I recently was sitting in a public service vehicle and next to me sat 2 guys (developers as i later came to learn) and to my awe they were discussing a system that they wanted to present to a client who would in turn present to a major local bank, MIDDLEMEN---> this now i just had to listen in...ok i know it ain't cool but dont act like you don't do that and give advice inside yo head .... ok anywho , this guys were talking just as your average and normal coders would.... how they will develop the system, and show the middleman and not give the source code to him....
SMH right there till it was actually visible i was listening to their conversation... now to be really honest it took a lot of guts if you know me very well to turn and say hi* to them, may i interject .... my name is ...... and heres my card, if you want to really talk about your system.... call me, i alighted at the next bus stop and walked off like a boss... problem is that wasnt my stop and yes , i know i was trying to be mystic but hey my cards say and state, Information Security and System Forensic consultant right at the top but this i had to sell ... wrong bus stop or moves incorperated now thats really beside the point....
today i got a call from my two developers having listened to their earlier conversation i was already guessing the worst for them to call me ... trust me IT Gurus and as they like to be called Geniuses hardly want any help from outside forces .. and i am down with that EGO thing after all 3 guys create a social application that even the FBI and CIA want to jump in so bad while other 2 create a search engine that every organization want.... hey its a god-complex we develop straight from the Hello-world application we started even if it was in HTML and called it programming / Coding....
Now let me skip all this gibber jabber and get on to what is really bugging my system.... a few blog-posts ago i had this really big issue with the lecturers /trainers / teachers/ consultants and newbie developers , why because people want to develop without security... how is this...
When i am called for a pentest and have a white box testing that sorta looks like its black box in the form that i have everything from my recon via your system developer... i already owned that pentest.... heres how:
INSECURE CODING METHODS techniques
Code reuse---- oww come on , i also have done that... am not a god in coding but honestly i have done that.... and though you may not actually now this but yes code reuse to me constitutes the biggest security flaw in my pages here is how
developerA creates a web application --- uses a form login .php/.ASP or so and sees no harm in re using the whole darn ish.... once i find any of his earlier systems chances are he has already done the same errors and configurations as before... his database tables are nearly the same and yes even the the naming structures are just a whole lot the same e.g {nameOfWebApp_tblUser} a little change on havij default table dictionary/wordlist and voila i might be in for good luck on his system... well its not always that easy but trust me sometimes you are as string as your weakest link....
Googled code----ok this is the most interesting one... its close to code reuse only worse.... why? because this is the last resolve to noob programmers.... worst is ... if it works... i don't need to know what its doing past that... what do i mean take this code for example
db_query('SELECT foo FROM {table} t WHERE t.name = '.$_GET['user']);
db_query("SELECT foo FROM {table} t WHERE t.name='%s'",$_GET['user']);
So which is the good code and which is the bad code... heck both of them will do the same especially in a drupal cage.... but one will let me do more than desired/required.... now if you google the first code chances are you will actually find it
and yes we actually do ..... find it. In a lot of forums by the way.
well this and a lot of practises that i normally do in my trainings and show the developers how this is really bad. PS the above vulnerable code does a very good SQL injection.... now
to my friends who contacted me... my lips are sealed on what the system is doing or going to do but honestly.... if possible... eliminate the middleman, copyright and patent your inventions because there is nothing like safe or secure coding/presentation .... part 2 will contain methods of tormenting the bugger trying to get your code
oww and my view of open-source , I ADORE OPENSOURCE..... p.s it doesnt mean its free coz its open-source HECK NO.... i hope you guys have your tools ready for part two looking for vulnerability in your code
No comments:
Post a Comment