tag:blogger.com,1999:blog-74264025571825262402024-03-13T13:16:15.123-07:00Yossi YakubovThe Art Of Application SecurityYossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.comBlogger19125tag:blogger.com,1999:blog-7426402557182526240.post-35337805994888002752014-02-10T01:47:00.001-08:002014-02-10T01:47:13.307-08:00Web Application Scanners benchmark - 2014<p>The *NEW* 2013/2014 WAVSEP benchmark was published: *63* web application scanners competing in 12 categories - by Shay Chen.</p>For more info: <a href="http://sectooladdict.blogspot.co.il/2014/02/wavsep-web-application-scanner.html" target="_blank">http://sectooladdict.blogspot.co.il/2014/02/wavsep-web-application-scanner.html</a>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com1tag:blogger.com,1999:blog-7426402557182526240.post-60785967638912187312012-03-22T02:33:00.003-07:002012-03-22T02:44:11.987-07:00Web Application Scanners benchmark<p>As a security expert i was looking for web application security scanners benchmark. One day, during beer night with my friend Shay Chen(another security expert :-)), i asked him if he knows about such research and he told me that he is planning to publish such kind of benchmark very soon.<br/>
It was worthwhile to wait for his comprehensive benchmark of web application scanners that can be found here <a href="http://www.sectoolmarket.com" target="_blank">http://www.sectoolmarket.com</a></p>
<p>
The following comparisons are covered in this benchmark:<br/>
<li>List of Tested Scanners</li>
<li>General Features Comparison</li>
<li>Audit Features Comparison</li>
<li>Complimentary Features Comparison</li>
<li>Input Vector Support</li>
<li>Coverage Features Comparison</li>
<li>Authentication Features Comparison</li>
<li>SQLi Detection Accuracy</li>
<li>RXSS Detection Accuracy</li>
</p>
<p>
It is obvious that such benchmark that indicates the advantages/disadvantages of each scanner, can help the security community to choose the appropriate scanner according to their needs.<br/>
Good work Shay!</p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-26118730853656923792011-09-14T14:35:00.000-07:002011-09-18T14:45:11.806-07:00How to bypass token protection against CSRF in HTML 5<p>This article would explain how it is possible to bypass token based protection against CSRF attacks as a result of improper usage of HTML 5 XDR/COR mechanism.</p>
<p>
As we all know, today popular browsers implement the <b>SOP</b> (Same Origin Policy) mechanism in order to prevent from sites to access and get other sites' content via Javascript. However, there are sometimes business needs which require such cross domain access and technologies such as flash and silverlight already have implemented the well known crossdomain.xml file which defines a list of allowed sites that can access a site. </p>
<p>
HTML5 brings us a similar mechanism the <b>XDR</b> (Cross Domain Request) also known as <b>COR</b> (Cross Origin Request).
This mechanism allows a website to be accessible by foreign websites via Ajax calls. In contrary to flash/silverlight, XDR works on a per-page access control model. Every page that is supposed to be accessed by foreign sites, should respond with the ‘Access-Control-Allow-Origin' header in the HTTP Response header and specify a white list of websites that are allowed to access its content.
</p>
<p>
The big security concern is that programmers would set the <b>Access-Control-Allow-Origin</b> with the wildcard '*', which means that all websites are allowed to access the pages which contains such definition via ajax calls.
<br/>
Example: <b>Response.AddHeader("Access-Control-Allow-Origin", "*");</b>
<br/>
<p>
Such bad coding practice will allow every website on the internet to access and get the <u>content</u> of the page that contains such definition via javascript (ajax call).
<br/>
But there is another big security issue: well known token based protection against CSRF attacks could be easily bypassed. In case of page that inserts/updates/deletes data in the database and implements the famous token based protection against CSRF attacks and also allows access to foreign sites, the attacker can steal the csrf protection token by sending two ajax requests as described in the following steps:
</p>
1. The victim is logged-in to application <b>A</b> and simultaniously accesses attacker's site<b>B</b>. <br/>
2. Attacker's page B sends and ajax request to the page on site A (which contains Access-Control-Allow-Origin:* definition and by that allows cross domain access) and <b>gets the csrf token from the response!</b><br/>
3. Finally, attacker's page B sends a request to the page from site A with the token that the server of site A expects to get.<br/>
In such way the attacker will bypass the protection against CSRF attack and send a valid request with a valid token to the server of site A which will process the request as it was sent by the victim.
</p>
<p>
The solution is quite simple: Pages should define a white list of sites that are allowed to get the content in the "Access-Control-Allow-Origin" header.<br/> Wildcard '*', shouldn't be used in pages with insert/update/delete and even view functionality.
</p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com2tag:blogger.com,1999:blog-7426402557182526240.post-56407212158435963052011-07-05T13:48:00.000-07:002011-07-05T13:48:16.374-07:00Google Docs - a great hosting for Phishing forms<p>Google docs is a powerful service for creating and sharing online documents such as documents, spreadsheets, presentations and forms which are stored in the cloud. Creating forms that are stored and presented in google's domain, makes this service useful for Phishers that can create phishing forms in order to steal user credentials, credit card numbers, etc. Innocent victims would trust the form due to theact that these forms are stored and presented in google's domain.</p>
<p>
In the following images it is possible to see a POC of such attack:
Step 1: The attacker creates a phishing form, using google forms in order to steal vitctims' sensitive information such as user credentials, credit card numbers etc. It is possible to see that this form is running under google's domain.This form will submit victims' credentials to google docs server.
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-1gPgwDszPMQ/ThN0_8pUrDI/AAAAAAAAAB4/hY9yUH0f3VY/s1600/1.jpg" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="166" width="320" src="http://1.bp.blogspot.com/-1gPgwDszPMQ/ThN0_8pUrDI/AAAAAAAAAB4/hY9yUH0f3VY/s320/1.jpg" /></a></div>
Step 2: In the following image it is possible to see that the attacker now is able to see victim's credentials.
