Lab 4 has covered the topic of cryptography extended. It is all about symmetric and asymmetric cryptography, ceasar cipher, vigenere cipher and RSA algorithm.
Symmetric cryptography, also called secret key cryptography, is the most intuitive kind of cryptography. It involves the use of a secret key known only to the participants of the secure communication. On the other hand, Asymmetric cryptography, also called public key cryptography, is a relatively new field. The essential difference to symmetric cryptography is that this kind of algorithm uses two different keys for encryption and corresponding decryption.
Ceaser Cipher is one of the simplest and most widely known encryption techniques. It is a type of substitution cipher in which each letter in the plaintext is replaced by a letter some fixed number of positions down the alphabet. For example, with a shift of 3, A would be replaced by D, B would become E, and so on.
Vigenere Cipher is a method of encrypting alphabetic text by using a series of different Caesar ciphers based on the letters of a keyword. It is a simple form of polyalphabetic substitution. This cipher is well known because while it is easy to understand and implement, it often appears to beginners to be unbreakable. Vigenere Cipher can be done based on the Vegenere table.
RSA algorithm is the most widely used public key encryption. It is the first algorithm known to be suitable for signing as well as encryption, and one of the first great advances in public key cryptography. RSA is widely used in electronic commerce protocols, and is believed to be secure given sufficiently long keys and the use of up-to-date implementations. It supports encryption and digital signature. The summary of RSA is as below:
· n = pq, where p and q are distinct primes.
· phi, φ = (p-1)(q-1)
· e <>
· d = e-1 mod phi.
· c = me mod n, 1
· m = cd mod n.
Today, lab 5 is also covered in the class. Lab 5 is about Web Application Security. This chapter will discuss about flaw of web application and how it is exploit, web application vulnerabilities and prevention method to overcome web application vulnerabilities.
As an introduction to this lab, web application is an application that can be accessed using web browser over network. Nowadays, as web application usage is increasing, security issues is relatively popular. This brought to the appearance of OWASP which stand for Open Web Application Security Project. The main aim of OWASP is to make application security visible, so that people and organizations can make informed decisions about true application security risks. The top 10 web vulnerabilities based on OWASP are as follow:
· Cross site scripting
· Injection flaws
· Malicious file execution
· Insecure direct object reference
· Cross site request forgery
· Information leakage and improper error handling
· Broken authentication and session management
· Insecure crypto storage
· Insecure comms
· Failure to restrict URL access
Among the 10 vulnerabilities, 3 of them will be discussed which is Cross Site Scripting (XSS), Injection Flaws, and Malicious File Execution.
Cross Site Scripting (XSS) can happen when a web application accept any input and sends it to a web browser without validate or encoding the content. When it is not validate attacker can execute script in the victim’s browser and can cause web defacement, user session being hijack, possibly introduce worms or conduct phishing attacks, and take over the user’s browser using scripting malware.
Injection flaw like SQL injection will cause web application to run an SQL code that was not intended by the application. Usually user supplied data from an application is sent to an interpreter as a query command. With the knowledge of SQL query syntax the attacker exploit this feature by crafting a special crafted data to execute exploit command to the interpreter. By doing this attacker can create, read, update or delete any data available in the database through the web application.
Malicious File execution is another web application vulnerabilities caused by failing to control application input. this kind of attack will manipulate your web application to become the attacker remote terminal to execute command line instructions such as directory list, dir or displaying network configuration, ipconfig. It will become more dangerous if the attacker manipulate this vulnerability by executing command that can create a backdoor to your server.
This lab will introduce the use of WebGoat and WebScarab. WebGoat is a deliberately insecure J2EE web application designed to teach web application security lessons. The primary goal of the WebGoat is to create a de-facto interactive teaching environment for web application security. On the other hand, WebScarab is a framework for analysing applications that communicate using the HTTP and HTTPS protocols. It should be able to run on any platform as it is written in Java. Most of the time, WebScarab operates as an intercepting proxy, this allowed the user to review and modify data request by the web browser before it send to the server and vice versa. This makes WebScarab as an exploit tool that can be used as man in the middle attack. WebScarab is designed to be a tool for anyone who needs to expose the workings of an HTTP(S) based application, whether to allow the developer to debug otherwise difficult problems, or to allow a security specialist to identify vulnerabilities in the way that the application has been designed or implemented.