Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Holistic InfoSec For Web Developers, Fascicle 1: VPS, Network, Cloud and Web Applications

Creating and maintaining robust technical solutions that will resist attacks from your adversaries

Kim Carter

The second part of a three part book series focused on lifting the security knowledge of Software Developers, Engineers, and their teams, so that they can continuously deliver secure technical solutions on time and within budget.

Free Online: https://f1.holisticinfosecforwebdevelopers.com

The author is letting you choose the price you pay for this book!

Pick Your Price...
PDF
EPUB
WEB
566
Pages
About

About

About the Book

Homepage: https://f1.holisticinfosecforwebdevelopers.com

Contents: https://f1.holisticinfosecforwebdevelopers.com/toc.html

Discounts: If you would like a discount, please email me, letting me know how much you would be willing to pay. The less you pay, the more I may consult with you about your recommendations, direction, etc.

Authors Homepage: binarymist.io

Authors Other Books: https://binarymist.io/publication/kims-selected-publications/

Share this book

Categories

JavaScriptComputer SecurityDatabasesNetworkingTestingAgileManagementTeamworkComputers and Programming.NETDevOpsDockerWeb DevelopmentNode.jsComputer ScienceSystems EngineeringAWSPowerShellCloud ComputingAmazon Web ServicesSoftware EngineeringSoftware Architecture

Feedback

Email the author

Price

Pick Your Price...

Minimum price

$22.99

$22.99

You pay

$22.99

Author earns

$18.39
$

All prices are in US $. You can pay in US $ or in your local currency when you check out.

EU customers: prices exclude VAT, which is added during checkout.

...Or Buy With Credits!

Number of credits (Minimum 2)

2
The author will earn $24.00 from your purchase!
You can get credits monthly with a Reader Membership

Author

About the Author

Kim Carter

Technologist / Engineer, Information Security Professional, Entrepreneur, creator of PurpleTeam, and the founder of BinaryMist Ltd. OWASP NZ Chapter Leader. Certified Scrum Master. Facilitator, mentor and motivator of cross functional, self managing teams. With a solid 20 years of commercial industry experience across many domains, Kim enjoys teaching others how to apply information security to their Agile processes, bringing the security focus up front where it's the cheapest to implement, increasing profit and reducing costs. Organiser of two information security conferences (OWASP NZ Day and Christchurch Hacker Con), International trainer, speaker, and Software Engineering Radio podcast host, focusing on:

  1. Software and network architecture
  2. Web development and engineering
  3. Information security

Kim is also a regular blog poster at binarymist.io/blog. Kim loves designing and creating robust software and networks, breaking software and networks, then fixing them and helping organisations increase productivity.