<div class="separator" style="clear: both; text-align: center;">
<a href="http://1.bp.blogspot.com/-5sCERMC8x-E/ThN14yLc7YI/AAAAAAAAACA/w0pWOsxNA30/s1600/2.jpg" imageanchor="1" style="margin-left:1em; margin-right:1em"><img border="0" height="167" width="320" src="http://1.bp.blogspot.com/-5sCERMC8x-E/ThN14yLc7YI/AAAAAAAAACA/w0pWOsxNA30/s320/2.jpg" /></a></div>
</p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-18157534750706386802011-07-03T14:51:00.000-07:002012-07-08T06:10:04.201-07:00HTML 5 - XSSQL attack<p>Html 5 brings a lot of new features to the web. One of its features is SQLite - a client side database engine which allows storage of data on the client side. Databases can be created and queried by the JavaScript.</p>It is pretty clear that many developers would use the opportunity to store information on the client side. The risk will be high if they use this repository and store their sensitive information such us user passwords, session ids, credit card numbers etc.<br />
In case of XSS vulnerability in such website it would be possible to query these databases via JavaScript.<br />
I even have a name for this attack - XSSQL :-) funny as well as concerning ... </p>Eventually, XSS attacks still remain common and even more powerful with the ability to query client side databases and steal sensitive information. <style>
.dp-highlighter
{
font-family: "Consolas", "Courier New", Courier, mono, serif;
font-size: 12px;
background-color: #E7E5DC;
width: 99%;
overflow: auto;
margin: 18px 0 18px 0 !important;
padding-top: 1px; /* adds a little border on top when controls are hidden */
}
/* clear styles */
.dp-highlighter ol,
.dp-highlighter ol li,
.dp-highlighter ol li span
{
margin: 0;
padding: 0;
border: none;
}
.dp-highlighter a,
.dp-highlighter a:hover
{
background: none;
border: none;
padding: 0;
margin: 0;
}
.dp-highlighter .bar
{
padding-left: 45px;
}
.dp-highlighter.collapsed .bar,
.dp-highlighter.nogutter .bar
{
padding-left: 0px;
}
.dp-highlighter ol
{
list-style: decimal; /* for ie */
background-color: #fff;
margin: 0px 0px 1px 45px !important; /* 1px bottom margin seems to fix occasional Firefox scrolling */
padding: 0px;
color: #5C5C5C;
}
.dp-highlighter.nogutter ol,
.dp-highlighter.nogutter ol li
{
list-style: none !important;
margin-left: 0px !important;
}
.dp-highlighter ol li,
.dp-highlighter .columns div
{
list-style: decimal-leading-zero; /* better look for others, override cascade from OL */
list-style-position: outside !important;
border-left: 3px solid #6CE26C;
background-color: #F8F8F8;
color: #5C5C5C;
padding: 0 3px 0 10px !important;
margin: 0 !important;
line-height: 14px;
}
.dp-highlighter.nogutter ol li,
.dp-highlighter.nogutter .columns div
{
border: 0;
}
.dp-highlighter .columns
{
background-color: #F8F8F8;
color: gray;
overflow: hidden;
width: 100%;
}
.dp-highlighter .columns div
{
padding-bottom: 5px;
}
.dp-highlighter ol li.alt
{
background-color: #FFF;
color: inherit;
}
.dp-highlighter ol li span
{
color: black;
background-color: inherit;
}
/* Adjust some properties when collapsed */
.dp-highlighter.collapsed ol
{
margin: 0px;
}
.dp-highlighter.collapsed ol li
{
display: none;
}
/* Additional modifications when in print-view */
.dp-highlighter.printing
{
border: none;
}
.dp-highlighter.printing .tools
{
display: none !important;
}
.dp-highlighter.printing li
{
display: list-item !important;
}
/* Styles for the tools */
.dp-highlighter .tools
{
padding: 3px 8px 3px 10px;
font: 9px Verdana, Geneva, Arial, Helvetica, sans-serif;
color: silver;
background-color: #f8f8f8;
padding-bottom: 10px;
border-left: 3px solid #6CE26C;
}
.dp-highlighter.nogutter .tools
{
border-left: 0;
}
.dp-highlighter.collapsed .tools
{
border-bottom: 0;
}
.dp-highlighter .tools a
{
font-size: 9px;
color: #a0a0a0;
background-color: inherit;
text-decoration: none;
margin-right: 10px;
}
.dp-highlighter .tools a:hover
{
color: red;
background-color: inherit;
text-decoration: underline;
}
/* About dialog styles */
.dp-about { background-color: #fff; color: #333; margin: 0px; padding: 0px; }
.dp-about table { width: 100%; height: 100%; font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; }
.dp-about td { padding: 10px; vertical-align: top; }
.dp-about .copy { border-bottom: 1px solid #ACA899; height: 95%; }
.dp-about .title { color: red; background-color: inherit; font-weight: bold; }
.dp-about .para { margin: 0 0 4px 0; }
.dp-about .footer { background-color: #ECEADB; color: #333; border-top: 1px solid #fff; text-align: right; }
.dp-about .close { font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; background-color: #ECEADB; color: #333; width: 60px; height: 22px; }
/* Language specific styles */
.dp-highlighter .comment, .dp-highlighter .comments { color: #008200; background-color: inherit; }
.dp-highlighter .string { color: blue; background-color: inherit; }
.dp-highlighter .keyword { color: #069; font-weight: bold; background-color: inherit; }
.dp-highlighter .preprocessor { color: gray; background-color: inherit; }
</style> <p>HTML 5 - SQLite Example</p><!--pre name="code" class="js"--><br />
<br />
function db1()<br />
{<br />
<br />
if (window.openDatabase)<br />
var db = openDatabase('yossidb', '1.0', 'attack this db', 2 * 1024 * 1024);<br />
<br />
db.transaction(function (tx) {<br />
tx.executeSql('CREATE TABLE IF NOT EXISTS users (id unique, username, password)');<br />
tx.executeSql('INSERT INTO users (id, username, password) VALUES (1, "user1","bbbbb")');<br />
tx.executeSql('INSERT INTO users (id, username, password) VALUES (2, "user2","password")');<br />
tx.executeSql('INSERT INTO users (id, username, password) VALUES (3, "user3","username")');<br />
tx.executeSql('INSERT INTO users (id, username, password) VALUES (4, "user4","another")');<br />
tx.executeSql('INSERT INTO users (id, username, password) VALUES (5, "user5","fighter")');<br />
//tx.executeSql('DROP TABLE users');//SELECT * FROM users<br />
