CIT 480: Securing Computer Systems
CIT 480: Securing Computer Systems
Secure Programming
Topics
1. Input-based vulnerabilities 2. Input validation 3. Input entry points 4. Integer overflows 5. Format string attacks 6. The nature of trust
Path Traversal Vulnerabilities
Example web application URL
?
What if URL modified after file= to be?
? getfile.php ? Could threat read application source code?
What if URL modified after file= to be?
? ../../../../../etc/passwd ? Walks up directory tree to get passwd file.
Paths
If attacker controls paths used by program
? Can read files accessible by program. ? Can write files accessible by program.
Vulnerability if access is different than attackers
? Privileged (SETUID) local programs. ? Remote server applications, including web.
Directory traversal
? Use "../../.." to climb out of application's directory and access files.
Canonicalization
How to make correct access control decisions when there are many names?
? config ? ./config ? /etc/program/config ? ../program/config ? /tmp/../etc/program/config
Canonical Name: standard form of a name
? Generally simplest form. ? Canonicalize name then apply access control. ? Use realpath() in C to canonicalize.
Common Naming Issues
? . represents current directory ? .. represents previous directory ? Case sensitivity ? Windows allows both / and \ in URLs. ? Windows 8.3 representation of long names
? Two names for each file for backwards compat.
? Trailing dot in DNS names
? nku.edu. == nku.edu
? URL encoding
Win/Apache Directory Traversal
Found in Apache 2.0.39 and earlier.
To view the file winnt\win.ini, use: 2e%5c%2e%2e%5c%2e%2e%5cwinnt%5cwin.i ni
which is the escaped form of \..\..\..\..\winnt\win.ini
Command Injection
Find program that invokes a subshell command with user input
Shell: every command with user input Perl: system(), ``, open() Ruby: system(), ``, %x{}, IO.popen(), etc. Python: os.system(), os.popen(), etc.
Attack uses shell meta-characters to insert user-defined code into the command.
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- cse127 introductionto security university of california
- cs 161 computer security prof david wagner
- web security computer security csc 405 kapravelos
- swe 781 secure software design and programming
- owasp path traversal cheat sheet
- dotdotpwn root me
- dumb web server ca
- s21 secure coding standards and procedures
- arbitrary file read to rce
- wordcamp uk 2014 how to secure your wordpress website
Related searches
- introduction to computer systems pdf
- computer systems manager job description
- computer systems analyst skills
- computer systems analyst certification
- computer systems analyst
- computer systems 3rd pdf
- types of computer systems pdf
- what computer systems are there
- computer systems analyst indeed
- computer systems analysts information
- computer systems analyst jobs
- computer systems analyst requirements