The WIse SECurity
Documents and White Papers
Flash Application Testing
AbstractThis is the presentation i did at 6th Owasp AppSec Conference 2007 in Milan.
It describes security flaws in Flash Applications and bad coding practices in ActionScript by analysing real world swf applications flaws and potential vulnerabilities that could lead to client side attacks.
A new kind of attack called Cross Site Flashing is also described.
After this probably some high impact client side flaws will be discovered on many big websites, and of course new mitigation techniques and best practice in ActionScript programming will be developed.
Keywords: Flash Application Security, Cross Site Scripting, Cross Site Flashing, ActionScript Security.
Date: 18th, May 2007
Download PDF (English Version) Download SWF (English Version)
Abstract"The ability of modern browsers to use asynchronous requests introduces a new type of attack vectors. In particular, an attacker can inject client side code to totally subvert the communication flow between client and server. In fact, advanced features of Ajax framework build up a new transparent layer not controlled by the user. This paper will focus on security aspects of Ajax technology and on their influence upon privacy issues.
Ajax is not only a group of features for web developers: it's a new paradigm that allows leveraging the most refined client side attacks."
Keywords: Ajax Security, Universal Cross Site
Scripting, Code Injection, Cache Poisoning, Prototype Hijacking,
Auto Injecting Cross Domain Scripting
Download (English Version)
...And More Advanced Sql Injection SiXSS, SiHRS and the Client Side SQL Injection
Abstract"How much a Sql Injection is a hard vulnerability? It is supposed to be a way of gaining server side informations, execution of arbitrary commands, gaining of admin privileges in a web based forum and so on.. In short SQL Injection is supposed to be a server side vulnerability but sometimes it could be a client side one too.
Public and home-made CMS (Content Management System) are widely used on web servers, for a lot of reasons; one reason for all is text and URLs indexing and retrieving. This paper addresses a couple of alternative ways of using SQL Injection.
Let's suppose we are the developers of a CMS (Content Management System) and this CMS was used by a bank... Let's suppose we accidentally left a SQL Injection vulnerability on a page.
But wait! No problem! We created a user with no file permissions and so on, no sensitive information on the database, no web forum and nothing left on the server... It may still remain some problems..."
Download (English Version)
Wisec is brought to you by...
Wisec is written and mantained by Stefano Di Paola.
Wisec uses open standards, including XHTML, CSS2, and XML-RPC.
All Rights Reserved 2004
All hosted messages and metadata are owned by their respective authors.