Skip to content

Instantly share code, notes, and snippets.

@SeaOfLee

SeaOfLee/security_lab.md

Last active August 29, 2015 14:17
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save SeaOfLee/53fb415f5ecaf4f405f3 to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save SeaOfLee/53fb415f5ecaf4f405f3 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
security_lab.md

###Security Workshop

Create a scope on a model class that is vulnerable to an SQL injection attack

@users = User.find(:all, :conditions => “name like #{params[:name]}”)

Answer: "What is the problem with commands like eval?"

Eval creates ruby code straight from strings, this makes it extremely vulnerable to SQL injection attacks. Strings can be hard to sanitize, since pieces of code that would not be recognized by the computer can be concatenated or otherwise hidden to sneak by any filters. The word javascript could be hidden in string form with java<NEWLINE>script.

Create a validator on a Password field that validates the complexity of a password

In the User model:

validate :password_complexity
  def password_complexity
    if password.present? and not password.match(/\A(?=.*[a-z])(?=.*[A-Z])(?=.*\d).+\z/)
          errors.add :password, "must include at least one lowercase letter, one uppercase letter, and one digit"
      end
   end

Write a basic 'a href' tag that is vulnerable to an XSS attack, use a simple form to accept a value and insert javscript into the link.

Display View: <%= link_to “Personal Website”, @user.website %>

Form View:

<%= form_for @user do |f| %>
Website: <%= f.text_field %>
<%= f.submit %>
<% end %>

Entered into field:

javascript:alert(‘1337_Haxored_LOLZ’)

Explain how a basic CSRF attack would work

An attacker would include a link or iframe on a malicious site containing code that might request a funds transfer from a particular bank. If a user was already logged in (authenticated) to that same bank, the request could be made on the user's behalf without his/her knowledge.

Mass assignment: explain the problems with Mass Assignment, and how they have been fixed now. Show an example of how to use strong parameters

Mass Assignment can allow a user to potentially access and change records the user should not have access to, such as passwords, admin access, etc. Strong parameters explicitly declare which columns a user should have access to, and only allows those parameters through. An example of strong params:

private
def user_params
      params.require(:user).permit(:name, :age, :email)
    end

Besides sucking, what's another good reason not to use WEBrick server for production?

WEBrick returns a verbose header that includes the WEBrick version and Ruby version, this can let an attacker know which specific vulnerabilities are there in your app.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment