
Web application vulnerabilities.
00:00
Improper headers.
00:00
HTTPS response headers control how
00:00
web servers operate to increase their overall security.
00:00
Properly configured headers can prevent
00:00
cross-site request forgeries, cross-site scripting,
00:00
downgrade attacks, cookie hijacking,
00:00
user impersonation, click jacking,
00:00
and many other attacks.
00:00
Certificate errors. This is when
00:00
a certificate is improperly set up on a web server.
00:00
We use certificates because it's
00:00
a critical part of our entire SSL infrastructure.
00:00
Servers have a certificate,
00:00
clients have a certificate,
00:00
and they authenticate with each other.
00:00
But if we don't set up a certificate
00:00
properly on a server,
00:00
it will display an error or to users.
00:00
What this does is it trains users to click
00:00
past the error so they can access the website.
00:00
If users are trained to do that,
00:00
and they received a phishing link that leads them to
00:00
a cloned Microsoft website with a certificate
00:00
that doesn't match Microsoft
00:00
and they just click past it,
00:00
that now they've fallen for it and the error should be
00:00
a warning that this site is not valid.
00:00
So we have to do our part to make sure we set up
00:00
our certificates properly so that we
00:00
don't present users these errors. Let's summarize.
00:00
We went over web application vulnerabilities.
00:00
We discussed race conditions and buffer overflows.
00:00
We also went over web application components
00:00
and software composition analysis.
00:00
Let's do some example questions.
00:00
Question 1, this vulnerability can
00:00
occur when several processes
00:00
are needed to complete a task.
00:00
Race condition. Question 2,
00:00
this occurs when temporary memory space
00:00
is overflowed with the purpose
00:00
of executing additional code or
00:00
reading different areas of system memory.
00:00
Buffer overflow. Question 3, DES, MD5,
00:00
and SHA-1 are examples of this. Weak ciphers.
00:00
Finally question 4, this vulnerability is described by
00:00
weak access controls that allow
00:00
user-supplied input to access areas
00:00
that are normally not accessible.
00:00
Insecure references.
00:00
I hope this lesson was useful for you,
00:00
and I'll see you in the next one.
Up Next