The Diviner – Digital Clairvoyance Breakthrough – Gaining Access to the Source Code & Server Side Memory Structure – Shay Chen
Text to Speech Voices
Title: The Diviner - Digital Clairvoyance Breakthrough - Gaining Access to the Source Code & Server Side Memory Structure of ANY Application (OWASP ZAP extension)
Abstract
Information disclosure has always been a boon to hackers.
The Crown Jewel of information disclosure, source code disclosure, is arguably the most significant information an attacker can obtain, and can be used to expose potential code-level vulnerabilities, logic, and hard coded information.
Since vulnerabilities that disclose source code are not always available, we were lead to believe that the concept of security by obscurity can provide some level of protection, as fragile as it may be… but not anymore.
Divination Attacks, a new breed of information gathering attacks, provide the means to identify the memory structure and source code of application components, using black box techniques with unparalleled accuracy.
What is that useful for?
Consider the methods that are required to detect the following complex exposures:
SQL Injection attacks that affects different pages in the application via database values or session attributes, and require the vulnerable page to be accessed through abnormal combinations of authentication, deliberate exceptions, and missing information.
Sounds confusing?
Talented or lucky testers might be able to detect these complex exposures in a limited scope, but have you ever heard of an automated vulnerability scanner, a passive security scanner, or any other black-box tool that can detect these "indirect" attacks with minimal user interference?
"Diviner" - a new OWASP ZAP extension, can be used to locate leads for direct and indirect attacks scenarios on a consistent basis, and can also enable testers to fingerprint server-side source code fragments and visualize the structure of the server memory and inter-page processes, thus, enhancing the tester's decision making process and enabling him to properly invest his time and efforts.
*****
Speaker
Shay Chen, CTO, Hacktics ASC, Ernst & Young
Shay Chen is the CTO of Hacktics, an advanced security center of Ernst & Young. | He is also a prominent blogger and researcher, the co-author of Diviner and WAVSEP, and is responsible for many security publications, including new application level attacks, open source projects, testing methodologies, various security tools comparison initiatives and three of the biggest researches performed in the field of automated security scanners (including the latest 2012 comparison of 61 web applicatio…
Date: Thursday October 25, 2012 3:00pm - 3:45pm
Location: AppSecUSA, Austin, TX. Hyatt Regency Hotel. Adobe Room
Presentation Slides: https://www.owasp.org/images/f/f5/The_Diviner_-_Digital_Clairvoyance_Breakthrough_-_Gaining_Access_to_the_Source_Code_%26_Server_Side_Memory_Structure_of_ANY_Application.pdf
source
Gloss