Web Application secure~~

WebGoat


WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. In each lesson, users must demonstrate their understanding of a security issue by exploiting a real vulnerability in the WebGoat application. For example, in one of the lessons the user must use SQL injection to steal fake credit card numbers. The application is a realistic teaching environment, providing users with hints and code to further explain the lesson.
The primary goal of the WebGoat project is simple which is created a de-facto interactive teaching environment for web application security. In the future, the project team hopes to extend WebGoat into becoming a security benchmarking platform and a Java-based Web site Honey pot.


To learn more about WebGoat, you can visit this link anytime: http://code.google.com/p/webgoat/source/browse/trunk/webgoat/main/project/WebContent/lesson_plans/HowToWork.html
Injection Flaws
Injection flaw like SQL injection will cause web application to run an SQL code that was not intended by the application. Usually user supplied data from an application is sent to an interpreter as a query command. With the knowledge of SQL query syntax the attacker exploit this feature by crafting a special crafted data to execute exploit command to the interpreter. By doing this attacker can create, read, update or delete any data available in the database through the web application.

The simplest way to protect against injection is to avoid accessing external interpreters wherever possible. For many shell commands and some system calls, there are language specific libraries that perform the same functions. Using such libraries does not involve the operating system shell interpreter, and therefore avoids a large number of problems with shell commands.
For those calls that you must still employ, such as calls to backend databases, you must carefully validate the data provided to ensure that it does not contain any malicious content. You can also structure many requests in a manner that ensures that all supplied parameters are treated as data, rather than potentially executable content.

The use of stored procedures or prepared statements will provide significant protection, ensuring that supplied input is treated as data. These measures will reduce, but not completely eliminate the risk involved in these external calls. You still must always validate such input to make sure it meets the expectations of the application in question. For more details on how to specifically defend against SQL Injection, please refer to OWASP's SQL Injection Prevention Cheat Sheet.


Malicious File Execution

Malicious File execution is another web application vulnerabilities caused by failing to control application input. In this attack, attacker will exploit the weaknesses by performing remote code execution and remote root kit installation and complete system compromise. On Windows, internal system compromise may be possible through the use of PHP’s SMB file wrappers
In other word this kind of attack will manipulate your web application to become the attacker remote terminal to execute command line instructions such as directory list, dir or displaying
network configuration, ipconfig. It will become more dangerous if the attacker manipulate this vulnerability by executing command that can create a backdoor to your server.

5# Database Security

DATABASE SECURITY

Why Database?
We use database because it is shared access, it will minimal the redundancy data. Moreover it contains Data consistency, Data integrity and Controlled access.


What is Database Secure?

It is the protection that is located in databases from unauthorized access. It is important because information is a critical resource in enterprise and securing data has become a billion dollar industry and people want to secure their confidential information not only from hackers but also from legal, professional direct marketing corporations.

A good database is based on Data independence, Shared access, Minimal redundancy, Data consistency, Data integrity Privacy which signifies that an unauthorized user cannot disclose data and integrity which ensures that an unauthorized user cannot modify data and Availability which ensures that data be made available to the authorized user unfailingly.


There are four levels of enforcing database security that is Physical security which such as storage medium safekeeping and fire protection, Operating system security which such as the use of an access control matrix, capability list and accessory list and DBMS security such as protection mechanisms and query modification and also Data encryption such as RSA scheme and data encryption standard.


There are five basic security requirements for database such as database integrity, element integrity, access control, user authentication and availability.

Database Integrity

Users must be able to trust the accuracy of the data values in database. Updates in database must be performed only to authorized individuals and most important is data must be protected from corruption either by an outside illegal program action and an outside force. One way for database to secure is to make a backup.

Element Integrity

DBMS maintains element integrity in three ways such as Field checks which tests the appropriate values in a position such as null value control, default value. Next is access control is controls the access rights to users such as the authorization to update certain element and at last Change log which maintaining change log for the database (a change log is a list of every change made to the database.

Why we need audit record?

This helps to maintain the integrity of a database or discover who had affected what values and when. It also enables users to build up access to protected data incrementally.


Access Control

In access control we focus on Recall, access control for Operating Systems which deals with unrelated data and with entire files and lastly with access control for Databases which deals with records and fields and also concerned with inference of one field from another.


Availability

We focus on Availability on Arbitration of two users' request for the same record and withholding some non protected data to avoid revealing protected data.

Good Internal Consistency.

To get a good consistency, error detection and code correction is needed. One of the way is Hamming Codes. Hamming code is a linear error-correcting code named after its inventor, Richard Hamming. Hamming codes can detect up to two simultaneous bit errors, and correct single-bit errors thus, reliable communication is possible when the Hamming distance between the transmitted and received bit patterns is less than or equal to one.

