GitHub/school-of-sre
1
0
Fork 0
mirror of https://github.com/linkedin/school-of-sre synced 2026-01-17 22:18:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Deployed 52e7ed5 with MkDocs version: 1.1.2

Browse Source
This commit is contained in:
github-actions
2021-02-24 16:02:49 +00:00
parent 65fe7bf20b
commit bc0f89d4c8
22 changed files with 629 additions and 625 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
security/fundamentals/index.html
View File

@@ -1516,15 +1516,16 @@
<ul>
<li>Applications regularly fail to process transactions for many reasons. How they fail can determine if an application is secure or not.</li>
</ul>
<p><div class="highlight"><pre><span></span><code><span class="n">is_admin</span> <span class="o">=</span> <span class="kc">true</span><span class="p">;</span>
<span class="k">try</span> <span class="p">{</span>
<span class="n">code_which_may_faile</span><span class="p">();</span>
<span class="n">is_admin</span> <span class="o">=</span> <span class="n">is_user_assigned_role</span><span class="p">(</span><span class="s">&quot;Adminstrator&quot;</span><span class="p">);</span>
<span class="p">}</span>
<span class="k">catch</span> <span class="p">(</span><span class="n">Exception</span> <span class="n">err</span><span class="p">)</span> <span class="p">{</span>
<span class="n">log</span><span class="p">.</span><span class="na">error</span><span class="p">(</span><span class="n">err</span><span class="p">.</span><span class="na">toString</span><span class="p">());</span>
<span class="p">}</span>
</code></pre></div>
<p>```</p>
<p>is_admin = true;
try {
code_which_may_faile();
is_admin = is_user_assigned_role("Adminstrator");
}
catch (Exception err) {
log.error(err.toString());
}</p>
<p>```
- If either codeWhichMayFail() or isUserInRole fails or throws an exception, the user is an admin by default. This is obviously a security risk.</p>
</li>
<li>
@@ -1596,14 +1597,17 @@
<ul>
<li>Ciphers are the cornerstone of cryptography. A cipher is a set of algorithms that performs encryption or decryption on a message. An encryption algorithm (E) takes a secret key (k) and a message (m) and produces a ciphertext (c). Similarly, a Decryption algorithm (D) takes a secret key (K) and the previous resulting Ciphertext (C). They are represented as follows:</li>
</ul>
<div class="highlight"><pre><span></span><code>E(k,m) = c
<pre><code>
E(k,m) = c
D(k,c) = m
</code></pre></div>
</code></pre>
<ul>
<li>This also means that for it to be a cipher, it must satisfy the consistency equation as follows, making it possible to decrypt.</li>
</ul>
<div class="highlight"><pre><span></span><code>D(k,E(k,m)) = m
</code></pre></div>
<pre><code>
D(k,E(k,m)) = m
</code></pre>
<p>Stream Ciphers:</p>
<ul>
<li>The message is broken into characters or bits and enciphered with a key or keystream(should be random and generated independently of the message stream) that is as long as the plaintext bitstream.</li>

8
security/network_security/index.html
View File

@@ -1835,8 +1835,8 @@ Correspondence between layers of the TCP/IP architecture and the OSI model. Also
<li>Nmap is often used to determine alive hosts in a network, open ports on those hosts, services running on those open ports, and version identification of that service on that port.</li>
<li>More at http://scanme.nmap.org/</li>
</ul>
<div class="highlight"><pre><span></span><code>nmap <span class="o">[</span>scan type<span class="o">]</span> <span class="o">[</span>options<span class="o">]</span> <span class="o">[</span>target specification<span class="o">]</span>
</code></pre></div>
<pre><code>nmap [scan type] [options] [target specification]
</code></pre>
<p>Nmap uses 6 different port states:</p>
<ul>
<li><strong>Open</strong> — An open port is one that is actively accepting TCP, UDP or SCTP connections. Open ports are what interests us the most because they are the ones that are vulnerable to attacks. Open ports also show the available services on a network.</li>
@@ -2195,13 +2195,13 @@ IDS sensors can be software and hardware-based used to collect and analyze the n
<p>Abuse of the normal operation or settings of these flags can be used by attackers to launch DoS attacks. This causes network servers or web servers to crash or hang.</p>
</li>
</ul>
<div class="highlight"><pre><span></span><code>| SYN | FIN | PSH | RST | Validity|
<pre><code>| SYN | FIN | PSH | RST | Validity|
|------|------|-------|------|---------|
| 1 |1 |0 |0 |Illegal Combination
| 1 |1 |1 |0 |Illegal Combination
| 1 |1 |0 |1 |Illegal Combination
| 1 |1 |1 |1 |Illegal Combination
</code></pre></div>
</code></pre>
<ul>
<li>The attacker's ultimate goal is to write special programs or pieces of code that can construct these illegal combinations resulting in an efficient DoS attack.</li>
</ul>

