If you didnt get to BlackHat this year, then you may have heard about the really cool presentation about Cross Site Scripting. He uses XSS to hack intranets by writing a port scanner in javascript. If your into web app sec, you need to see this. It also really puts a point on the need to start learning about this issue and the very large problems XSS can cause. So get over to my XSS Hands on Series and start following along!

 

 Podcast Video [53:38m]: Play Now | Play in Popup | Download (2396)

The “Hands on Series” continues!

 

 Standard Podcast [38:10m]: Play Now | Play in Popup | Download (9300)

CSS = Cascading Style Sheets
XSS = Cross Site Scripting

Cross Site Scripting is a technique used to add script to a trusted site that will be executed on other users browsers.
A key element to XSS is that one user can submit data to a website that will later be displayed for other users.
It is nessesary that the bad guy NOT mess up the HTML structure, otherwise the result will be web defacement rather then attacking other users.

The hackme site has been updated and improved (more about that in a moment)

and now includes a section for XSS which we will be using in this episode.

Read the rest of this entry »

The MightySeek podcast got a cool mention in the lastest issue of (IN)SECURE Magazine.

A quick in between to the Hands On Series, I chat about some news and issues of the day.

Turkish Hacker defaces 38,000 websites hosted on GoDaddy

Flawed USC admissions site allowed access to applicant data

Breach case could curtail Web flaw finders

Man charged with accessing USC student data

Tsunami appeal site ‘hacker’ found guilty

 

 Standard Podcast [33:50m]: Play Now | Play in Popup | Download (4687)

The start of the “Hands on Series�, which means that there are actual
hands on excersises to go along with these shows.

 

 Standard Podcast [58:03m]: Play Now | Play in Popup | Download (7538)

 

 Code Monkey - Played during podcast [3:07m]: Play Now | Play in Popup | Download

I feel that its time to go beyond the concepts, the chatter about what bad guys can do,
and actually show you directly. Let you see for yourself the saying goes.

I recommend that you listen to these episodes while viewing the hacking test site and
have the show notes visible and ready to cut and paste from.

• http://hackme.ntobjectives.com/ - The new site setup for you to practice web app hacking.

  Includes detailed notes and samples that can be used to practice with.

• Web App Hacking Toolkit - Collection of tools and links helpful for web security.
• Jonathan Coulton’s Things a Week - Where the Code Monkey song came from.

Read the rest of this entry »

InformationWeek | Web Application Security | Web App Hack Incidents Are Up As Businesses Take Cover | April 12, 2006

First a bug ‘duh!�
And then I get to move into the “finally someones talking about this in the mainstream press�.

Not that Information Week is read by grandma or the average joe on the street, but for info tech community its pretty well known.

The things I like about the article is that they get it. The problems are basicly bad coding practices that are at the root of the problem. This is of course the primary topic in my podcast, so start listening and following my advice to deal with these issues!

In this podcast I discuss a type of attack that allows users to basicly do things they are not supposed to do, without ever having to hack the admin type of accounts. So without having to figure out the admin password it is often possible to do administrative functions by simply attempting them.

The problem is around validation against access controls at every point of execution. Too often the access controls are done to control the navigational structure, meaning that the menus do not have links to the admin functionality, but if you know what the URL is then you can just type it into your browser and get there. Thats bad design in the app, and it is VERY common.

 

 Standard Podcast [20:55m]: Play Now | Play in Popup | Download (4737)

In this edition of the Mighty Seek podcast I give a rundown of podPress and list out some ideas for the future podcasts. The site now has a forum for the podcast and general web application security discussion.

 

 Standard Podcast [39:40m]: Play Now | Play in Popup | Download (3943)

In part 2 we discuss the planning and deliverables involved when doing a security engagement. Most of the discussion demonstrates the importance of understanding the boundaries, requirements and deliverables from the start.

 

 Standard Podcast [59:26m]: Play Now | Play in Popup | Download (3655)

The first of two shows featuring my co-workers, Joe and Scott.
This show was recorded in the evening at our hotel room, so the sound quality is less than ideal. We are onsite in Texas doing a security engagement for a client, and get tired and wacky but wanted to share what goes into doing a security audit for a client.

 

 Standard Podcast [51:52m]: Play Now | Play in Popup | Download (3756)