The goal of Hamming codes is to create a set of parity bits that overlap such that a single-bit error (the bit is logically flipped in value) in a data bit or a parity bit can be detected and corrected. While multiple overlaps can be created, the general method is presented in Hamming codes.

Other than that, good internal consistencies also depend on shadow fields, recovery such as back up, concurrency and monitor.

Secrecy Vs Precision
Secrecy

It is focus only data that is not sensitive and reject any query which mentions a sensitive field.

Precision

Protect all sensitive data while revealing as much no sensitive data as possible.
Do you know Inference?
It derived sensitive data from non- sensitive data. Three basic paths to controlling the inference problem that is suppressing obviously sensitive information, track what the user knows, and disguise the data.



Multilevel Security in Database.
1) Encryption

If sensitive data is encrypted, a user who accidentally receives sensitive data cannot interpret the data. It is not foolproof since the user can mount a plaintext attack and substitute the encrypted form of his or her data. Thus the solution is to use different encryption for each record and a different key for each field or just cryptographically link fields of a record by using a block chaining method such as Cipher Block Chaining (CBC), Cipher Feedback (CFB).


2) Integrity lock

It is a way to provide both integrity and limited access for a database. Method nicknamed 'spray paint' since each element is painted with a color which denotes its sensitivity. The color is maintained with the element and not in an external table. It can be classify on three way that is unforgeable which malicious subject cannot create a new sensitivity label for an element. Next is unique which malicious subject cannot copy a sensitive level from another element and lastly concealed which a malicious subject cannot even determine the sensitivity level of an arbitrary object.


3) Sensitivity lock

A sensitivity lock is a combination of a unique identifier and the security level. It must not be able to identify two elements having identical security levels just by looking at the security portion of the integrity lock. As a result of the encryption, the lock's contents, especially the security level, are concealed.


4) Trusted Front-End

A trusted front end also known as a guard functions much like the monitor we discussed while we were studying operating system security methods. Many DBMS built and put into use without consideration for multilevel security.

5) Commutative filters

This is an interface with both the user and database manager. The filter reformats query such that DBMS does as much of the work as possible, screening out many unacceptable records and provides second screening to select only data to which user has access.
Thank you for spending time to read this page. =)

Cryptography Extended ~~

Cryptography Extended

Cryptography algorithm used in cryptosystem can be classified into two categories which is symmetric and asymmetric encipherment. In symmetric encipherment, plaintext is encrypted
and decrypts using the same key whereas asymmetric encipherment is using different keys to encrypt and decrypt a plaintext.

Symmetric encipherment can be in form of substitution, transposition or both. In substitution encryption method alphabet in the plaintext is always changed with another alphabet. Each character can be either change with one character or multiple characters.

Transposition encryption method does not substitute character with another character but it changes the location of the characters. The character in the first position might be placed on the fifth position and the fifth position character might be placed in another location in the plaintext.

Asymmetric encipherment involves two keys to encrypt and decrypt. These algorithms allow the key to be publicized, hence anyone can encrypt using the key, and the proper recipient who knows the decryption key can decrypt the message. The encryption key is called public key and the decryption key is called secret/private key. RSA algorithm is use to produce the public and private key.

Symmetric encipherment (Caesar Cipher)

The Caesar Cipher is formed by shifting the letters of the original alphabet. For example by replacing each letter of the alphabet with the letter three places down the alphabet. It is monoalphabetic as only one letter in plaintext is exchanged for one letter of ciphertext.














This is example on how CIPHER CAESAR work

(Vigeneré Cipher)

The cipher text encrypted using Caesar cipher method is easily broken by using a brute force attack. An attacker can easily try every combinations of character to break the code as the number of possibility is just 26. In order to improve the deciphering process we can used the vigeneré cipher method. The Vigenère cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution.















This is VIGENERE TABLE

Asymmetric encipherment

RSA Algorithm

Asymmetric encryption or called public key cryptography is a cryptographic approach, employed by many cryptographic algorithms and cryptosystems. Each encryption and decryption process is using a unique pair of key called public and private key. RSA algorithm is one of the algorithms used to produce the private and public key.

Each user generates a public/private key pair by selecting two large primes at random p, q and then compute their system modulus.