});<br />
db.transaction(function (tx) {<br />
tx.executeSql(sql.value, [], function (tx, results){<br />
<br />
var len = results.rows.length, i, resultsOutputUsers="",resultsOutputPasswords="";<br />
for (i = 0; i < len; i++) {
if (results.rows.item(i).username!=null)
{
resultsOutputUsers = resultsOutputUsers + results.rows.item(i).username + "
"
resultsOutputPasswords = resultsOutputPasswords + results.rows.item(i).password + "
"
}
document.getElementById("div1").innerHTML = resultsOutputUsers;
document.getElementById("div2").innerHTML = resultsOutputPasswords;
}
}
)});
}
<!--/pre--><br />
<script language="javascript" src="http://www.allpics.co.il/Yossi/shCore.js"></script> <script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushJava.js"></script> <script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushXml.jss"></script> <script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushJScript.js"></script> <script language="javascript">
dp.SyntaxHighlighter.ClipboardSwf = 'http://www.allpics.co.il/Yossi/clipboard.swf';
dp.SyntaxHighlighter.HighlightAll('code');
</script>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com1tag:blogger.com,1999:blog-7426402557182526240.post-57458636586580247822011-06-05T13:13:00.000-07:002011-06-05T13:14:40.210-07:00Session Puzzling<p>Session Puzzling is a new type of application-level vulnerabilities that could enable attackers to perform a variety of malicious actions not limited to:
<li>Bypass authentication and authorization enforcement mechanisms</li>
<li>Elevate privileges</li>
<li>Impersonate legitimate users</li>
<li>Avoid flow enforcement restrictions</li>
<li>Execute “traditional attacks” (such as injections) in locations that were previously considered safe</li>
<li>Affect content delivery destination</li>
<li>Cause unexpected application behaviors</li>
</p>
<p>
Shay Chen, a friend and known security specialist presented this new kind of attack at Israeli local OWASP chapter meeting. </p>
<p>More information could be found <a href="http://www.google.co.il/url?sa=t&source=web&cd=1&ved=0CBcQFjAA&url=http://puzzlemall.googlecode.com/files/Session Puzzles - Indirect Application Attack Vectors - May 2011 EY HASC - Whitepaper.pdf&ei=NuLrTdG1EI72sgbrkqnoCg&usg=AFQjCNGDUHMQG2DMM62qGmuyKrhG60s7rQ" target="_blank" >here</a>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-84747476807167003862011-05-22T09:52:00.000-07:002011-05-22T09:53:41.355-07:00Web security scanner - Software as service<p>ZeroDyaScan revolutionize web security by offering an online security scanning service running from the cloud. This service is suitable for any pocket. ZeroDayScan service utilizes a network of servers connected to the backbone to perform security assessments of the websites. Basically a private cloud is used to perform website security assesment.</p>
<p>
On every website ZeroDayScan performs thousands of security tests. The system looks for most complicated security vulnerabilities as well as web server misconfiguration. When combined together these security tests give good and accurate results with almost zero false positives.</p>
<a href="http://www.zerodayscan.com" target="_blank">Zerodayscan - web security scanner - SaaS</a>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-59597645754604244462011-03-27T16:13:00.000-07:002011-03-27T16:13:22.161-07:00Need a good reference for Microsoft SQL Server 2005/2008 hardening?<p>This paper contains administrative and operational tasks that should be taken in account from security perspective when using Mircosoft SQL Server. The article covers operative instructions and example of code snippets needed for DBA's and Server administrators.<br>
<a href="http://www.greensql.com/content/sql-server-security-best-practices" target="_blank">http://www.greensql.com/content/sql-server-security-best-practices</a></p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-79359385919051204182011-03-13T13:29:00.000-07:002011-03-13T13:52:51.582-07:00ExternalInterface.call() in ActionScript - can expose Flash applications to XSS attacks<p>The ExternalInterface class is the External API, an application programming interface that enables straightforward communication between ActionScript and the Flash Player container– for example, an HTML page with JavaScript.<br/>
The<b>ExternalInterface.call("functionNameInJavaScript",inputFromUser)</b> function in ActionScript - allows making calls from ActionScript to JavaScript functions. <br/> The first parameter is the name of the function in javascript, and the second one can be one or more parameters that this function receives. </p>
<p>
Call to such method would be translated on the embedding page to a javascript code which would look as follows:
<pre name="code2" class="js">
try {
__flash__toXML(functionNameInJavaScript, "the value from inputFromUser"));
} catch (e) {
//Do something useful;
}
</pre>
</p>
<p>
If the <b>inputFromUser</b> parameter's value is <b>Hey"people</b>, backslash escaping character will be added automatically and the value will become to be <b>Hey\"people</b> . <br/>However, the function does not escape any stray backslash characters. So input like <b> Hello world!\"+alert('XSS')); } catch(e) {} //</b> can lead to Cross Site Scripting attacks.
</p>This vulnerability was found by lcamtuf and was first posted on his blog.
<script language="javascript">
dp.SyntaxHighlighter.ClipboardSwf = 'http://www.allpics.co.il/Yossi/clipboard.swf';
dp.SyntaxHighlighter.HighlightAll('code2');
</script>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-81605062222823575862011-01-20T02:02:00.000-08:002011-01-20T02:08:09.159-08:00It is easy to find adobe flash security vulnerabilities<p>
Meet the HP SWFScan - a <b>free</b> tool developed by HP Web Security Research Group, will automatically find security vulnerabilities in applications built on the Flash platform.