Kim's Other Books: binarymist.io/publication/kims-selected-publications/

Contents

Table of Contents

Foreword

Preface

  1. Description
  2. Purpose
  3. Reason
  4. Acknowledgements
  5. Influences

Introduction

7. VPS

  1. 1. SSM Asset Identification
  2. 2. SSM Identify Risks
  3. Forfeit Control thus Security
  4. Windows
  5. PsExec
  6. Synopsis
  7. The Play
  8. Pass The Hash (PTH) suite of Metasploit Modules
  9. PowerShell
  10. PowerShell Exploitation via Executable C/- Psmsf
  11. Synopsis
  12. The Play
  13. PowerShell Payload creation details
  14. PowerShell Exploitation Evolution
  15. PowerShell Exploitation via Office Documents C/- Nishang
  16. Synopsis
  17. The Play
  18. Adding Persistence C/- Meterpreter
  19. Adding Persistence C/- PowerSploit
  20. Synopsis
  21. The Play
  22. Unnecessary and Vulnerable Services
  23. Overly Permissive File Permissions, Ownership and Lack of Segmentation
  24. Synopsis
  25. The Play
  26. Weak Password Strategies
  27. Root Logins
  28. SSH
  29. Too Many Boot Options
  30. Portmap
  31. EXIM
  32. NIS
  33. Rpcbind
  34. Telnet
  35. FTP
  36. NFS
  37. Lack of Visibility
  38. Docker
  39. Consumption from Registries
  40. Doppelganger images
  41. The Default User is Root
  42. Docker Host, Engine and Containers
  43. Namespaces
  44. Control Groups
  45. Capabilities
  46. Linux Security Modules (LSM)
  47. SecComp
  48. Read-only Containers
  49. Application Security
  50. Using Components with Known Vulnerabilities
  51. Lack of Backup
  52. Lack of Firewall
  53. 3. SSM Countermeasures
  54. Forfeit Control thus Security
  55. Windows
  56. PsExec and Pass The Hash (PTH)
  57. PowerShell Exploitation with Persistence
  58. Minimise Attack Surface by Installing Only what you Need
  59. Disable, Remove Services. Harden what is left
  60. Partitioning on OS Installation
  61. Apt Proxy Set-up
  62. Review Password Strategies
  63. Consider changing to Bcrypt
  64. Password GRUB
  65. Disable Root Logins from All Terminals
  66. SSH
  67. Symmetric Cryptosystems
  68. Asymmetric Cryptosystems
  69. Hashing
  70. SSH Connection Procedure
  71. Establishing your SSH Servers Key Fingerprint
  72. Hardening SSH
  73. Tunnelling SSH
  74. Disable Boot Options
  75. Lock Down Partition Mounting
  76. Portmap
  77. Disable, Remove Exim
  78. Remove NIS
  79. Rpcbind
  80. Remove Telnet
  81. Remove FTP
  82. NFS
  83. Lack of Visibility
  84. Logging and Alerting
  85. Web Server Log Management
  86. System Loggers Reviewed
  87. Goals
  88. Environmental Considerations
  89. Initial Setup
  90. Improving the Strategy
  91. Proactive Monitoring
  92. Evaluation Criteria
  93. Goals
  94. Sysvinit, Upstart, systemd & Runit
  95. forever
  96. PM2
  97. Supervisor
  98. Monit
  99. Passenger
  100. Getting Started with Monit
  101. Keep Monit Alive
  102. Keep NodeJS Application Alive
  103. Statistics Graphing
  104. Collectd
  105. Graphite
  106. Assembling the Components
  107. Host Intrusion Detection Systems (HIDS)
  108. Tripwire
  109. RkHunter
  110. Chkrootkit
  111. Unhide
  112. Ossec
  113. Stealth
  114. Deeper with OSSEC
  115. Deeper with Stealth
  116. Outcomes
  117. Stealth Up and Running
  118. Docker
  119. Consumption from Registries
  120. Doppelganger images
  121. The Default User is Root
  122. Hardening Docker Host, Engine and Containers
  123. Haskell Dockerfile Linter
  124. Lynis
  125. Docker Bench
  126. CoreOS Clair
  127. Banyanops collector
  128. Anchore
  129. TwistLock
  130. Possible contenders to watch
  131. Namespaces
  132. Control Groups
  133. Capabilities
  134. Linux Security Modules (LSM)
  135. Seccomp
  136. Read-only Containers
  137. runC and where it fits in
  138. Using runC Standalone
  139. Application Security
  140. Using Components with Known Vulnerabilities
  141. Schedule Backups
  142. Host Firewall
  143. Preparation for DMZ
  144. Confirm DMZ has
  145. Additional Web Server Preparation
  146. Post DMZ Considerations
  147. 4. SSM Risks that Solution Causes
  148. Forfeit Control thus Security
  149. Windows
  150. PsExec and Pass The Hash (PTH)
  151. PowerShell Exploitation with Persistence
  152. Minimise Attack Surface by Installing Only what you Need
  153. Disable, Remove Services. Harden what is left
  154. Partitioning on OS Installation
  155. Review Password Strategies
  156. SSH
  157. Disable Boot Options
  158. Mounting of Partitions
  159. Portmap
  160. Exim
  161. Remove NIS
  162. Rpcbind
  163. Telnet
  164. FTP
  165. NFS
  166. Lack of Visibility
  167. Logging and Alerting
  168. Web Server Log Management
  169. Proactive Monitoring
  170. Statistics Graphing
  171. Host Intrusion Detection Systems (HIDS)
  172. Docker
  173. Linux Security Modules (LSM)
  174. Schedule Backups
  175. Host Firewall
  176. 5. SSM Costs and Trade-offs
  177. Forfeit Control thus Security
  178. Windows
  179. PsExec and Pass The Hash (PTH)
  180. PowerShell Exploitation with Persistence
  181. Minimise Attack Surface by Installing Only what you Need
  182. Disable, Remove Services. Harden what is left
  183. Partitioning on OS Installation
  184. Review Password Strategies
  185. SSH
  186. Disable Boot Options
  187. Mounting of Partitions
  188. Portmap
  189. Exim
  190. Remove NIS
  191. Rpcbind
  192. Telnet
  193. FTP
  194. NFS
  195. Lack of Visibility
  196. Logging and Alerting
  197. Web Server Log Management
  198. Proactive Monitoring
  199. Statistics Graphing
  200. Host Intrusion Detection Systems (HIDS)
  201. Docker
  202. Schedule Backups
  203. Host Firewall