Example:
a) 999 mod 3

= 333 (3) mod 3 ---- (3) mod 3= 0
= 333(0)
= 0


b) 55 mod 57
55 mod 57 = 3125 mod 57
= 47 (baki)


c) Given p=3;q=11,e=7;m=5 ( c=57 mod 33)

n = p * q
= 3 * 11 = 33
Ø = (p – 1)(q – 1)
= (2)(10)
= 20
d = e-1 mod Ø(n)
= 7-1 mod 20

20 = 2(7) + 6
7 = 1(6) + 1
6 = 20 – 2(7)
1 = 7 – 1(6)
1 = 7 – 1(20-2(7))
1 = 7 – 20 + 2(7)
1 = 3(7) – 20

mod 20 = 3(7) mod 20 – 20 mod 20
7-1 mod 20 = 3 mod 20
= 3
d = 7-1 mod 20
= 3

PU = {e,n}
= {7,33}
PR = {d,n}
= {3,33}

C = Me mod n
= 57 mod 33
= 14
M = Cd mod n
= 143 mod 33
= 5


All calculations above are some examples for RSA algorithm. All use formula provided to get all the answers. Hope you get some valuable information here.

Thank you!

#4 Operating system security ~~

Hello..
Let’s talk about security in operating system. There are many items in operating system need to be protected such as memory, I/O devices, sharable data, sharable program and others. In security, there are many level of protection involved such as isolating, share all or share nothing, share via access limitation and others. There also have security method that is separation which includes physical, temporal, logical and cryptographic separation.

Memory Protection
What is memory protection should be? Memory protection is a system that prevents one process from corrupting the memory of another process running on the same computer at the same time. There are some methods involved in this protection such as fence, relocation, base/bound register, tagged architecture, segmentation and paging.
Let’s talk about fence.

Fence is introduced in single-user operating systems to prevent a faulty user program from destroying part of the resident portion of the OS. There are two type of fence that is fixed fence and fence register. Fixed fence is a method to confine users to one side of a boundary which enabling the OS to reside on one side and the user to stay on the other. Fence register contain address of the end of the OS which provide means of code relocation. For example, If (address > fence address), instruction was executed, If (address < fence address), error.

Relocation is a process of taking a program written as if it begins at address 0 and changing all addresses to reflect the actual address at which the program is located. It occurs by adding a constant relocation factor to each address of the program. Usually it used in multi user environment.

Base/ bound Register is one of the methods that also known as variable fence register. All addresses are offset from base register and provide a lower bound but not an upper bound. As it is not provide upper bound, it needs to add second register called bound register.

Tagged Architecture is method that can solve problem in base/bound register. Using Tag Architecture, every word of machine memory has one or more extra bits to identify the access rights to that word. However, there are also problem occur here which effect code compatibility and locked into convention despite low cost of memory.

Segmentation involves the simple notion of dividing a program into separate pieces which each piece has a logical unity, showing a relationship among all of its code or data values. It is developed to produce the effect of the equivalent of an unbounded number of base/bounds registers. Segmentation allows a program to be divided into many pieces which having different access rights.
Here are processes involved in segmentation:

1. A program generates an address of a form (hiding of addresses)

2. The OS looks up name in the segment directory and determines its real beginning memory address

3. OS will add offset by giving the true memory address of the code or data item to that address
– This process called translation

Segmentation provides protective benefits for user which each address reference is checked for protection. Many different classes of data items can be assigned different levels of protection. Other than that, there are two or more users can share access to a segment with potentially different access rights and a user cannot generate an address or access to an unpermitted segment.

Paging is a program that divided into equal-sized pieces called pages and memory is divided into equal-sized units called frames. There are some advantages of paging such as each page is the same size thus fragmentation is reduced. Next, addressing beyond a page is not a real problem since a carry just refers to the next page. The disadvantages for paging is it loss of individual access rights since there is not necessarily a relationship between lines of code in a page unlike program segmentation.
By combining the paging and the segmentation there will be some advantages which it retained the logical unity of the segment and permitted differentiated protection for the segments. Unfortunately it is added an additional layer of translation for each address.

Authentication

Authentication is a process used to verify transmitted data in a computing environment. In authentication, the claimants should present some kind of principal identity to prove themselves and it can be divided into two contexts such as Entity authentication (EA) and Data origin authentication (OA).

There are some threat that damages the authentication such as Spoofing which swindling of information by crackers or hackers, eavesdropping which tapping into the communication line to grab information transferred between two computers, modification which altering or changing information and masquerading which having a fake interface of the system to get information from user input such as passwords and user name.


That’s all for today. =)

# 3 ~ Program Security

Assalamualaikum..
=)

hye there!
today i want to share some new information about program Security.
Here, i will tell you some information about viruses, worms, malicious codes and many more.
But, let's start with Secure Program.

Secure Program
--------------------------------
Different people have different perspective on software quality.
Usually, developer will track faults during design and code inspection.

