CS265 Spring 2009 Project 1 Groups:- Jay Jay Zhang, 005888233- Ken Chan, 005791578Project WebGoat1. Project topicThe topic we choose is “Bypass a Path Based Access Control Scheme” under Access Control Flaws. The scenario of this lesson is you only have access to one specified directory which here is “/Users/jayjay/WebGoat-5.2/tomcat/webapps/WebGoat/lesson_plans”, try to use the form to bypassthe access restriction and access some file not in this directory. 2. Topic analysisIn order to see how the form in the WebGoat page works, we installed the tool WebScarab to analysis the packages going through WebGoat projects.So after we intercept the request send from the package, we noticed that it is a HTTP Post request, only have two parameters, File and SUBMIT:3. Solve the lessonThink the tool WebScarab as the man in the middle, we can play man in the middle attack, and take advantage of the integrity flaw in this request, by changing the request parameter “File” to use path “../main.jsp”, we can access the source file of main.jsp in up level folder, following is the screen shot after we solve the lesson.4. Suggestion of fixing this flawSince this flaw is because the man in the middle can break the integrity of the request, in order to enhance the integrity we have different approachs.First, we can use Hash function with salt to enhance the integrity of the request, for example, we can add another parameter called “checksum” let the value of this parameter equal to Hash(“File=file.html&SUBMIT=View File”+timestamp), then server need to do the same calculation and verify the hash value.Another approach is we can use HTTPS instead of HTTP, since HTTPS will do key exchange and encrypt/decrypt operation between client and server, so it will impossible for somebody in the middle intercept the request and change it.Basically, the problem here is that the server doesn’t verify the user request for the access of resources. We can also implement the role-based access control scheme on top of the path-based access control scheme. Whenever a resource is accessed by a user, the server has to verify the ACLs scheme of theuser role. Only certain resources are allowed to be accessed by a certain role. This approach can restrict resource access to only authorized users. And eventhe malicious attacker Trudy bypass the path, the server will still check the ACLs of the users before allowing access to a particular
View Full Document
Unlocking...