Download Website Vulnerabilities PowerPoint Presentation

Iframe embed code :

<iframe src='https://www.slidesfinder.com/embedpresentation/MzY0MQ==' width='630' height='570' frameborder='0' marginwidth='0' marginheight='0' scrolling='no' allowfullscreen></iframe>

Presentation url :

Home / Computers & Web / Computers & Web Presentations / Website Vulnerabilities PowerPoint Presentation

Website Vulnerabilities PowerPoint Presentation

PowerPoint is the world's most popular presentation software which can let you create professional Website Vulnerabilities powerpoint presentation easily and in no time. This helps you give your presentation on Website Vulnerabilities in a conference, a school lecture, a business proposal, in a webinar and business and professional representations.

The uploader spent his/her valuable time to create this Website Vulnerabilities powerpoint presentation slides, to share his/her useful content with the world. This ppt presentation uploaded by picworld in Computers & Web ppt presentation category is available for free download,and can be used according to your industries like finance, marketing, education, health and many more.

About This Presentation

picworld

Description : Website vulnerabilities has SQL Injections, Cross Site Scripting (XSS). Know about website vulnerabilities with this website vulnerabilities powerpoint (ppt) presentation.

Published on : Mar 20, 2018
Views : 2303 | Downloads : 2

Download Now

Share on Social Media

Website Vulnerabilities Presentation Transcript

Slide 1 -

by Brian Vees SECURITY VULNERABILITIES IN WEBSITES

Slide 2 -

SQL Injection Username Enumeration Cross Site Scripting (XSS) Remote Code Execution String Formatting Vulnerabilities Five Types of Vulnerabilities

Slide 3 -

A very common, and easy to exploit vulnerability Requires basic SQL knowledge The basic idea: Find a user-inputted field that most likely is used to query a database Insert text in the field which will then merge with the SQL query being executed Examine the results to gain info about the database Using this info, write better queries to receive potentially private data SQL Injection

Slide 4 -

Given a sample login prompt on a webpage: Query to validate username might look like this: Entering a single apostrophe “breaks out” of the intended SQL code, allowing other code to be executed SQL Injection - Example query = "select * from user where username='" + tbUserName.Text + "'";

Slide 5 -

Entering this data causes the following query to be sent to the database: Since 1=1 is always true, this query returns all users in the database SQL Injection – Example (Cont.) select * from user where username='' or 1=1 --'

Slide 6 -

SQL injection to obtain error messages containing useful data SQL injection to delete data ('drop [tablename]--) SQL injection to execute files exec sp_oamethod @o, 'run', NULL, 'executable.exe' Other Examples

Slide 7 -

“Escape” apostrophes String replacement on SQL-specific character combinations (“--”) Safest: reject any bad input rather than attempting to “cleanse” it Not necessarily plausible: names like O’Brien and other valid input contain apostrophes SQL Injection Prevention

Slide 8 -

A very simple method of finding valid usernames Username Enumeration Invalid Username Valid Username

Slide 9 -

Use the same error message for invalid password and invalid username This way an attacker has no idea whether or not the username is correct Username Enumeration Prevention

Slide 10 -

Another type of code injection, but with client-side script Can be used to bypass client-side security, as well as gain other information (session cookies) Yahoo! and even Google have previously fallen victim to this vulnerability Cross Site Scripting

Slide 11 -

This form echoes what the user entered in the case of an invalid login (i.e. invalid characters) What if we input JavaScript? XSS Example

Slide 12 -

Consider if we now input the following code: With this data, we can bypass cookie-based security Also, external, lengthier scripts can be injected: Why Is XSS Dangerous?