</p>
<ul>
<li><b>Decompiles</b> applications built on the Adobe Flash platform to extract the ActionScript code and statically analyzes it to identify security issues such as information disclosure.</li>
<li><b>Automatic Code Review</b> - Identifies and reports insecure programming and deployment practices and suggests solutions.</li>
<li>Enables you to audit third party applications without requiring access to the source code.</li>
</ul>
<a href="https://h30406.www3.hp.com/campaigns/2009/wwcampaign/1-5TUVE/images/SwfScan.msi">Download from here</a>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-76879005518926623922010-11-17T15:22:00.000-08:002010-11-17T15:22:48.549-08:00Breaking Web Browsers - Nice method for getting passwords and other user details (by Jeremiah Grossman)<iframe src="http://player.vimeo.com/video/15516219" width="400" height="300" frameborder="0"></iframe><p><a href="http://vimeo.com/15516219">Jeremiah Grossman, Breaking Web Browsers</a> from <a href="http://vimeo.com/user4863863">AppSec USA 2010</a> on <a href="http://vimeo.com">Vimeo</a>.</p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-56462026426279929882010-07-27T13:26:00.000-07:002011-03-13T13:36:03.819-07:00AES 256 Encryption & Decryption using C# - The short way<p>
More organizations today understand that sensitive information should be stored encrypted in their repositories (Examples: user passwords, credit cards, SSN etc). Also there are regulations and security standards such as the PCI:DSS which requires the encryption of credit card numbers. <br>
Thus, developers in such organizations encounter the issues of encryption frequently and are required to find appropriate solutions.
There are a lot of ways to encrypt/decrypt information by using buld-in .NET libraries for encryption. <br>I decided to present you here the shortest way that i found for doing that.
</p>
<p>
The following code is an example of the short way to encrypt/decrypt data using AES algorithm.<br> Please notice that in this example i stored the encryption key in the code, but of course in the real life the key should be stored in a secure repository with appropriate ACL privileges.
</p>
<style>
.dp-highlighter
{
font-family: "Consolas", "Courier New", Courier, mono, serif;
font-size: 12px;
background-color: #E7E5DC;
width: 99%;
overflow: auto;
margin: 18px 0 18px 0 !important;
padding-top: 1px; /* adds a little border on top when controls are hidden */
}
/* clear styles */
.dp-highlighter ol,
.dp-highlighter ol li,
.dp-highlighter ol li span
{
margin: 0;
padding: 0;
border: none;
}
.dp-highlighter a,
.dp-highlighter a:hover
{
background: none;
border: none;
padding: 0;
margin: 0;
}
.dp-highlighter .bar
{
padding-left: 45px;
}
.dp-highlighter.collapsed .bar,
.dp-highlighter.nogutter .bar
{
padding-left: 0px;
}
.dp-highlighter ol
{
list-style: decimal; /* for ie */
background-color: #fff;
margin: 0px 0px 1px 45px !important; /* 1px bottom margin seems to fix occasional Firefox scrolling */
padding: 0px;
color: #5C5C5C;
}
.dp-highlighter.nogutter ol,
.dp-highlighter.nogutter ol li
{
list-style: none !important;
margin-left: 0px !important;
}
.dp-highlighter ol li,
.dp-highlighter .columns div
{
list-style: decimal-leading-zero; /* better look for others, override cascade from OL */
list-style-position: outside !important;
border-left: 3px solid #6CE26C;
background-color: #F8F8F8;
color: #5C5C5C;
padding: 0 3px 0 10px !important;
margin: 0 !important;
line-height: 14px;
}
.dp-highlighter.nogutter ol li,
.dp-highlighter.nogutter .columns div
{
border: 0;
}
.dp-highlighter .columns
{
background-color: #F8F8F8;
color: gray;
overflow: hidden;
width: 100%;
}
.dp-highlighter .columns div
{
padding-bottom: 5px;
}
.dp-highlighter ol li.alt
{
background-color: #FFF;
color: inherit;
}
.dp-highlighter ol li span
{
color: black;
background-color: inherit;
}
/* Adjust some properties when collapsed */
.dp-highlighter.collapsed ol
{
margin: 0px;
}
.dp-highlighter.collapsed ol li
{
display: none;
}
/* Additional modifications when in print-view */
.dp-highlighter.printing
{
border: none;
}
.dp-highlighter.printing .tools
{
display: none !important;
}
.dp-highlighter.printing li
{
display: list-item !important;
}
/* Styles for the tools */
.dp-highlighter .tools
{
padding: 3px 8px 3px 10px;
font: 9px Verdana, Geneva, Arial, Helvetica, sans-serif;
color: silver;
background-color: #f8f8f8;
padding-bottom: 10px;
border-left: 3px solid #6CE26C;
}
.dp-highlighter.nogutter .tools
{
border-left: 0;
}
.dp-highlighter.collapsed .tools
{
border-bottom: 0;
}
.dp-highlighter .tools a
{
font-size: 9px;
color: #a0a0a0;
background-color: inherit;
text-decoration: none;
margin-right: 10px;
}
.dp-highlighter .tools a:hover
{
color: red;
background-color: inherit;
text-decoration: underline;
}
/* About dialog styles */
.dp-about { background-color: #fff; color: #333; margin: 0px; padding: 0px; }
.dp-about table { width: 100%; height: 100%; font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; }
.dp-about td { padding: 10px; vertical-align: top; }
.dp-about .copy { border-bottom: 1px solid #ACA899; height: 95%; }
.dp-about .title { color: red; background-color: inherit; font-weight: bold; }
.dp-about .para { margin: 0 0 4px 0; }
.dp-about .footer { background-color: #ECEADB; color: #333; border-top: 1px solid #fff; text-align: right; }
.dp-about .close { font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; background-color: #ECEADB; color: #333; width: 60px; height: 22px; }
/* Language specific styles */
.dp-highlighter .comment, .dp-highlighter .comments { color: #008200; background-color: inherit; }
.dp-highlighter .string { color: blue; background-color: inherit; }
.dp-highlighter .keyword { color: #069; font-weight: bold; background-color: inherit; }
.dp-highlighter .preprocessor { color: gray; background-color: inherit; }
</style>
<pre name="code33" class="js">
using System;
using System.Collections.Generic;
using System.Text;
using System.IO;
using System.Security.Cryptography;
namespace aes3
{
class aes3
{
static void Main(string[] args)
{
RijndaelManaged AesEncryption = new RijndaelManaged();
string plainStr = "AES me"; // The text that would be encrypted
AesEncryption.KeySize = 256; // 192, 256
AesEncryption.BlockSize = 128;
AesEncryption.Mode = CipherMode.CBC;
AesEncryption.Padding = PaddingMode.PKCS7;
// The key should be generated prior and also should be stored in secure repository
// with appropriate ACL priviledges.
