security – Page 2 – Simon Says «0»

A8 2017 – Insecure Deserlization

The serialization is the process of turning some objects into a data format that can be restored later. For example, you have a forum, online shop or any other web site and you have to send objects between different parts of this site. So, during the serialization you transform an object to a byte stream, so it was in a right form to traverse around HTTP traffic or send to be stored in database.

So, the deserialization is the exact opposite process in which we take structured data from some format and rebuild it to an object.

Most poplar thing today is JSON (JavaScript Object Notation), while recently it was XML, which we discussed in A4.

So, what can go wrong, why is that a problem?
a8-1

Continue reading “A8 2017 – Insecure Deserlization”

A7 2017 – XSS (part 2)

Every public speech I make, every lecture I present, I always start with a demo. I know there are highly trained professionals out there with outstanding public speaking and presentation skills who write articles and books about art of public speaking. But I guess for most of us it’s more about finding our own way of speaking to audience.

I start with a demo because I think it makes people more involved. And demos of setting some system up or pentesting with visual results are always entertaining and eye-catching for everybody in the room.

So, when it comes to a demo of XSS there’s no better example than use BeEF.

a7-11

No, not that one. BeEF as Browser Exploitation Framework

Continue reading “A7 2017 – XSS (part 2)”

A7 2017 – XSS (Part 1)

Most of the time scripts come from other places than web site itself. These scripts are allowed to operate on the page and usually there’s some mechanism in place to control their behavior. You can think of it as a sand box – each web site runs pretty much independently. This also means that one site opened in a tab of browser isn’t allowed to access data from another site in a tab next to it. So, in theory Cross-Site Script (or XSS) is basically a violation of this principle. And it’s much worse in practice. a7-1

Continue reading “A7 2017 – XSS (Part 1)”

A6 2017 – Security Misconfiguration

Security misconfiguration is a blanket term for a broad specter of vulnerabilities. We won’t look at specific examples today. I want to draw some scenarios that you might find interesting, so you can avoid them.

Continue reading “A6 2017 – Security Misconfiguration”

Gone phishing

Alright then, we’re half way through OWASP 10 and I would like to take a break. Let’s talk about different kinds of pentest. What if I tell you that you can penteset … a person? Wait, what? Let’s take a look.

Continue reading “Gone phishing”

A1: 2017 – Injections (Part 1)

The vulnerability description is one thing, but trying to find a vulnerability and deal with it is a whole different matter. There are dozens, if not hundreds, special deliberately vulnerable web applications. If you search for “Purposely Vulnerable App» in you favorite search engine, you will find more than a dozen links.
In the following series of articles we will learn about vulnerabilities in OWASP Top 10, and as a polygon I will also use such deliberately vulnerable application. In my case it will be OWASP Mutillidae II. It’s not the best option out there, but the vulnerabilities are structured exactly as we need for educational purposes. Plus I’m very used to it.

Continue reading “A1: 2017 – Injections (Part 1)”

OWASP

HTTP for the win!

About 10 years ago a very observant man formulated a new mantra – HTTP Is new TCP. Say what? Of course, not in the sense that the man decided to put HTTP to the transport level. No way! The key here is that in modern communications HTTP performs the same function as TCP on its level in vast majority of modern applications, including mobile apps, that use HTTP as a transport. And with rise of HTTP 2.0 this situation will not change in nearest future. The protocol has become a content delivery standard de facto, and HTTP is no longer viewed as a web protocol.

Continue reading “OWASP”

Daughter of Typhon and Echidna

One of Us
So you’ve forgot your password. Congratulations! There’s nothing wrong with it and it happens way more often than you think. Of course, you could take care of everything in advance and set up one of the password managers so it could do everything for you, but you’re too busy for this, right?

I use Lastpass for many years now, but regularly I have to create temporary passwords for lab virtual machines, lab routers or even applications that I do not plan to use later anyway.

Well, it looks like we don’t have a choice here – let’s guess or simply crack our own password.

Continue reading “Daughter of Typhon and Echidna”

What is CISSP, how to get it, not to lose and why nobody needs it

So
It is an exaggeration to say that my road to CISSP began when I decided to study Cyber Security at my local University. People at the age of 17 are generally very bad at planning their lives, especially when it comes to some new professions.

In fact, the decision to obtain CISSP was taken in 2017, when it became obvious that professional certificates of major vendors have finally ceased to fulfill their main function – to confirm the knowledge and experience of specialists. I have no idea whom to blame – online collections of dumps, the general level of questions in the tests, unscrupulous test centers and a lot of other factors.

Continue reading “What is CISSP, how to get it, not to lose and why nobody needs it”