Bu hafta düzenlenen Siber Güvenlik Konferansı 2014’te “Son Kullanıcı Güvenliği ve CSP” başlıklı bir sunum gerçekleştirdim. Bunu sunumu gerçekleştirmekteki amacım, Türkiye’de gerçekleştirdiğim web uygulama güvenliği testlerinde şimdiye kadar bir kere bile CSP uygulanmamasıydı. Bu nedenle son kullanıcı güvenliğinin ne denli önemli olduğunu anlattım.
Siber Güvenlik
Ci-Bonefire v0.7.1-dev Reinstall Admin Account Vulnerability Analysis & Exploit
Hello
Ci-Bonefire is another Codeigniter based-on open source application. I’ve been analyzing application which based-on codeigniter since I found some weakness of Codeigniter. This write-up we will see that what can cause failure of code design.
Codeigniter based No-CMS Admin Account Hijacking / RCE Exploit via Static Encryption Key
HELLO
This write-up we will analyze No-CMS web application which based on Codeigniter! Also we will continue to analyze Codeigniter too.
PyroCMS Object Injection Vulnerability – Another step, damn the steps, damn thee!
Hello
PyroCMS is one of the popular open source cms application. It is based on Codeigniter! You can download it from https://www.pyrocms.com/ or github account. I decided to analyze installation module of PyroCMS. Because we’ve learned that as an attackeri, we can do Object injection attacks if private key is not private!