string keyStr = "cGFzc3dvcmQAAAAAAAAAAA==";
string ivStr = "cGFzc3dvcmQAAAAAAAAAAA==";
byte[] ivArr = Convert.FromBase64String(keyStr);
byte[] keyArr = Convert.FromBase64String(ivStr);
AesEncryption.IV = ivArr;
AesEncryption.Key = keyArr;
// This array will contain the plain text in bytes
byte[] plainText = ASCIIEncoding.UTF8.GetBytes(plainStr);
// Creates Symmetric encryption and decryption objects
ICryptoTransform crypto = AesEncryption.CreateEncryptor();
ICryptoTransform decrypto = AesEncryption.CreateDecryptor();
// The result of the encrypion and decryption
byte[] cipherText = crypto.TransformFinalBlock(plainText, 0, plainText.Length);
byte[] decryptedText = decrypto.TransformFinalBlock(cipherText,0,cipherText.Length);
Console.Write("The plain text\"{0}\" in the encrypted format is:{1} \n",plainStr,Convert.ToBase64String(cipherText));
Console.Write("The encrypted text \"{0}\" is decrypted to: {1}",Convert.ToBase64String(cipherText), ASCIIEncoding.UTF8.GetString(decryptedText));
Console.Read();
}
}
}
</pre>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushJScript.js"></script>
<script language="javascript">
dp.SyntaxHighlighter.ClipboardSwf = 'http://www.allpics.co.il/Yossi/clipboard.swf';
dp.SyntaxHighlighter.HighlightAll('code33');
</script>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com4tag:blogger.com,1999:blog-7426402557182526240.post-9939871997658821652010-06-09T09:34:00.000-07:002010-07-27T14:05:51.480-07:00Avoiding SQL Injection attacks in stored procedures that must be dynamic<style>
.dp-highlighter
{
font-family: "Consolas", "Courier New", Courier, mono, serif;
font-size: 12px;
background-color: #E7E5DC;
width: 99%;
overflow: auto;
margin: 18px 0 18px 0 !important;
padding-top: 1px; /* adds a little border on top when controls are hidden */
}
/* clear styles */
.dp-highlighter ol,
.dp-highlighter ol li,
.dp-highlighter ol li span
{
margin: 0;
padding: 0;
border: none;
}
.dp-highlighter a,
.dp-highlighter a:hover
{
background: none;
border: none;
padding: 0;
margin: 0;
}
.dp-highlighter .bar
{
padding-left: 45px;
}
.dp-highlighter.collapsed .bar,
.dp-highlighter.nogutter .bar
{
padding-left: 0px;
}
.dp-highlighter ol
{
list-style: decimal; /* for ie */
background-color: #fff;
margin: 0px 0px 1px 45px !important; /* 1px bottom margin seems to fix occasional Firefox scrolling */
padding: 0px;
color: #5C5C5C;
}
.dp-highlighter.nogutter ol,
.dp-highlighter.nogutter ol li
{
list-style: none !important;
margin-left: 0px !important;
}
.dp-highlighter ol li,
.dp-highlighter .columns div
{
list-style: decimal-leading-zero; /* better look for others, override cascade from OL */
list-style-position: outside !important;
border-left: 3px solid #6CE26C;
background-color: #F8F8F8;
color: #5C5C5C;
padding: 0 3px 0 10px !important;
margin: 0 !important;
line-height: 14px;
}
.dp-highlighter.nogutter ol li,
.dp-highlighter.nogutter .columns div
{
border: 0;
}
.dp-highlighter .columns
{
background-color: #F8F8F8;
color: gray;
overflow: hidden;
width: 100%;
}
.dp-highlighter .columns div
{
padding-bottom: 5px;
}
.dp-highlighter ol li.alt
{
background-color: #FFF;
color: inherit;
}
.dp-highlighter ol li span
{
color: black;
background-color: inherit;
}
/* Adjust some properties when collapsed */
.dp-highlighter.collapsed ol
{
margin: 0px;
}
.dp-highlighter.collapsed ol li
{
display: none;
}
/* Additional modifications when in print-view */
.dp-highlighter.printing
{
border: none;
}
.dp-highlighter.printing .tools
{
display: none !important;
}
.dp-highlighter.printing li
{
display: list-item !important;
}
/* Styles for the tools */
.dp-highlighter .tools
{
padding: 3px 8px 3px 10px;
font: 9px Verdana, Geneva, Arial, Helvetica, sans-serif;
color: silver;
background-color: #f8f8f8;
padding-bottom: 10px;
border-left: 3px solid #6CE26C;
}
.dp-highlighter.nogutter .tools
{
border-left: 0;
}
.dp-highlighter.collapsed .tools
{
border-bottom: 0;
}
.dp-highlighter .tools a
{
font-size: 9px;
color: #a0a0a0;
background-color: inherit;
text-decoration: none;
margin-right: 10px;
}
.dp-highlighter .tools a:hover
{
color: red;
background-color: inherit;
text-decoration: underline;
}
/* About dialog styles */
.dp-about { background-color: #fff; color: #333; margin: 0px; padding: 0px; }
.dp-about table { width: 100%; height: 100%; font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; }
.dp-about td { padding: 10px; vertical-align: top; }
.dp-about .copy { border-bottom: 1px solid #ACA899; height: 95%; }
.dp-about .title { color: red; background-color: inherit; font-weight: bold; }
.dp-about .para { margin: 0 0 4px 0; }
.dp-about .footer { background-color: #ECEADB; color: #333; border-top: 1px solid #fff; text-align: right; }
.dp-about .close { font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; background-color: #ECEADB; color: #333; width: 60px; height: 22px; }
/* Language specific styles */
.dp-highlighter .comment, .dp-highlighter .comments { color: #008200; background-color: inherit; }
.dp-highlighter .string { color: blue; background-color: inherit; }
.dp-highlighter .keyword { color: #069; font-weight: bold; background-color: inherit; }
.dp-highlighter .preprocessor { color: gray; background-color: inherit; }
</style>
<p>No doubt that stored procedures which use dynamic construction of queries by string concatenation technique are vulnerable to SQL injection attacks. In order to prevent the attack, stored procedures should not use such technique and the sql statements should be written as a part of the T-SQL syntax with sql parameters.</p>
