Ethical Hacking

I have been learning about ethical hacking these days. Thought that I will cover what I learn in this blog.

My learning source is my EC Council training and internet. So, I will take you on a tour by covering the below modules.

1.	CEH Ethics and Legal Issues	12.	CEH Web Application Vulnerabilities
2.	CEH Footprinting	13.	CEH Web Based Password Cracking Techniques
3.	CEH Scanning	14.	CEH SQL Injection
4.	CEH Enumeration	15.	CEH Hacking Wireless Networks
5.	CEH System Hacking	16.	CEH Virus and Worms
6.	CEH Trojans and Backdoors	17.	CEH Hacking Novell
7.	CEH Sniffers	18.	CEH Hacking Linux
8.	CEH Denial of Service	19.	CEH IDS, Firewalls and Honeypots
9.	CEH Social Engineering	20.	CEH Buffer Overflows
10.	CEH Session Hijacking	21.	CEH Cryptography
11.	CEH Hacking Web Servers	22.	CEH Penetration Testing Methodologies

Enjoying Microsoft Communicator

I never had a fascination for Microsoft Products earlier. I think I took them for granted. MS Office, VB.NET, Paint and likes. These are the only ones that were exposed to me that time.

Off late, I am using ‘Microsoft Communicator’ to a great extent and I just can’t imagine how my life would be without it. Let me list out the features that I like here.

1) Group Chat – It’s there in other messengers too

2) Sharing Desktop and taking control – Since I work remotely, this is an indispensable feature. I use this to show demos, assign tasks to developers and in debugging.

3) Tag Contact – A trivia but yet so nice. I can keep a tab on a person to know his availability.

4) Its integrated with outlook..

I guess GTalk , Yahoo and MSN might offer some of the above features. But overall, I like Communicator the best.

Building A Secure Web Application – Part 1

Well, when I first thought of posting about this topic, a friend of mine suggested..

“Celia, forget about security. Once you put your application on the web, no matter what you do, it is always vulnerable.”

Another one said, “Gosh! Remember that we are from the service industry. Lets not overdo on that security aspect. The client will take care of it when he deploys it. Also, remember, we can do only what they ask for.. “

As I pondered about this, I was wondering how I could strike a balance between these two people. Agreed, security is an ongoing thing. It seems like a race between the hackers and the crackers.. Today, we find a vulnerability and fix it. Tomorrow, there comes another issue.

Likewise, clients come in all flavors. There are some who really know a lot about what they want. These people are a delight to work with as their requirements are very clear. Also, they are quick to understand and know that building efficient security applications do take some royal effort. And there are some who think that application development shouldn’t take more than a week. There was this manager who once asked me, “After all, its just adding, editing, deleting and viewing. You are not doing rocket science. Why is it taking more time?”.

Yeah.. I agree to it. It would just take me one single query on the database to let an administrator login to a system. But it would take me atleast 10 other policy checks to prevent other users from manipulating this query. Wouldn’t this take some solid effort?

I hope people are atleast nodding a little now. Let me say one thing now. Even popular websites like gmail, facebook, youtube and msn have vulnerabilities. So, its not just because of a poor programmer’s pathetic code. Even experienced experts find it difficult to take care of all vulnerability issues when all their attention is focused on business logic.

In this case, what can be done? First thing:

Client: Client has to know that building secure web application takes some time. And some real effort.

Developer: The programmer needs to know how to secure their code and need to follow some security standard.

PM: The one who takes the real pressure. Needs to coordinate between the above two.

Security Consultant: The one who tells us what we already know .. well, jokes apart.. This is the person who makes our lives simpler. Who tells us what needs to be done to make our code secure and who reviews it before the app gets deployed in the production environment.

Now, just like how we have a separate team for application design, BI development and testing, we do need a separate group of security experts who concentrate just on the security aspect of the application. How a security expert will add value to the application, will be discussed in PART 2 of this article…

Web Application Security

Its been a long time since I posted, in this blog. I guess, from now on you can see frequent posts. I will be covering the ‘Web Application Security’ topic in general and will deal with every aspect of it.

To Start with, let me tell you the standard that has been adopted by the security world.

The standards available are

1) OWASP top ten security vulnerabilities

2) CWE/SANS Top 25 software vulnerabilities

Since OWASP broadly covers the most of the aspects, I will be taking this as my verification standard.

For all the vulnerabilities covered, example code will be that of php language.

Lets dive in..

Accessing C or C++ code from PHP

One of my friends had called up today. He has a project assignment in his company in which he needs to access and manipulate c++ code from within his php script. As we were brainstorming and trying to find ways to do this, some ideas crossed our mind.

1) To call the executable c code from php using function calls like system or ~~.

2) To compile the c code and make it into a php extension. This way, he can call methods in the code and use its objects.

We found one tool which is helpful in developing these extensions. That is SWIG. SWIG is a compiler that takes C declarations and turns them into the “glue” needed to access them from common scripting languages including Perl, Python, and Tcl. SWIG usually requires no modifications to existing C code and can often be used to build a working interface in a matter of minutes.

http://www.swig.org/Doc1.1/HTML/Introduction.html#n1

Though this seems quite an interesting option, he was a little hesitant because he was not sure whether the c++ code would have been written in such a way to act as a stand alone library.

3) To turn over to python. I have heard that in python, one can include c++ code and get down to the nuts and grits of any API.

Though this was a mundane 5 minute conversation, I found that it offered enough scope to look into one weak-area of PHP. Does anyone have any expertise in such a area? Like accessing native API code from scripting languages?

Any thoughts, inputs are welcome.