Owasp Universal

7/25/2019 Owasp Universal

1/19

UniversalHTTP

Denial-of-Service


2/19

About Hybrid Creating web-business-logic security

Doing cool stuff in AI research

!ti"i#ing acce!tance rate for $eb-bound

transactions

%ini"i#ing false re&ects ty!ical to signature-basedsolutions


3/19


4/19

How Would You Like Your Website?

Slow or DEAD?

Slowlorisabuses handling of

HTTP re'uest headers ssslooowly(

$ritten by )Sna*e

Iteratively in&ects one custo" header at a

ti"e and goes to slee!

$eb server vainly awaits the

line s!ace that will never co"e

Stuc* in !hase I forever+ ,inda li*e Tron

R-U-Dead-Yet?abuses HTTPweb for" fields

Iteratively in&ects one custo" byte

into a web a!!lication !ost fieldand goes to slee!

A!!lication threads beco"e#o"bies awaiting ends of !oststill death lur*s u!on the website

Stuc* in !hase II forever+

,inda li*e Tron se'uels


5/19

Sloworis

According to HTTP ).C /0102

)e'uest 3 )e'uest-ine

455 general-header

6 re'uest-header 6 entity-header 7 CRLF7

CRLF

8 "essage-body 9


6/19

Sloworis

:;T htt!2


7/19

Sloworis

D;%


8/19

Sloworis %itigation


9/19

Patching A!ache

Use A!ache Patchto "oderate average ti"eout thresholds5in* at end of !resentation7


10/19

According to S!iderabs2

ModSecurity !"#$#%& Add directi'e( )Sec)eadStatei"it =*

+,e ModSecurity Alerts like t,is(

@ 8%on ov // 1B220 />1>9 8warn9

%odSecurity2 Access denied with code >>+Too "any connections 809 of = allowed in );ADstate fro" /11+1+11/+/> -Possible DoS Consu"!tion Attac* 8)e&ected9


11/19

)-U-D-E

PST htt!2>>>

User-Agent2 %o#illaCoo*ie2 FFut"#31G1=01/+1/0001+1+1

userna"e3AAAAAAAAAAAAAAAAAAAAAAAAA(

Julnerability discovered by To" Krennanand $ong nn Chee2

htt!2


12/19

)-U-D-E

D;%


13/19

$aging $ar U!on SCADA


14/19

$aging $ar U!on SCADA

StuLnet o!erated fro" within IranMs nuclearfacilities to ta"!er with uraniu"-enrich"ent

centrifuges

)-U-D-E integrated with SHDAMs APIcould allow auto"atic location and

disru!tion of $eb-facing SCADA controllers

fro" any anony"ous location on ;arth


15/19

)-U-D-E %itigation

Add directi'e(

@)e'uest)eadTi"eout body3> Add a rule(Sec)ule );SPS;FSTATUS NOstre' >G@ N!hase2=Qt2noneQnologQ!assQ setvar2i!+slowFdosFcounter3R1QeL!irevar2i!+

slowFdosFcounter30>NSec)ule IP2S$FDSFCUT;) NOgt =@ N!hase21Qt2noneQlogQdro!Q "sg2Client Connection Dro!!ed due to high of slow DoS alertsN


16/19

ther 5!otential7 Attac* Jectors

Co"!leL structures such as2 SAPQ VSQ );ST

;nca!sulated !rotocols such as2 SIPQ AVA? binary

strea"s


17/19


18/19

Sloworis2htt!2


19/19

ravivOhybridsec+co"

Than* Eou

Documents

Owasp Universal