<p>
However, under certain circumstances the use of dynamic construction is not avoidable.For example in Microsoft SQL Server you cannot write a T-SQL stored procedure which contains parameters such as table or a column name. In this case you must interpolate it into the SQL string using the string concatenation technique.</p>
<b>So what is the solution for this issue?</b>
<p>
Very simple, actually there are two ways to do it as follows:<br>
1. Using the quotename() function which was added in sql 7. The function takes two parameters: the first is a string, and the second is a pair of delimiters to wrap the string in. The default for the second parameter is []. Thus, quotename('table_name') returns [table_name]. quotename() takes care of nested delimiters, so if table name like table]_name, quotename() will return [table]]_name]<br>The following example demonstrates how treat the table_name in order to avoid the SQL Injection attack:<br>
<!--textarea rows="10" cols="50"-->
<pre name="code" class="sql">
ALTER PROCEDURE [DBO].[EmptyTables]
(
@table_name NVARCHAR(30)
)
AS DECLARE @sql NVARCHAR(100)
BEGIN
IF CHARINDEX (']',@table_name,1 ) > 0
BEGIN
SET @error1='Error'
RAISERROR( @error1 ,11,1 );
END
SET @sql='TRUNCATE TABLE ' + quotename(@table_name)
EXEC sp_executesql @sql
END
</pre><!--/textarea--><br>
2. Using the [] characters in order to indicate that the table or the column name is an object. In such case if the attacker injects the following query in the table_name paramater as follows: <b>sometable';drop table users --</b>, the database will raise the following error :<b>Cannot find the object "';drop table users --'" because it does not exist or you do not have permissions.</b> <br/>
The following example demonstrates how treat the table_name in order to avoid the SQL Injection attack:<br>
<!--textarea rows="10" cols="50"-->
<pre name="code" class="sql">
ALTER PROCEDURE [DBO].[EmptyTables]
(
@table_name NVARCHAR(30)
)
AS DECLARE @sql NVARCHAR(100)
BEGIN
IF CHARINDEX (']',@table_name,1 ) > 0
BEGIN
SET @error1='Error'
RAISERROR( @error1 ,11,1 );
END
SET @sql='TRUNCATE TABLE [' + @table_name + ']'
EXEC sp_executesql @sql
END
</pre>
<!--/textarea-->
</p>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shCore.js"></script>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushSql.js"></script>
<script language="javascript">
dp.SyntaxHighlighter.ClipboardSwf = 'http://www.allpics.co.il/Yossi/clipboard.swf';
dp.SyntaxHighlighter.HighlightAll('code');
</script>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com2tag:blogger.com,1999:blog-7426402557182526240.post-22602464895486549522010-05-31T14:44:00.000-07:002010-06-10T01:46:05.422-07:00Tabnabbing - an example<style>
.dp-highlighter
{
font-family: "Consolas", "Courier New", Courier, mono, serif;
font-size: 12px;
background-color: #E7E5DC;
width: 99%;
overflow: auto;
margin: 18px 0 18px 0 !important;
padding-top: 1px; /* adds a little border on top when controls are hidden */
}
/* clear styles */
.dp-highlighter ol,
.dp-highlighter ol li,
.dp-highlighter ol li span
{
margin: 0;
padding: 0;
border: none;
}
.dp-highlighter a,
.dp-highlighter a:hover
{
background: none;
border: none;
padding: 0;
margin: 0;
}
.dp-highlighter .bar
{
padding-left: 45px;
}
.dp-highlighter.collapsed .bar,
.dp-highlighter.nogutter .bar
{
padding-left: 0px;
}
.dp-highlighter ol
{
list-style: decimal; /* for ie */
background-color: #fff;
margin: 0px 0px 1px 45px !important; /* 1px bottom margin seems to fix occasional Firefox scrolling */
padding: 0px;
color: #5C5C5C;
}
.dp-highlighter.nogutter ol,
.dp-highlighter.nogutter ol li
{
list-style: none !important;
margin-left: 0px !important;
}
.dp-highlighter ol li,
.dp-highlighter .columns div
{
list-style: decimal-leading-zero; /* better look for others, override cascade from OL */
list-style-position: outside !important;
border-left: 3px solid #6CE26C;
background-color: #F8F8F8;
color: #5C5C5C;
padding: 0 3px 0 10px !important;
margin: 0 !important;
line-height: 14px;
}
.dp-highlighter.nogutter ol li,
.dp-highlighter.nogutter .columns div
{
border: 0;
}
.dp-highlighter .columns
{
background-color: #F8F8F8;
color: gray;
overflow: hidden;
width: 100%;
}
.dp-highlighter .columns div
{
padding-bottom: 5px;
}
.dp-highlighter ol li.alt
{
background-color: #FFF;
color: inherit;
}
.dp-highlighter ol li span
{
color: black;
background-color: inherit;
}
/* Adjust some properties when collapsed */
.dp-highlighter.collapsed ol
{
margin: 0px;
}
.dp-highlighter.collapsed ol li
{
display: none;
}
/* Additional modifications when in print-view */
.dp-highlighter.printing
{
border: none;
}
.dp-highlighter.printing .tools
{
display: none !important;
}
.dp-highlighter.printing li
{
display: list-item !important;
}
/* Styles for the tools */
.dp-highlighter .tools
{
padding: 3px 8px 3px 10px;
font: 9px Verdana, Geneva, Arial, Helvetica, sans-serif;
color: silver;
background-color: #f8f8f8;
padding-bottom: 10px;
border-left: 3px solid #6CE26C;
}
.dp-highlighter.nogutter .tools
{
border-left: 0;
}
.dp-highlighter.collapsed .tools
{
border-bottom: 0;
}
.dp-highlighter .tools a
{
font-size: 9px;
color: #a0a0a0;
background-color: inherit;
text-decoration: none;
margin-right: 10px;
}
.dp-highlighter .tools a:hover
{
color: red;
background-color: inherit;
text-decoration: underline;
}
/* About dialog styles */
.dp-about { background-color: #fff; color: #333; margin: 0px; padding: 0px; }
.dp-about table { width: 100%; height: 100%; font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; }
