Posts

Showing posts from June, 2009

Google Anti-Malware website

Google has launched a new website Anti-Malvertising which is customized search engine. It lists all the incidents related to that particular website in the past when it was used for downloading any malware. The Google Safe Browsing Diagnostic page will show you the following points related to your search:

What happened when Google visited sites hosted on this network?Has this network hosted sites acting as intermediaries for further malware distribution?Has this network hosted sites that have distributed malware?The search engine checks third-party sites that track ad malware.

For example following is the result of a search action:


What happened when Google visited sites hosted on this network?

Of the 725 site(s) we tested on this network over the past 90 days, 127 site(s), including, for example, infinityyachts.in/, geospafitness.com/, aroundalibag.com/, served content that resulted in malicious software being downloaded and installed without user consent.

The last time Google tes…

Ardilla- New tool for finding SQL Injection and XSS

Three Researchers -- MIT's Adam Kiezun, Stanford's Philip Guo, and Syracuse University's KarthickJayaraman -- has developed a new tool 'Ardilla' that automatically finds and exploits SQL injection and cross-site scripting vulnerabilities in Web applications.
It creates inputs that pinpoint bugs in Web applications and then generates SQL injection and XSS attacks. But for now Ardilla is for PHP-based Web app only.
The researchers say Ardilla found 68 never-before found vulnerabilities in five different PHP applications using the tool -- 23 SQL injection and 45 XSS flaws.More information is awaited.For their attack generation techniques refer to their document at: http://www.cs.washington.edu/homes/mernst/pubs/create-attacks-tr054.pdf

Preventing Session Hijacking

What is Session Hijacking
Session Hijacking is an attack that when an attacker takes control of an already validated user.
When an application authenticates a user it assigns a random string called sessionID to the validated user and that sessionID is traversed every time there's an interaction between the logged in user and the application. Generally the sessionID remains valid till the user logs out. After that the particular sessionID becomes invalid. So sessionIDs are very importantconcept in session based application. SessionIDs itself can be captured by following ways:
PredictionCapture
Fixation
If an adversary takes hold of the sessionID he can impersonate the real valid user and the application won't have any way to differentiate between the real user and the attacker. This is the general concept of Session Hijacking.

Prevention to Session Hijacking
A combination of following methods can prevent the problem:
Use of a long random number or string as the session key. This reduc…

Web Services Testing vs Web Application Testing

Image
I have just performed Web Services Security Testing. It was my first encounter with WS testing. Learned a lot from the experience I gained. It's still premature thing, I mean there' s no an pr defined standard frameworks available as how to proceed for testing. Web Services Testing is much similar to conventional web application security testing , however it differs in some aspects. Web Services presents a new and expanded sphere to explore in addition to Web Applications. So it's critical to defend the web services also apart from Web Applications. For overview of Web Services please refer to myearlier post.
The similarities I found while testing Web Services:
Almost same cycle of testing as Web Apps like Information Gathering etc.Almost all the OWASP top 10 vulnerabilities.Susceptible to MITM ( Man in the middle) attack, however was not possible in our case as we have implemented certificate based encryption.Few dissimilarities I came through was:It's not a front end, …