8. Network

  1. 1. SSM Asset Identification
  2. 2. SSM Identify Risks
  3. Fortress Mentality
  4. Lack of Segmentation
  5. Lack of Visibility
  6. Insufficient Logging
  7. Lack of Network Intrusion Detection Systems (NIDS)
  8. Spoofing
  9. IP
  10. ARP (Address Resolution Protocol)
  11. DNS
  12. Referrer
  13. EMail Address
  14. Website
  15. Synopsis
  16. The Play
  17. BeEF Can Also Clone
  18. Synopsis
  19. The Play
  20. Data Exfiltration, Infiltration
  21. Ingress and Egress Techniques
  22. Dropbox
  23. Physical
  24. Mobile Phone Data
  25. DNS, SSH
  26. Doppelganger Domains
  27. Web-sites
  28. SMTP
  29. SSH
  30. Wrongful Trust When Loading Untrusted Web Resources
  31. TLS Downgrade
  32. 3. SSM Countermeasures
  33. Fortress Mentality
  34. Lack of Segmentation
  35. Lack of Visibility
  36. Insufficient Logging
  37. Network Time Protocol (NTP)
  38. Lack of Network Intrusion Detection Systems (NIDS)
  39. Spoofing
  40. IP
  41. ARP (Address Resolution Protocol)
  42. DNS
  43. Referrer
  44. EMail Address
  45. Website
  46. Data Exfiltration, Infiltration
  47. Dropbox
  48. Physical
  49. Mobile Phone Data
  50. DNS, SSH
  51. Doppelganger Domains
  52. Web-sites
  53. SMTP
  54. SSH
  55. Wrongful Trust When Loading Untrusted Web Resources
  56. Content Security Policy (CSP)
  57. Sub-resource Integrity (SRI)
  58. TLS Downgrade
  59. HTTP Strict Transport Security (HSTS)
  60. HTTP Strict Transport Security (HSTS) Preload
  61. X.509 Certificate Revocation Evolution
  62. Initiative 1: Certification Revocation List (CRL)
  63. Initiative 2: Online Certificate Status Protocol (OCSP)
  64. One of the Big Problems
  65. Initiative 3: Welcome to OCSP Stapling
  66. OCSP Stapling Problem
  67. Initiative 4: Fix for the OCSP Stapling Problem
  68. 4. SSM Risks that Solution Causes
  69. Fortress Mentality
  70. Lack of Segmentation
  71. Lack of Visibility
  72. Insufficient Logging
  73. Lack of Network Intrusion Detection Systems (NIDS)
  74. Spoofing
  75. IP
  76. ARP (Address Resolution Protocol)
  77. DNS
  78. Referrer
  79. Data Exfiltration, Infiltration
  80. Dropbox
  81. Physical
  82. Mobile Phone Data
  83. DNS, SSH
  84. Doppelganger Domains
  85. Wrongful Trust When Loading Untrusted Web Resources
  86. Content Security Policy (CSP)
  87. Sub-resource Integrity (SRI)
  88. TLS Downgrade
  89. HTTP Strict Transport Security (HSTS)
  90. HTTP Strict Transport Security (HSTS) Preload
  91. 5. SSM Costs and Trade-offs
  92. Fortress Mentality
  93. Lack of Segmentation
  94. Lack of Visibility
  95. Insufficient Logging
  96. Lack of Network Intrusion Detection Systems (NIDS)
  97. Spoofing
  98. Data Exfiltration, Infiltration
  99. Dropbox
  100. Physical
  101. Mobile Phone Data
  102. DNS, SSH
  103. Doppelganger Domains
  104. Wrongful Trust When Loading Untrusted Web Resources
  105. Content Security Policy (CSP)
  106. Sub-resource Integrity (SRI)
  107. TLS Downgrade
  108. HTTP Strict Transport Security (HSTS)
  109. HTTP Strict Transport Security (HSTS) Preload