.dp-about td { padding: 10px; vertical-align: top; }
.dp-about .copy { border-bottom: 1px solid #ACA899; height: 95%; }
.dp-about .title { color: red; background-color: inherit; font-weight: bold; }
.dp-about .para { margin: 0 0 4px 0; }
.dp-about .footer { background-color: #ECEADB; color: #333; border-top: 1px solid #fff; text-align: right; }
.dp-about .close { font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; background-color: #ECEADB; color: #333; width: 60px; height: 22px; }
/* Language specific styles */
.dp-highlighter .comment, .dp-highlighter .comments { color: #008200; background-color: inherit; }
.dp-highlighter .string { color: blue; background-color: inherit; }
.dp-highlighter .keyword { color: #069; font-weight: bold; background-color: inherit; }
.dp-highlighter .preprocessor { color: gray; background-color: inherit; }
</style>
The example:<br>
<pre name="code" class="javascript">
<script type="text/javascript">
if (window.opener)
{
setTimeout("window.opener.location = 'http://www.google.com/'", 1000);
}
</script>
</pre>
<!--textarea rows="10" cols="50"-->
<!--/textarea-->Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-68684632013517656002010-05-29T17:02:00.000-07:002010-05-31T14:41:20.552-07:00Improper Authentication Mechanism in 3Com Wireless8760 Dual Radio 11a/b/g Poe Access Point<p>
Recently i found the following vulnerability in the 3Com Wireless8760 web administration interface: If one user is authenticated to the web interface, other users can access to internal pages without further authentication. That means that one opened session is enough between the user and web administration , and other users can also access to the web administration interface.
</p>
<p>Malicious user can wait until ones logins to the interface and then he can access and administer 3Com Wireless8760 Access Point without further authentication. Among different operations the malicious user can cause to Denial of Service (Dos) attack to the entire network by changing the configuration such as IP addresses.</p>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-23743609801563525682010-05-26T15:36:00.000-07:002010-05-26T15:36:21.362-07:00Man infects himself with computer virusUniversity of Reading researcher Mark Gasson has become the first human known to be infected by a computer virus.
The virus, infecting a chip implanted in Gasson's hand, passed into a laboratory computer. From there, the infection could have spread into other computer chips found in building access cards. <a href="http://www.msnbc.msn.com/id/37360942/ns/technology_and_science-security/" target="_blank">Read More...</a>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-13459395272807269512010-05-24T12:57:00.000-07:002010-07-27T13:31:41.347-07:00Fiddler GZIP IssueRecenly, I found that the GZIP zip/unzip feature in fiddler does not work properly.
There are applications which are based on HTTP protocol and also zip HTTP Requests and Responses with GZIP format.
So I decided to write some script using Fiddler Script Editor for converting and extracting Requests that are in GZIP format.
Here is the code, copy this to the CustomRules.js file (Rules---->Customize Rules)
<!--textarea rows="10" cols="50"-->
<style>
.dp-highlighter
{
font-family: "Consolas", "Courier New", Courier, mono, serif;
font-size: 12px;
background-color: #E7E5DC;
width: 99%;
overflow: auto;
margin: 18px 0 18px 0 !important;
padding-top: 1px; /* adds a little border on top when controls are hidden */
}
/* clear styles */
.dp-highlighter ol,
.dp-highlighter ol li,
.dp-highlighter ol li span
{
margin: 0;
padding: 0;
border: none;
}
.dp-highlighter a,
.dp-highlighter a:hover
{
background: none;
border: none;
padding: 0;
margin: 0;
}
.dp-highlighter .bar
{
padding-left: 45px;
}
.dp-highlighter.collapsed .bar,
.dp-highlighter.nogutter .bar
{
padding-left: 0px;
}
.dp-highlighter ol
{
list-style: decimal; /* for ie */
background-color: #fff;
margin: 0px 0px 1px 45px !important; /* 1px bottom margin seems to fix occasional Firefox scrolling */
padding: 0px;
color: #5C5C5C;
}
.dp-highlighter.nogutter ol,
.dp-highlighter.nogutter ol li
{
list-style: none !important;
margin-left: 0px !important;
}
.dp-highlighter ol li,
.dp-highlighter .columns div
{
list-style: decimal-leading-zero; /* better look for others, override cascade from OL */
list-style-position: outside !important;
border-left: 3px solid #6CE26C;
background-color: #F8F8F8;
color: #5C5C5C;
padding: 0 3px 0 10px !important;
margin: 0 !important;
line-height: 14px;
}
.dp-highlighter.nogutter ol li,
.dp-highlighter.nogutter .columns div
{
border: 0;
}
.dp-highlighter .columns
{
background-color: #F8F8F8;
color: gray;
overflow: hidden;
width: 100%;
}
.dp-highlighter .columns div
{
padding-bottom: 5px;
}
.dp-highlighter ol li.alt
{
background-color: #FFF;
color: inherit;
}
.dp-highlighter ol li span
{
color: black;
background-color: inherit;
}
/* Adjust some properties when collapsed */
.dp-highlighter.collapsed ol
{
margin: 0px;
}
.dp-highlighter.collapsed ol li
{
display: none;
}
/* Additional modifications when in print-view */
.dp-highlighter.printing
{
border: none;
}
.dp-highlighter.printing .tools
{
display: none !important;
}
.dp-highlighter.printing li
{
display: list-item !important;
}
/* Styles for the tools */
.dp-highlighter .tools
{
padding: 3px 8px 3px 10px;
font: 9px Verdana, Geneva, Arial, Helvetica, sans-serif;
color: silver;
background-color: #f8f8f8;
padding-bottom: 10px;
border-left: 3px solid #6CE26C;
}