Fault?
what is fault?

A fault is defined as an abnormal condition or defect at the component, equipment, or sub-system level which may lead to a failure.
Fault - inside view from the developer

Failure?

Failure is refers to the state or condition of not meeting a desirable or intended objective, and may be viewed as the opposite of succes
Failure - outside view from developer and are effect of faults.

Bug

Bugs is common term used to describe an error, flaw, mistake, failure, or fault in a computer program or system that produces an incorrect or unexpected result, or causes it to behave in unintended ways.

What is Flaw?

We use flaw as a synonym for bug, hence (in IEEE terms) as a synonym for fault, except that we include flaws that have been inserted into a system intentionally, as well as accidental ones.

Types of Flaws:
* Validation Error
* Domain Error
* Serialization and aliasing
* Inadequate identification and authentification
* Boundary condition violation
* Other exploitable logic error.

Non-malicious Program Errors?

There are two kind of Nonmalicious Program Errors:
* Buffer overflow
* Incomplete mediation which refer to data exposed or uncontrolled.

There are some attack associated to program error:
* Cross site scripting
* injection Flaws
* Malicious File execution
* Broken authentication and session management
* insecure crypto storage.

Now let's move to a topic called Virus and Other Malicious Code.

Malicious Codes
--------------------------------

Malicious codes can do harm and can also be accidental.

Malicious codes is unanticipated or undesired effects in programs generated on the intent of damage.
Damage could be in form of:
* modification
* stolen data
* unauthorized access
* Damage on system

Example of Malicious Codes:

* Trojan Horse - a program which performs a useful and unexpected function as well.
* Virus - code segment which replicates by attaching copies to existing executable.
* Worm - a program which replicates until it fills all disk space or CPU cycles.
* Logic Bombs - malicious code that activates on an event.
* Trap door or Back door - undocumented entry point that allow unwanted user.
* spyware - can steal your information which done by keystroke logger and even though you use encryption on connection the damage is already done before you can send it. It also can steal your email addresses, can see what Websites you visit, can pop ups ads, slow down computer and crash our computer.

Viruses and Malicious Program
-----------------------------------------------

Computer viruses have the ability to replicate themselves on an ever increasing number of computers. They original spread by people sharing floppy disc. Now they are spread primarily over the Internet.

Malicious Program may be installed by hand on a single machine. They may also be built into widely distributed commercial software package. They are hard to detect before the payload activates.

Malicious program is divided to two part which is 'Need Host Program' and 'Independent'.

Need Host Program contains trapdoors, Logic Bombs,Trojan Horses and Viruses
Independent contains Bacteria and Worms (same species)

Okay, Let's talk about Viruses
------------------------------------------------

Personal computer viruses exploit the lack of effective access control in these systems.
Viruses are divided to two:
* transient which only executes when the program that it is attached to runs.
* Resident which once the program executes the virus stays in memory until it gets triggered again. Terminates and stay Resident (TSR).

There are some characteristics of virus:
* replication
* required a host program
* activated by external actions.
* replication is limited to virtual system.
* designed to attack single platform.

How Virus Attach?
------------------------------------

There are three ways for virus to attach:

1) Append Viruses which is execue first then transfer control tooriginal program.
2) Surround Viruses which has control before and after regular program.
3) Integrated Viruses which replace some of the target program or all of the target and give the effect that the target program worked.

A = original program
B = Virus B

A + B = AB or BA;
How Virus Gain Control
-----------------------------------------

The virus needs to have the CPU execute it to be in control. One way for them is to overwrite the program on the disk.
Another way is to move the original program and then after the CPU executes it then and then after the CPU executes it then transfer control to the program.
Another way is to install itself in memory and change the pointers of the operating system or interrupt table to point to it.

Home for Viruses
----------------------------------

* Viruses install itself in the boot sector (MBR) master boot record.
* Memory Resident Virus (TSR) which is to terminate and stay resident.
* Application like word processor and spread sheets and even attachment to email.
* Even attachments to vendor distributed programs or games.

The Source of Viruses
---------------------------------------

Virus program can be small so it hides very easily in a large program. It might hide in a compiler, a database manager or file manager.
The number one spot is an attachment to email or some public download file.

Virus Phase
----------------------

* Dormant phase : the virus is idle

* Propagation phase : the virus places an identical copy of itself into other programs.

* Triggering Phase : the virus is activated to perform the function for which it was intended.

* Execution Phase: The function is performed.

There are five types of viruses:
--------------------------------------------

* Parasitic Virus: attaches itself to executable files as part of their code. Runs whenever the host program runs.

