Cатсн²² (in)sесuяitу / ChrisJohnRiley

Because we're damned if we do, and we're damned if we don't!

SANS Web App Penetration Testing and Ethical Hacking Class – DAY 3

Leave a comment Posted by on December 5, 2008

SANS Web App Penetration Testing and Ethical Hacking Class – DAY 3

DAY 3:

Well day 3 has begun, and we’ve passed the half way mark. I’m expecting some serious in-depth parts over the next 2 days. The presentations last night were really interesting. Raul covered Bluetooth attacks, which was interesting on a number of levels. Some people attending didn’t seem to get it from a business point of view. The opinion of one person was that the manufacturers won’t make a more secure version of these devices because it would cost more, and therefore not get enough market share to be effective. A typical argument against security. What he failed to understand was that this is a business problem. As nasty as it is to have your conversations listened to, the real return on investment for attackers lays with attacking businesses. Therefore businesses need to demand the extra level of security for their Bluetooth devices, even if it costs €5 more than a normal device. This will filter down to the cheaper handsets, headsets and other devices after a while, and secure even the lowest end of the market. The second presentation covered NIC and Graphics card firmware, and what can be done to attack and control the firmware in these devices. An eye opener indeed, especially when you learn that an infected firmware can use PCI to PCI communications to bypass your firewall entirely. It’s still a little beyond today’s attackers to use this avenue, but it’s something well within the boundaries of a large government or well financed crime syndicate. Something to look out for in the future…

The day kicked off with some basics on user enumeration. The Burp suite byte/word level page comparison is interesting, and something I’ve used before for cookies, but not for comparing 2 server responses. Coverage of the usual suspects, SQL Injection (including blind SQL injection), Cross-Site Scripting and Cross-Site Request Forgery. The coverage on Web Services was a little sparse for my liking. We’re going to start seeing more of these in the wild during tests, and a in-depth overview with examples would have been nice. Still, you can’t have it all. I think we could have done with some more hands on today, but hopefully we’ll cover some of that in tomorrows Exploitation day 😉

Conference, Penetration Test, Security, Study, Technology , , , , ,

Comments are closed.

%d bloggers like this: