Application Security and Vulnerability Analysis

Lecture

• Slides 

Required Reading

• The Tangled Web: Chapter 3: Hypertext Transfer Protocol
• OWASP Top 10
• OWASP Top 10 Tools and Techniques
• Burp Suite - you'll need this for the homework

Lecture

• Slides

Fall 2010

• Web Hacking 101 video

The homework was to checkout the source code for Google Gruyere and get it running. Once you have Python on your system, you can run gruyere.py to start the built-in webserver with the application on it. You may want to quickly build a Linux VM for this. Once you have Gruyere running, identify 3 vulnerabilities in Gruyere and write exploits for them. Most exploits will consist of a script snippet or custom URL. Include a discussion with screenshots of how to use the snippet/URL to exploit Gruyere.

• OWASP AppSec FAQ, OWASP Testing Guide
• Edward Z. Yang - Intro to Web Application Security, MIT IAP 2009
• A Study in Scarlet - Exploiting Common Vulnerabilities in PHP Applications, Shaun Clowes

SQL Injection

• SQL Injection Cheatsheet, Oracle SQL Injection Cheatsheet - Ferruh Mavituna
• Advanced SQL Injection - Chris Anley

Session Management and Authentication

• Do's and Dont's of Client Authentication on the Web
• Robust Defenses to Cross-Site Request Forgery
• Secure Session Management with Cookies for Web Applications

Crypto

• Chris Eng - Cryptography for Penetration Testers (slides)
• Nate Lawson - When Crypto Attacks
• Beware of Finer-Grained Origins

XSS

• Cross Application Scripting and URI Exploitation
• Metasploit's XSS Framework and the Browser Exploitation Framework (BeEF)

HTTP Headers

• Content Security Policy
• Strict Transport Security
• X-Frame-Options
• Do Not Track

Other

• Exposing Private Information by Timing Web Applications
• Neat injection flaws in JSF, Spring, JBoss, Struts with exploit code.