10
security/threats_attacks_defences/index.html
View File

@@ -1873,14 +1873,14 @@ the typical time to live (TTL) for cached entries is a couple of hours, thereby
<li>A successful exploit will allow attackers to access, modify, or delete information in the database.</li>
<li>It permits attackers to steal sensitive information stored within the backend databases of affected websites, which may include such things as user credentials, email addresses, personal information, and credit card numbers</li>
</ul>
<div class="highlight"><pre><span></span><code><span class="k">SELECT</span> <span class="n">USERNAME</span><span class="p">,</span><span class="n">PASSWORD</span> <span class="k">from</span> <span class="n">USERS</span> <span class="k">where</span> <span class="n">USERNAME</span><span class="o">=</span><span class="s1">&#39;&lt;username&gt;&#39;</span> <span class="k">AND</span> <span class="n">PASSWORD</span><span class="o">=</span><span class="s1">&#39;&lt;password&gt;&#39;</span><span class="p">;</span>
<pre><code>SELECT USERNAME,PASSWORD from USERS where USERNAME='&lt;username&gt;' AND PASSWORD='&lt;password&gt;';
<span class="n">Here</span> <span class="n">the</span> <span class="n">username</span> <span class="o">&amp;</span> <span class="n">password</span> <span class="k">is</span> <span class="n">the</span> <span class="k">input</span> <span class="n">provided</span> <span class="k">by</span> <span class="n">the</span> <span class="k">user</span><span class="p">.</span> <span class="n">Suppose</span> <span class="n">an</span> <span class="n">attacker</span> <span class="n">gives</span> <span class="n">the</span> <span class="k">input</span> <span class="k">as</span> <span class="ss">&quot; OR &#39;1&#39;=&#39;1&#39;&quot;</span> <span class="k">in</span> <span class="k">both</span> <span class="n">fields</span><span class="p">.</span> <span class="n">Therefore</span> <span class="n">the</span> <span class="k">SQL</span> <span class="n">query</span> <span class="n">will</span> <span class="n">look</span> <span class="k">like</span><span class="p">:</span>
Here the username &amp; password is the input provided by the user. Suppose an attacker gives the input as &quot; OR '1'='1'&quot; in both fields. Therefore the SQL query will look like:
<span class="k">SELECT</span> <span class="n">USERNAME</span><span class="p">,</span><span class="n">PASSWORD</span> <span class="k">from</span> <span class="n">USERS</span> <span class="k">where</span> <span class="n">USERNAME</span><span class="o">=</span><span class="s1">&#39;&#39;</span> <span class="k">OR</span> <span class="s1">&#39;1&#39;</span><span class="o">=</span><span class="s1">&#39;1&#39;</span> <span class="k">AND</span> <span class="n">PASSOWRD</span><span class="o">=</span><span class="s1">&#39;&#39;</span> <span class="k">OR</span> <span class="s1">&#39;1&#39;</span><span class="o">=</span><span class="s1">&#39;1&#39;</span><span class="p">;</span>
SELECT USERNAME,PASSWORD from USERS where USERNAME='' OR '1'='1' AND PASSOWRD='' OR '1'='1';
<span class="n">This</span> <span class="n">query</span> <span class="n">results</span> <span class="k">in</span> <span class="n">a</span> <span class="k">true</span> <span class="k">statement</span> <span class="o">&amp;</span> <span class="n">the</span> <span class="k">user</span> <span class="n">gets</span> <span class="n">logged</span> <span class="k">in</span><span class="p">.</span> <span class="n">This</span> <span class="n">example</span> <span class="n">depicts</span> <span class="n">the</span> <span class="n">bost</span> <span class="n">basic</span> <span class="k">type</span> <span class="k">of</span> <span class="k">SQL</span> <span class="n">injection</span>
</code></pre></div>
This query results in a true statement &amp; the user gets logged in. This example depicts the bost basic type of SQL injection
</code></pre>
<h3 id="sql-injection-attack-defenses">SQL Injection Attack Defenses</h3>
<ul>
<li>SQL injection can be protected by filtering the query to eliminate malicious syntax, which involves the employment of some tools in order to (a) scan the source code.</li>