hack.lu Part #5

Back to the presentations…

Ezequiel David Gutesman from Core Security Technologies presented a web application fuzzer. Why? Because web applications are very common (used everywhere) and consequences in case of attacks can be dramatic (loss of data, data theft, …) for companies. Countermeasure are WAF’s (Web Application Firewalls) coupled with IDS/IPS, code analyze (static or dynamic) and audits. Ezequiel gave info about CORE GRASP, a tool to protect against web injections. Basically, all SQL requests are analyzed using dynamic character-grained taint analysis and grammar-based analysis. All queries are classified: harmless, warning or critical (successful attack). Vulnerability reports are generated and are understandable by, not only security experts, but also by developers! Which is very important in the scope of safe development (remember: security aspects must be taken into account as early as possible during the development process).

Next talk, Saumil Shah, CEO of Net-Square, gave a presentation about Browser Exploits. As seen in the previous presentation, web services became very common (via web 2.0 applications). The web browser also became one of the most used tools on the user desktop and will maybe become the future user’s desktop! A very good target for hackers! By design, browsers can be expanded with a lot of addons, extensions and other goodies (toolbars). Saumil showed that the browser architecture is not secure at all. Then he compared the browser to a classic OS (kernel space, drivers and userland space). With the comparison, we saw that it’s quite easy to exploit a browser. This was demonstrated live. The “Heap Spraying” exploit using JavaScript was very nice! Funny quote of Saumil: “calc.exe is the ‘Hello World!’ of Windows hackers“. A good protection against browser exploits: use the NoScript Firefox extension. Personally I use it for months and it does a great job! Teflon is another nice extension which takes care of JavaScript exploits (this add-on is not yet available – should be by end of the year). What about the future? Extension are just pieces of code attached to the browser and can have bugs, crash or be exploited. More security features must be integrated INTO browsers!

Let’s have a lunch break now!

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.