* Memory- Resident Virus: Lodges in main memory as part of the residual operating system.

* Boot Sector Virus: infexcts the boot sector of a disc and spreads when the operating system boots up.

* Stealth Virus: explicitly designed to hide from Virus Scanning programs.

* Polymorphic Virus: mutates with every new host to prevent signature detection.

Virus is so dangerous for our computer and files. So, How to prevent Virus Infection?

* Protection against Viruses which we need detection tools such as scanner and vulnerability monitors, then we need identification tools and removal tools such as disinfector.

* Scanner and disinfectors are the most popular classes of antivirus software.

* Personal and administrative practise

* Make a bootable disk with a virus scan program on it and write protected.

* Make and retain backup copies of executable system files.

* scan any downloaded files before runs.

* Updates the virus signatures data files.

* Use only commercial software.

* Do not open attachment without any scanning.

* do not put floppy disc in machines.

Now let's talk about Worm.
-------------------------------------

Worm have some characteristics:
* self-contained which do not required host.
* replication
* activated by creating process.
* replication occurs across communication link (network worm).

How Worm attack?
A = original prograam
B = Worm

A + B = A+B+B;

How to protect files from Worm..?
-----------------------------------------------------

* requires a combination of basic system security and good network security.
* add- on tools which have configuration review tools, checksum and intrusion detection tools.

* network security tools which contains wrapper program and firewall system.

Trapdoors
------------------------------

is often caused by programmers leaving debug routines in the code or failure to check array bounds which lets code overrun the array bounds and get placed on the stack.

Maybe programmer forgets to remove them or intentionally leaves them in for testing.
Maybe programmer also leave it intentionally for maintenance of the finished products.

Pillar of Software Security
--------------------------------------

* Risk Management - Help user to understand what they should do abaout risk and build better software.

* Touchpoint




















* Knowledge which includes principles, guidelines, rules, attack patterns, vulnerabilities and Historical risks.

Okay, i pen off now..

#2 Authentication & Encryption (cont..)

Modern Algorithms

Most modern ciphers use a sequence of binary digits (bits), that is, zeros and ones such as ASCII.
This bit sequence representing the plaintext is then encrypted to give the ciphertext as a bit sequence.

The encryption algorithm may act on a bit-string in a number of ways:

Stream Ciphers where the sequence is encrypted bit-by-bit.
Block Ciphers where the sequence is divided into blocks of a predetermined size.

ASCII requires 8 bits to represent one character, and so for a block cipher that has 64-bit blocks, the encryption algorithm acts on eight characters at once.

Since most modern algorithms operate on binary strings we need to be familiar with a method of combining two bits called Exclusive OR and often written as XOR.

0 + 0 = 0, 0 + 1 =1,
1 + 0 = 1 and 1 + 1 = 0

Message Authentication Codes (MAC)

A MAC is a key-dependent one-way hash function. Only someone with the identical key can verify the hash. They are very useful to provide authenticity without secrecy.
MACs can be used to authenticate files between users. To determine if his files have been altered.

Digital Signatures

The digital signature for a message from a particular sender is a cryptographic value that depends on the message and the sender.
In contrast , a hand-written signature depends only on the sender and is the same for all messages.

A digital signature provides data integrity and proof of origin (non-repudiation).
It can be kept by the receiver to settle disputes if the sender were to deny the content of the message or even to deny having sent it.

Each user has a private key that only they can use and its use is accepted as identifying them.
There is a corresponding public key.

Anyone who knows this public key, can check that the corresponding private key has been used, but cannot determine the private key.This gives the receiver assurance of both the origin and content of the message.

Figure 2:Digital signature Verification process.

Attacks on Digital Signature

-----------------------------------

Suppose digital signatures are being used as a means of identification. If user A wishes to impersonate user B, then there are two different forms of attack:
**A attempts to obtain the use of B’s private key

**A tries to substitute their public key for B’s public key.

RSA

------

** by Rivest, Shamir & Adleman of MIT in 1977 .
** best known & widely used public-key scheme .

RSA Use

** to encrypt a message.

** to decrypt the ciphertext.

RSA Security

There are some possible approaches to attack RSA :
** brute force key search.
**mathematical attacks (based on difficulty of computing)
**timing attacks (on running of decryption)
**chosen ciphertext attacks

Methods of Attack

---------------------

Four general attacks can be perform against encrypted information:

** Ciphertext- only attack guessing the plaintext or using frequency analysis
** Known Plaintext- guess using known pliantext.
** Chosen-plaintext
** Chosen-ciphertext attack

Okay I pen off here. I hope everybody will get some knowledges from my page.

More details, you can refer to others references or ask the expert!

=)