.dp-highlighter.nogutter .tools
{
border-left: 0;
}
.dp-highlighter.collapsed .tools
{
border-bottom: 0;
}
.dp-highlighter .tools a
{
font-size: 9px;
color: #a0a0a0;
background-color: inherit;
text-decoration: none;
margin-right: 10px;
}
.dp-highlighter .tools a:hover
{
color: red;
background-color: inherit;
text-decoration: underline;
}
/* About dialog styles */
.dp-about { background-color: #fff; color: #333; margin: 0px; padding: 0px; }
.dp-about table { width: 100%; height: 100%; font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; }
.dp-about td { padding: 10px; vertical-align: top; }
.dp-about .copy { border-bottom: 1px solid #ACA899; height: 95%; }
.dp-about .title { color: red; background-color: inherit; font-weight: bold; }
.dp-about .para { margin: 0 0 4px 0; }
.dp-about .footer { background-color: #ECEADB; color: #333; border-top: 1px solid #fff; text-align: right; }
.dp-about .close { font-size: 11px; font-family: Tahoma, Verdana, Arial, sans-serif !important; background-color: #ECEADB; color: #333; width: 60px; height: 22px; }
/* Language specific styles */
.dp-highlighter .comment, .dp-highlighter .comments { color: #008200; background-color: inherit; }
.dp-highlighter .string { color: blue; background-color: inherit; }
.dp-highlighter .keyword { color: #069; font-weight: bold; background-color: inherit; }
.dp-highlighter .preprocessor { color: gray; background-color: inherit; }
</style>
<pre name="code" class="js">
public static ContextAction("GZIP Request")
function GZIPRequest(oSessions:Session[]){
Utilities.WriteArrayToFile("c:\\fidreq.txt",Utilities.GzipCompress(oSessions[oSessions.Length-1].requestBodyBytes));
oSessions[oSessions.Length-1].LoadRequestBodyFromFile("c:\\fidreq.txt");
}
public static ContextAction("UNGZIP Request")
function UNGZIPRequest(oSessions:Session[]){
var oBody = System.Text.Encoding.UTF8.GetString(Utilities.GzipExpand(oSessions[oSessions.Length-1].requestBodyBytes));
oSessions[oSessions.Length-1].utilSetRequestBody(oBody);
}
public static ContextAction("GZIP Response")
function GZIPResponse(oSessions:Session[]){
Utilities.WriteArrayToFile("c:\\fidres.txt",Utilities.GzipCompress(oSessions[oSessions.Length-1].responseBodyBytes));
oSessions[oSessions.Length-1].LoadResponseFromFile("c:\\fidres.txt");
}
public static ContextAction("UNGZIP Response")
function UNGZIPResponse(oSessions:Session[]){
var oBody = System.Text.Encoding.UTF8.GetString(Utilities.GzipExpand(oSessions[oSessions.Length-1].responseBodyBytes));
oSessions[oSessions.Length-1].utilSetResponseBody(oBody);
oSessions[oSessions.Length-1].RefreshUI();
}</pre><!--/textarea-->
<script language="javascript" src="http://www.allpics.co.il/Yossi/shCore.js"></script>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushJava.js"></script>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushXml.jss"></script>
<script language="javascript" src="http://www.allpics.co.il/Yossi/shBrushJScript.js"></script>
<script language="javascript">
dp.SyntaxHighlighter.ClipboardSwf = 'http://www.allpics.co.il/Yossi/clipboard.swf';
dp.SyntaxHighlighter.HighlightAll('code');
</script>
After copying this code, and saving it in the CustomRules.js files, select one of the HTTP Requests which are in GZIP format, right click and... here it is...you will have 4 options:
GZIP Request, GZIP Response, UNGZIP Response, UNGZIP Request
Have fun ;-)Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-58695672902684327802010-05-22T10:25:00.000-07:002010-05-24T13:39:11.660-07:00ATM Clickjacking<script type="text/javascript">
var _gaq = _gaq || [];
_gaq.push(['_setAccount', 'UA-16575271-1']);
_gaq.push(['_trackPageview']);
(function() {
var ga = document.createElement('script'); ga.type = 'text/javascript'; ga.async = true;
ga.src = ('https:' == document.location.protocol ? 'https://ssl' : 'http://www') + '.google-analytics.com/ga.js';
var s = document.getElementsByTagName('script')[0]; s.parentNode.insertBefore(ga, s);
})();
</script>
<p>Fraudsters can install another keypad by covering the original existing ATM keypad. The 'new' keypad contains a memory block which can store PAN (credit card number) and PIN code while the customer tries to get money out of the ATM.<br />
<br />
In such way, fraudsters can obtain credit card numbers and PIN codes and succeed in their frauds.<br />
<br />
Why i called that as ATM clickjacking? Because it is very similar to webpage clickjacking definition. The user thinks that he clicks on legitimate link or button while actually he clicks on hidden functionality which performs unintended malicious operations. <br />
</p><img src="http://www.wired.com/images_blogs/threatlevel/2009/12/atm-keypad1.jpg" height="100px" width="100px">Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com0tag:blogger.com,1999:blog-7426402557182526240.post-15501960521812329402010-05-18T13:12:00.001-07:002010-05-18T13:50:04.985-07:00OWASP TOP 10 - 2010 Released<div dir="ltr" style="text-align: left;" trbidi="on"><br />
<div>The primary aim of the OWASP Top 10 is to educate developers, designers, architects, and organizations about the consequences of the most common web application security vulnerabilities. The Top 10 provides basic methods to protect against these vulnerabilities – a great start to your secure coding security program.<br />
<br />
<a href="http://www.owasp.org/index.php/Top_10_2010-Main" target="_blank">Ten most popular application security flaws</a><br />
<br />
<br />
</div></div>Yossihttp://www.blogger.com/profile/10010721884783756182noreply@blogger.com2