9. Cloud

  1. 1. SSM Asset Identification
  2. Productivity
  3. Competitive Advantage
  4. Control
  5. Data
  6. 2. SSM Identify Risks
  7. Shared Responsibility Model
  8. CSP Responsibility
  9. CSP Customer Responsibility
  10. CSP Evaluation
  11. Cloud Service Provider vs In-house
  12. Skills
  13. EULA
  14. Giving up Secrets
  15. Location of Data
  16. Vendor lock-in
  17. Possible Single Points of Failure
  18. Review Other Chapters
  19. People
  20. Application Security
  21. Network Security
  22. Violations of Least Privilege
  23. Machine Instance Single User Root
  24. CSP Account Single User Root
  25. Storage of Secrets
  26. Private Key Abuse
  27. SSH
  28. TLS
  29. Credentials and Other Secrets
  30. Entered by People (manually)
  31. Entered by Software (automatically)
  32. Serverless
  33. Third Party Services
  34. Perimeterless
  35. Functions
  36. DoS of Lambda Functions
  37. Infrastructure and Configuration Management
  38. AWS
  39. Password-less sudo
  40. 3. SSM Countermeasures
  41. Shared Responsibility Model
  42. CSP Responsibility
  43. CSP Customer Responsibility
  44. CSP Evaluation
  45. Cloud Service Provider vs In-house
  46. Skills
  47. EULA
  48. Giving up Secrets
  49. Location of Data
  50. Vendor lock-in
  51. Possible Single Points of Failure
  52. Review Other Chapters
  53. People
  54. Application Security
  55. Network Security
  56. Violations of Least Privilege
  57. Machine Instance Single User Root
  58. CSP Account Single User Root
  59. Storage of Secrets
  60. Private Key Abuse
  61. SSH
  62. TLS
  63. Credentials and Other Secrets
  64. Entered by People (manually)
  65. Entered by Software (automatically)
  66. Serverless
  67. Third Party Services
  68. Perimeterless
  69. Functions
  70. DoS of Lambda Functions
  71. Centralised logging of AWS Lambda Functions
  72. Frameworks
  73. Infrastructure and Configuration Management
  74. AWS
  75. Password-less sudo
  76. Additional Tooling
  77. 4. SSM Risks that Solution Causes
  78. Shared Responsibility Model
  79. CSP Evaluation
  80. Cloud Service Provider vs In-house
  81. People
  82. Application Security
  83. Network Security
  84. Violations of Least Privilege
  85. Storage of Secrets
  86. Private Key Abuse
  87. SSH
  88. TLS
  89. Credentials and Other Secrets
  90. Entered by People (manually)
  91. Entered by Software (automatically)
  92. Serverless
  93. Functions
  94. DoS of Lambda Functions
  95. Frameworks
  96. Infrastructure and Configuration Management
  97. AWS
  98. Additional Tooling
  99. 5. SSM Costs and Trade-offs
  100. Shared Responsibility Model
  101. CSP Evaluation
  102. Cloud Service Provider vs In-house
  103. People
  104. Application Security
  105. Network Security
  106. Violations of Least Privilege
  107. Storage of Secrets
  108. Private Key Abuse
  109. SSH
  110. TLS
  111. Credentials and Other Secrets
  112. Entered by People (manually)
  113. Entered by Software (automatically)
  114. Serverless
  115. Functions
  116. DoS of Lambda Functions
  117. Frameworks
  118. Infrastructure and Configuration Management
  119. AWS
  120. Additional Tooling

