Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Pentesting for Developers

Chris Cornutt
February 07, 2019

Pentesting for Developers

While secure development practices are an important part of keeping your application and its data protected, you also have to prove your defenses are working. Developers are used to things like unit testing and even functional testing but some feel out of their depth when it comes to security testing. Effective security testing, or pentesting, is easier than you might think.

We’ll start by introducing some of the techniques and tools you can use to test your own applications and finish with a contest to see how much you’ve learned.

Chris Cornutt

February 07, 2019
Tweet

More Decks by Chris Cornutt

Other Decks in Technology

Transcript

  1. We’ll Cover… • The most common issues in web application

    security • The top vulnerability types • Tools and techniques …and then the really fun stuff
  2. What this is not • A step-by-step guide into fixing

    the issues we find • A comprehensive listing of everything to test • An assurance that your application is completely secure
  3. Cross-Site Scripting (XSS) • Injection attack • User-supplied content used

    without validation, filtering or escaping • Different contexts: HTML, HTML attributes, Javascript, CSS, XML…
  4. Direct Object Reference • “Security through obscurity” • Magic URLs

    • Inadequate authentication/authorization protection http://mycoolsite.com/user/view/1 http://mycoolsite.com/admin http://mycoolsite.com/debug
  5. Poor Auth Practices • User-controllable functionality • Not universally enforced

    • Plain-text credentials • Poor password policies/reset handling • Federation vs Local
  6. SQL Injection • Bypass controls to execute arbitrary SQL •

    Usually caused by string concatenation • Prepared statements/bound parameters
  7. SQL Injection $sql = ‘select * from users where username

    = “foo” and password = “‘.$password.’” $password = ‘ccornutt’; $password = ‘“” or 1=1; select * from users where username = “foo” and password = “” or 1=1;
  8. Information Exposure • Exposing sensitive information publicly • Error messages

    • Unprotected directories or files in the document root • Public-facing files considered “secret”