Slide 13 -

User input cleansing Don’t echo user input back unless it is necessary XSS Prevention

Slide 14 -

Potentially the most dangerous vulnerability Stems from unsecure settings on a web server Remote Code Execution

Slide 15 -

In PHP, the register globals setting is often set to “on” to ease development This allows for global variables to be set remotely require($page . “.php”); If $page is not initialized, any arbitrary file can be included and will be executed on that server Remote Code Execution Example

Slide 16 -

There are several XML specifications that are also vulnerable to remote code execution Improperly validated XML can “break out” of the XML, and execute malicious code XML Vulnerabilities

Slide 17 -

Ensure web server configuration is secure (namely, if using PHP, turn register_globals off) Validate user input Remote Code Execution Prevention

Slide 18 -

An attack on server-side functions that can perform formatting (such as C’s printf) Special characters are used to read or write sections of memory that normally would not be accessible String Formatting Vulnerabilities

Slide 19 -

%s can be used to continue reading data off the stack until an illegal memory address is attempted to be accessed, crashing the program %x can be used to print areas of memory that are normally not accessible %d, %u, and %x can be used to overwrite the instruction pointer, allowing the execution of user-defined code String Formatting Example

Slide 20 -

Make sure and verify all user input Replace or reject special characters (“%”) String Formatting Vulnerability Prevention

Slide 21 -

What is the golden rule that will stop the majority of these website attacks? Conclusion Validate User Input!

Frequently Asked Questions

> About SlidesFinder?

Slidesfinder is a website that allows users to upload and share their PowerPoint presentations online. It provides a platform for individuals and businesses to share their ideas and knowledge through presentations, and for others to view and download these presentations for educational or professional purposes.
Slidesfinder offers a wide range of presentation topics and categories, including business, education, science, technology, health, and more. Users can also search for presentations using keywords, tags, or by category. The website provides tools to create professional presentations with rich media, animations, and graphics.

One of the key features of Slidesfinder is its user-friendly interface, which allows users to easily upload, view, and share presentations. Users can also embed their presentations in their websites or blogs using the website's embed code feature.
Slidesfinder also offers premium services, such as the ability to create private presentations and to download presentations in high-quality formats. However, the basic features of Slidesfinder are free to use, making it accessible to anyone who wants to share their ideas and knowledge through presentations.

> How do I register with SlidesFinder?

Go to registration page (you can see signup link on top of website page) https://www.slidesfinder.com/signup . If you have facebook/gmail account them just click on SIGN IN WITH FACEBOOK OR SIGN IN WITH GOOGLE button, by this you will be a registered member of slidesfinder without filling any form, required detail automatically will be fatch from your account. If you do not a Facebook account, then click on "Signup". Fill all required fields and you will be a registered member of slidesfinder.

> Is slidesfinder account confirmation is mandatory?

Yes it is mandetory to active your account to login.

> Do I need to signup/login on SlidesFinder before uploading a PowerPoint presentation?

Yes, you need to login with your account before uploading presentation. Your username will be displayed on your uploaded presentation. Your registered email id is needed for sending your stats of uploaded presentation.

Slidesfinder is a sharing website for PowerPoint presentations search and share. Find your interest in the form of powerpoint presentations on slidesfinder and save your valuable time . On Slidesfinder you get presentations from our huge library of professional ppt presentations. We believe in making your search INFORMATIVE and FUN. Find your best ppt presentation from a pool of PowerPoint presentations stacked under important industry categories like business & management, heath & Wellness,eduction & training etc. We provide unique informative PowerPoint presentation for marketers, presenters and educationists. These professional PowerPoint presentations are uploaded by professionals from across numerous industry segments.These ppt presentations are available for FREE download.

Not just finding your interest, but facilitate you broadcast your interest. We have created this platform for easy sharing of PowerPoint presentations, ensuring that these presentations get maximum exposure. Create your slidesfinder account and upload PowerPoint presentations for free, share on social media platforms and BUILD YOUR CROWD WITH PRESENTATION !!

The Great Buddha says, "Share your knowledge.It’s a way to achieve immortality"! So, start sharing knowledge and we are here to make that immortal !!

Re-productivity of content are not allowed. Without prior written permission from author, commercial use of any content is illegal.