10. Web Applications

  1. 1. SSM Asset Identification
  2. 2. SSM Identify Risks
  3. Lack of Visibility
  4. Insufficient Logging and Monitoring
  5. Lack of Input Validation, Filtering and Sanitisation
  6. Generic
  7. What is Validation
  8. What is Filtering
  9. What is Sanitisation
  10. Cross-Site Scripting (XSS)
  11. Synopsis
  12. The Play
  13. Cross-Site Request Forgery (CSRF)
  14. Injection
  15. SQLi
  16. Synopsis
  17. The Play
  18. NoSQLi
  19. Command Injection
  20. XML Injection
  21. XSLT Injection
  22. XPath Injection
  23. XQuery Injection
  24. LDAP Injection
  25. Captcha
  26. Management of Application Secrets
  27. Datastore Compromise
  28. Cracking
  29. Lack of Authentication, Authorisation and Session Management
  30. What is Authentication
  31. What is Authorisation
  32. Cryptography on the Client (AKA Untrusted Crypto)
  33. Consuming Free and Open Source
  34. Insufficient Attack Protection
  35. Lack of Active Automated Prevention
  36. 3. SSM Countermeasures
  37. Lack of Visibility
  38. Insufficient Logging
  39. Opening a UDP port
  40. Using Posix
  41. Insufficient Monitoring
  42. Dark Cockpit
  43. Statistics Graphing
  44. Lack of Input Validation, Filtering and Sanitisation
  45. Generic
  46. Types of Escaping:
  47. Example in JavaScript and C#
  48. Example in JavaScript and NodeJS
  49. Other things to think about
  50. Cross-Site Scripting (XSS)
  51. Cross-Site Request Forgery (CSRF)
  52. Injection
  53. SQLi
  54. NoSQLi
  55. Command Injection
  56. XML Injection
  57. XSLT Injection
  58. XPath Injection
  59. XQuery Injection
  60. LDAP Injection
  61. Captcha
  62. Types
  63. Offerings
  64. Alternative Approaches
  65. Still Not Cutting it
  66. User Time Expenditure
  67. Bot Pot
  68. Testing
  69. Management of Application Secrets
  70. Store Configuration in Configuration files
  71. node-config
  72. Windows
  73. Linux
  74. Least Privilege
  75. Location
  76. Datastore Compromise
  77. Which KDF to use?
  78. Caching of Sensitive Data
  79. Cracking
  80. Lack of Authentication, Authorisation and Session Management
  81. Chosen technologies:
  82. Technology and Design Decisions
  83. Reference Token vs JSON Web Token (JWT)
  84. IdentityServer3
  85. MembershipReboot
  86. External Identity Providers
  87. Architecture
  88. Securing Sessions
  89. Cryptography on the Client (AKA Untrusted Crypto)
  90. Web Cryptography API
  91. user agent
  92. [[handle]]
  93. CryptoKey (Web API interface)
  94. The other two Web Crypto API interfaces
  95. Crypto (Web API interface)
  96. SubtleCrypto (Web API interface)
  97. Cloud Storage
  98. Protected Data and Document Exchange
  99. Consuming Free and Open Source
  100. Process
  101. Consumption is Your Responsibility
  102. Keeping Safe
  103. wget, curl, etc
  104. npm install
  105. Doppelganger Packages
  106. Whitelisting Packages via npm Enterprise
  107. Tooling
  108. npm-outdated
  109. npm-check
  110. David
  111. RetireJS
  112. requireSafe
  113. bithound
  114. Node Security Platform (NSP)
  115. Snyk
  116. Github
  117. Insufficient Attack Protection
  118. Web Application Firewall (WAF)
  119. Application Intrusion Detection and Response
  120. Active Automated Prevention
  121. 4. SSM Risks that Solution Causes
  122. Lack of Visibility
  123. Insufficient Logging and Monitoring
  124. Lack of Input Validation, Filtering and Sanitisation
  125. Cross-Site Scripting (XSS)
  126. Cross-Site Request Forgery (CSRF)
  127. Injection
  128. SQLi
  129. NoSQLi
  130. Command Injection
  131. XML Injection
  132. XSLT Injection
  133. XPath Injection
  134. XQuery Injection
  135. LDAP Injection
  136. Captcha
  137. Management of Application Secrets
  138. Store Configuration in Configuration files
  139. node-config
  140. Windows:
  141. Linux:
  142. Least Privilege
  143. Location
  144. Datastore Compromise
  145. Lack of Authentication, Authorisation and Session Management
  146. Cryptography on the Client (AKA Untrusted Crypto)
  147. Consuming Free and Open Source
  148. Process
  149. Tooling
  150. Insufficient Attack Protection
  151. 5. SSM Costs and Trade-offs
  152. Lack of Visibility
  153. Insufficient Logging and Monitoring
  154. Lack of Input Validation, Filtering and Sanitisation
  155. Cross-Site Scripting (XSS)
  156. Cross-Site Request Forgery (CSRF)
  157. Injection
  158. SQLi
  159. NoSQLi
  160. Command Injection
  161. XML Injection
  162. XSLT Injection
  163. XPath Injection
  164. XQuery Injection
  165. LDAP Injection
  166. Captcha
  167. Management of Application Secrets
  168. Store Configuration in Configuration files
  169. Windows:
  170. Linux
  171. Least Privilege
  172. Location
  173. Datastore Compromise
  174. Lack of Authentication, Authorisation and Session Management
  175. Cryptography on the Client (AKA Untrusted Crypto)
  176. Consuming Free and Open Source
  177. Insufficient Attack Protection

Additional Resources

  1. VPS
  2. Network
  3. Cloud
  4. Web Applications

Attributions

  1. Introduction
  2. VPS
  3. Network
  4. Cloud
  5. Web Applications

Contributors

About the Contributors

Russ McRee

Leanne Carter

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub