Preventing Image based Cross Site Request Forgery Attacks
|
|
- Jason Butler
- 6 years ago
- Views:
Transcription
1 Preventing Image based Cross Site Request Forgery Attacks Ramarao R, Radhesh M, Alwyn R Pais Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal, Karnataka, INDIA {ramisetty.ramarao, radhesh, alwyn.pais}@gmail.com Abstract Cross Site Request Forgery (CSRF) is an attack on web applications which exploits the trust of authenticated users. This attack allows a partially compromised site to make arbitrary HTTP requests on behalf of victim user who is currently logged in to a site. Currently very few defensive mechanisms like secret validation token, referer header, custom HTTP header and origin header are available to prevent this attack. In this paper, we present a client-side proxy solution that detects and prevents CSRF attacks using IMG element or other HTML elements which are used to access the graphic images for the webpage. Keywords: Cross-Site Request Forgery, Client-side proxy solution, Image based CSRF. 1 Introduction Cross-site Request Forgery [3] (abbreviated CSRF or XSRF, one-click attack, sometimes also called Session Riding ) is a new class of attack on web applications which exploit the trust of authenticated users. By launching a successful CSRF attack against the authenticated user, an attacker is able to initiate arbitrary HTTP requests using the user credentials to the vulnerable web application. A successful CSRF attack effectively bypasses the underlying authentication mechanism and it can compromise the end user data and operation. If the victim account has administrator rights, this attack can compromise the entire web application. In contrast to Cross-site scripting (XSS) and SQL injection attacks, CSRF attack is little-known to the web application developers and academic community [2]. As a result, few mitigation solutions exist but these do not offer complete protection against CSRF, or require modifications to the existing web applications that need to be protected. In this paper, we present a client-side proxy solution which provides protection from CSRF attacks using IMG (image) elements. More precisely, our client-side proxy solution detects and prevents all kinds of image based CSRF attacks in a way that is transparent to the users as well as to the web application itself. OWASP s open source Webscarab proxy plug-in [4] in the CSRFTester tool is used as a client-side proxy. The paper is organized as follows: Section 2 gives the required technical background details. Section 3 illustrates image based CSRF attack with an example. Sections 4, 5 and 6 explain the solution to prevent image based CSRF attack, its implementation details and experimental results respectively. 2 Technical Background In this section we introduce the basic concept of HTML image elements and the CSRF attack. 2.1 Image Retrieval HTML has the ability to include images with text in the following ways: as an inline image, as a background image, or can be linked to a different image source via hyperlink. When a browser requests a webpage, it can t know that the page has an image. The browser realizes this only when it parses the HTML within the response. At this point the browser sends a separate HTTP GET request to the web server to retrieve the image. The web server replies with the requested image data [8]. The HTML IMG element is widely used for embedding images into the document and is supported by all major web browsers. The basic attributes of IMG element are: align, alt, border, dynsrc(ie), height, hspace, ismap, lowsrc(netscape), name(netscape), src, usemap, vspace and width [8,9]. The src attribute of IMG element is used to provide the absolute or relative URI (Uniform Resource Identifier) of the image to be displayed. The lowsrc attribute is used to specify the URI of the low resolution equivalent of the image specified by the src attribute, but it is supported only by Netscape. The dynsrc attribute loads a movie file instead of a still picture file. Browsers that recognize dynsrc will ignore the link specified in the src attribute. The alt attribute is used to give replacement text, which will be displayed when the requested image is not loaded. The longdesc attribute gives the link to a long description of the image. The following code illustrates the usage of these attributes of IMG element to retrieve images: <IMG src="logo1.gif" /> <IMG src= logo1.gif lowsrc="logo1_lowres.gif" /> <IMG src="logo1.gif" alt= logo longdesc= logo.html /> <IMG src="sample.gif" dynsrc="test.avi"> The ismap and usemap attributes for the IMG element tells the browser that the image is a special mouse-selectable visual map of one or more hyperlinks, commonly known as an image map. The ismap attribute is used to indicate the user s mouse actions over the image and it is processed using
2 a server-side image map. When the user clicks on an area of the image using the mouse, the coordinates are sent back to the server in the form of a query string in the URI [10]. The images can also be displayed on a webpage by specifying the URI of the image in the src attribute of INPUT element, data attribute of OBJECT element, or the background attribute of the BODY, TABLE or TD elements. If the type attribute value is image in the INPUT element, then it creates an image, which can be used as a button. The src attribute must be included to specify the URI of the image. Image can be accessed using the OBJECT element, by setting the type attribute value to image and URI of the image to data attribute. The following code illustrates the above explained elements: <INPUT type="image" src="submit.gif" /> <OBJECT type="image/jpg" data="logo3.gif"></object> <BODY background= "background1.gif" > <TABLE background= background2.gif > <TD background= background3.gif > In Cascading Style Sheets (CSS), background:url( URI ); and background-image: url( URI ); attributes are used to specify the image as shown below: body { background: url ("background2.gif"); background-image: url ("background3.gif"); } In JavaScript, Image() object is used to specify the target image location. An example code snippet is shown below: <script> var imageobj = new Image(); imageobj.src= logo.gif ; </script> An attacker can include a CSRF attack code or redirect the victim to a malicious webpage using a suitable value for the src attribute. The CSRF attack is not possible with alt, name, height, width, usemap and ismap attribute values of IMG element. The attacker can also create a CSRF attack using CSS background, background-image attributes and JavaScript image objects. 2.2 Cross Site Request Forgery This section presents basics of CSRF attack, real-world CSRF attacks and an overview of its existing defenses Understanding the CSRF attack Cross Site Request Forgery attack is ranked at 5 th position in the Open Web Application Security Project (OWASP) top 10 web application threats in 2007 [3]. It is an attack that tricks the victim into loading a page that contains a malicious request. It is malicious in the sense that it inherits the identity and privileges of the victim to perform an undesired function on the victim's behalf, like change the victim's password, e- mail address, or purchase something. These attacks generally target functions that cause a state change on the server but can also be used to access sensitive data. For most sites, after a successful initial authentication, web browsers will automatically include any credentials associated with the site in further requests without user interaction. The credentials associated with the site are Session Cookie, HTTP authentication credentials, IP address, Windows domain credentials, etc. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish a malicious request from a legitimate user request [1]. Any action that an authenticated user can perform on the vulnerable website can be performed by an attacker by utilizing CSRF. This could include posting content to a message board, subscribing to an online newsletter, logout, purchase an item, change account information or any other function provided by the vulnerable website. This attack can also be used as a vector to exploit existing XSS flaws in a given application. For example if there is a XSS issue on an online forum or blog, an attacker could force the user through CSRF attack to post a copy of the next big website worm. An attacker could also utilize CSRF to relay an attack against a chosen site, as well as perform a Denial of Service (DoS) attack in the right circumstances [11]. In the web based applications, the CSRF attack can be carried out in different ways. The attack could be done using HTML IMG Tag or a specially crafted URL embedded into the Target application. This works for sure since the victim will be logged into the application. Sometimes, it is possible to store the malicious code using IMG, IFRAME element or XSS in a field that accepts HTML and perform CSRF attack on the vulnerable site itself. Such vulnerabilities are called Stored CSRF attacks. If the attacker stores a CSRF attack code in the site then the severity of the attack is high. The likelihood is increased because the victim is more likely to view the page containing the attack code than some random page on the Internet. Another way of doing it is attacker host a site/blog and influences the victim to visit the site. This site in turn would contain the malicious request. This kind of attack is called reflected CSRF attack. This might not work always as the user may not be currently logged into the target system when the exploit is tried. Several CSRF vulnerabilities against real-world web applications have been discovered [12]. In January 2007, vulnerability in Gmail was discovered which allowed an attacker to steal a Gmail user's contact list. The vulnerability in Netflix allowed an attacker to change name and address of the victim s account as well as add movies to the rental queue [13]. In January 2008, by accessing the malicious IMG element in the sent by an attacker, the user initiated a router command to change the DNS entry and making any subsequent access by the user to the bank go through the attacker's server [14]. In September 2008, Bill zeller [15] found CSRF vulnerabilities in 4 major web sites. These
3 vulnerabilities allow an attacker to transfer funds out of user s bank accounts (ING Direct), add videos to a user s Favorites (YouTube), take control of user s account (MetaFilter) and find out the address of an arbitrary user (The New York Times). All of these vulnerabilities were fixed. CSRF vs. XSS: Cross-Site Scripting (XSS) attack exploits the trust that a client has for the website or application. Users generally trust that the content displayed in their browsers was intended to be displayed by the website being viewed. In contrast, CSRF exploits the trust that a site has for the user. The website assumes that if an 'action request' was performed, it trusts that the request is being sent by the user [11] Existing CSRF defenses There are few mechanisms a site can use to defend itself against CSRF attacks: validating a secret token, validating the HTTP Referer header, including additional headers with XMLHttpRequest and the Origin header. None of these mechanisms completely defend against CSRF attacks [5]. Secret Validation token: In each HTTP request a secret token is sent as additional information that can be used to determine whether the request came from an authorized source. If the request missing a validation token or the token does not match the expected value, the server will reject the request. The Referer Header: In many cases, browser includes Referer header while sending a HTTP request to indicate which URL initiated the request and is used to distinguish a same-site request from a cross-site request. So it can prevent CSRF attack by checking whether the request in question was issued by the site itself or not. Custom HTTP Headers: The browser prevents sites from sending custom HTTP headers to another site but allows sites to send custom HTTP headers to themselves using XMLHttpRequest. To use custom headers as a CSRF defense, a site must issue all state-modifying requests using XMLHttpRequest, attach the custom header, and reject all state-modifying requests that are not accompanied by the header. Origin Header: The browser sends the Origin header with all the POST requests to identify the origin that initiated the request. If the browser cannot determine the origin, the browser sends the value null. The server rejects the requests whose Origin header contains an undesired value (including null). 3 Image based CSRF attacks Cross site request forgery attacks exploit the browsers feature of sending authentication information along with every POST/GET HTTP request to the target application. An attacker identifies a URL on a website like a banking application that performs some functions like purchase, money transfer or any transaction or update account. An attacker posts the malicious URL in a web page on which they have control. When the victim visits the web page the URL is triggered (via an Image Request). The browser sends the authenticated information to the particular website along with that request [16]. Image based CSRF attack works by including HTML image elements, attributes or image objects in a page that accesses a site to which the user is known (or is supposed) to have authenticated. For example [13], a banking site provides a HTML form to place online credit transfers. This form uses the GET method and has the action URL /transfer.php. This form is only accessible by properly authenticated users. One user, Alice, is logged into bank.com website and at the same time browsing a chat forum ABC, where another user, Mary, has posted a message to the forum. Suppose that Mary has crafted an HTML image element that references a feature or web page on Alice's bank's website (rather than an image file).e.g. <IMG src= &amount=100000&for=mary width= 0 height= 0 /> Figure 1. CSRF attack using IMG element. We assume that the bank website keeps Alice authentication information in a cookie. If the cookie hasn't expired, and at the same time Alice views the crafted message sent by Mary, then the Alice s browser will attempt to load the image, and it will submit the transfer request with Alice credentials to bank.com server without requiring any further interaction from the Alice. Thus authorizing the malicious transaction by the bank s server. Figure 1 shows the process of CSRF attack in the above example. The following is another simple example to illustrate realworld image based CSRF attack request (crafted by one of the authors) to logout of their authenticated Gmail session: <IMG src=" width= 0 height= 0 /> Suppose an attacker places the above CSRF attack code in a vulnerable website. When an authenticated Gmail user visits the vulnerable site, the browser sends a request to retrieve the image specified in the IMG src attribute, thus sending a logout request to Gmail, with the users credentials. This
4 results in successful logout from Gmail. Due to the lack of anti-csrf mechanism, many websites are vulnerable to this logout CSRF attack. It is not a severe attack but it clearly explains how Image based CSRF attacks can be used against websites to perform malicious activities and cause inconvenience to the users. The HTML IMG element is used as a common method to perform the CSRF attack. It is by no means that only this element can be used to perform this attack. The other HTML image elements and attribute values mentioned in section 2.1 can be used to perform the CSRF attack. The script and iframe elements are also used to perform this attack. These elements have URLs embedded within them that create an automatic HTTP request with a malicious action. The attacker can also create a CSRF attack using JavaScript image objects. The GET requests are especially vulnerable to CSRF attack, but POST requests are not immune. An attacker can use JavaScript to auto submit the malicious form to a target location on a victim's website. Performing CSRF attack for POST request is much more difficult than GET request but the attack is still possible. The CSRF attack takes advantage of the fact that many users tend to forget to logout of the web applications they have used. This does not provide the web applications a chance to clear their session IDs or other types of session information from the cookie, allowing the CSRF attack to be successful even when the user is not actively browsing vulnerable websites. 4 Prevention of Image based CSRF attacks We propose a client-side solution to enable security conscious users to protect themselves against Image based CSRF attacks. Concept: The CSRF attacks are possible due to the fact that the browser automatically sends the GET requests for all kinds of HTML image elements while rendering a webpage. By using these image elements, it is very simple to exploit any vulnerable website. This is because, the web browsers do not validate the URL specified by the IMG element attribute before sending a request for that image. Identification of suspicious image elements: Most of the websites use the static image URLs to obtain the images in their web pages. The widely recognized image formats include GIF, JPEG, and PNG. The other formats supported by popular browsers are jpg, bmp, xbm. So if the website uses a static image URL then the URL must end with gif, jpeg, jpg, png, bmp or xbm extension. We can successfully mitigate the CSRF attacks using static image URL by checking the URL extensions and validating the URL specified in all types of image elements before the browser renders the webpage. Our solution works as a local proxy on the user s computer and disables the automatic dispatching of GET requests for all image elements. The proxy identifies all the image elements in the response and validates the URL for each image element in the webpage source code. If the proxy detects any invalid URL, it disables that image element in the webpage. If there is a dynamic image in the webpage, an alert is displayed to the user and based on the user response the image request is processed or blocked. 4.1 A Proxy-Based Solution Figure 2. Client-Side Proxy Solution. We chose to implement our solution in the form of a proxy because this approach enables CSRF protection for all the web browsers. Figure 2 shows the general setup of the web browser, the client side proxy and the web server. Identification of suspicious requests: The proxy resides between the client s web browser and the web application s server. Every HTTP request and response is routed through the proxy. Due to the fact that the browser and the proxy are separate entities, the proxy is unable to identify how a HTTP request is initiated for the images. To decide an image element is legitimate or suspicious of CSRF, we introduce the following classification criteria: Once the response is received from the web server for each request, the client-side proxy checks for image extensions in the static image URLs. If any invalid URL is found then the proxy blocks that image element by enclosing it within the CDATA element and it forwards the response to the browser. If the response contains valid image URLs then the proxy forwards response content intact to the browser without any modifications Limitations Our current proxy solution successfully prevents the CSRF attack using all kinds of static image URLs except the JavaScript Image objects. In this solution, we are blocking the dynamic image URLs in the response page because these do not have the image extensions (.jpg etc.) like static image URLs. The IMG attribute longdesc can be used to specify the attacker s controlled site where he posted a malicious code. So an attacker can redirect the user and perform the CSRF attack using this attribute. Our solution is not immune to this kind of attack. We are providing an option to the user to block this attribute as a partial solution Future work Validating JavaScript image objects is yet to be implemented. The existing code can be extended to include this functionality to protect against JavaScript image object based CSRF attacks. We used CSRFTester tool and Webscarab proxy plug-in present in that tool as the proxy to execute and test our implementation. A separate GUI need to be
5 implemented to make it as a separate tool. Usage of dynamic image URLs in the webpage is very less as compared to static image URLs and these are used mainly for advertisements. So blocking advertisements is advantageous to the users, but some users may want to see the advertisement or some websites restrict the user to login to the site only after viewing the advertisement. We can provide more number of options to the user such as allow or block the dynamic images, view the list of images in the webpage etc. This solution can also be made browser specific by creating an add-on to the browsers like Firefox. 5 Implementation Details We used OWASP s CSRFTester tool to test our implementation. CSRFTester tool attempts to give developers the ability to test their applications for CSRF flaws [4]. The Webscarab proxy plug-in in the CSRFTester sets up a HTTP proxy and listens by default on localhost port This plug-in accepts both HTTP and HTTPS requests. We implemented image based CSRF attack detection and prevention code in Java and is integrated with webscarab proxy plug-in. It is an open source code and is available at [17]. Java regular expression functions are used to validate the extensions of static image URLs. The sample procedure for checking IMG element URLs in the response is as follows: 1. Obtain all IMG elements from the response by compiling the regular expression pattern "<\\s*img[<^>]+>" 2. Obtain URLs present in all IMG elements by compiling the pattern "src\\s*=\\s*(' \"){0,1}\\s*([^\\s\"\'\\(\\;\\#\\&\\<\\?][A-Zaz0-9\\_\\.\\/\\:\\-\\%\\~]*)\\s*(' \"){0,1}" 3. Check the extension of each URL by compiling the pattern ".*\\.(gif png jpg jpeg bmp xbm)$". If the image URL matches with the extension then it is valid. Otherwise it is treated as invalid and that image element is included inside the CDATA section. We can delete the malicious image elements if we don t want to comment it with CDATA. CDATA sections are used to escape blocks of text containing characters that would otherwise be regarded as markup. The only delimiter that is recognized in a CDATA section is the "]]>" string that ends the CDATA section. Putting <![CDATA[...]]> round a section essentially says "do not parse this section - everything in it should be interpreted as characters". The primary purpose of CDATA is to include material such as XML fragments, without needing to escape all the delimiters [6]. The same procedure is followed for other image elements and attributes. 6 Experimental Results To test our implementation, initially we gathered different types of IMG elements (including XSS attacks using IMG element) with all attributes and their values, INPUT, OBJECT elements, background attribute and CSS background: url (), background-image: url() attribute values. Our implementation successfully disabled these image based CSRF attacks from executing. The following are the websites tested for finding image based CSRF attacks. The experimental results from Table 1 show that our current implementation successfully blocked all the static image elements containing CSRF attack code and also the dynamic image elements present in the response. The CSRF attacks are much harder to test because the attacker can include the malicious IMG tag whenever required and delete them once the attack is successful on the victim(s). Website Localhost (all images are malicious) com timesofindia.i ndiatimes.com cmt.nitk.ac.in (NITK forum) Total Images Blocked Images Table 1. Tested Applications Reason for blocking the Images The image source contains malicious code (including XSS script, logout URLs etc.) The site uses dynamic URLs inside the IMG element for displaying advertisements. The site uses CMS system to generate dynamic image URLs. The site contains Gmail, cmt site Logout and message URLs [posted by the author (login required)] Figure 3 shows the sample output of our implementation, when it is tested on cmt.nitk.ac.in chat forum. This website is vulnerable to image based CSRF attacks since it is allowing the users to post (malicious) HTML content in the forum. 7 Related Work Figure 3. Test results on cmt.nitk.ac.in chat forum Our analysis of the main existing CSRF defenses is provided in section The other defensive approaches which use proxy are as follows. RequestRodeo is the first client-side solution for protection against Session Riding attacks [1]. It prevents CSRF attack by stripping the implicit authorization information (i.e. cookie header etc.), from the outgoing crosssite HTTP requests. But the limitation of RequestRodeo is, it cannot automatically distinguish legitimate cross-site requests from attacks. NoForge [2] is a server-side proxy used to defend PHP applications against CSRF attacks. In this, the
6 proxy is located between the web server and the protected web applications. This proxy is able to inspect and modify client requests as well as the application s replies (output) automatically and transparently extend applications with the secret token validation technique. 8 Conclusion Cross Site Request Forgery is one of the widely exploited vulnerability in web sites. In this attack, the trust of web application in its authenticated users is exploited and it allows an attacker to make arbitrary HTTP requests in the victim s name. CSRF attacks using IMG elements are very simple and easy to exploit. We have proposed a simple and effective solution to detect and prevent CSRF attacks using image elements which use static URLs with a client-side proxy. This enables the users to protect themselves against CSRF attacks using any browser. Acknowledgements We thank Jevitha KP who helped in integrating the implemented code to CSRFTester tool and for proof reading of this paper. This work was supported by the Department of Information Technology, Government of INDIA under ISEA project. We would also like to thank Department of Computer Engineering, NITK Surathkal for providing all facilities to complete this research work. References [1] J.Martin, Justus Winter. RequestRodeo: Client Side Protection against Session Riding. In OWASPAppSec2006Europe, [2] J.Nenad, K.Engin, K.Christopher. Preventing Cross Site Request Forgery attacks. In securecomm and workshops, [3] Cross-Site Request Forgery. Cross-Site_Request_Forgery, May, [4] OWASP CSRFTester Project. index.php/ Category: OWASP_CSRFTester_Project, May, [5] A.Barth, C.Jackson, and J.C.Mitchell. Robust defenses for crosssite request forgery. In Proc. ACM Conference on Computer and Communications Security (CCS), Oct, [6] Mike Champion, Steve Byrne. Document Object Model (core) level1. html#id-e067d597. May, [7] The web hacking incidents database. projects/whid/byid_id_ shtml, 2008 [8] Chuck Musciano, Bill Kennedy. HTML & XHTML: The Definitive Guide, Fifth Edition. Aug, [9] Image-Inline Image. special/img.html. May, [10] HTML input type attribute. /att_input_type.asp. May, [11] Robert Auger. The Cross-Site Request Forgery (CSRF/XSRF) FAQ. Apr, [12] OWASP. Top ten most critical web application security vulnerabilities. Whitepaper. / Top [13] Cross-site request forgery. request forgery. May, [14] Cyrill Brunshewiler. Cross Site Request Forgery. csnc.ch/misc/files/publications/compass_event08_csrf_bru_v1.0.pdf. Sept, [15] Bill Zeller, Cross-Site Request Forgeries: Exploitation and Prevention. /files/csrf.pdf. May [16] Sapna satish. CSRF- The hidden menace. June, [17] Ramarao R. Tool for preventing image based CSRF attacks. May, 2009.
Web Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationRobust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationPreparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense By Chuck Willis chuck.willis@mandiant.com Presented at Black Hat Briefings DC 2008 on February 20, 2008 Slides available at www.blackhat.com. Abstract:
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationRobust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More information2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationAttacking the Application OWASP. The OWASP Foundation. Dave Ferguson, CISSP Security Consultant FishNet Security.
Attacking the Application Dave Ferguson, CISSP Security Consultant FishNet Security Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationWeb Security. Course: EPL 682 Name: Savvas Savva
Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell, Robust Defenses for Cross-Site Request Forgery, pub. in 15th ACM Conference, 2008. [2] L. Huang and A. Moshchuk
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationWeb Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com October 16, 2015 Lecture 16: 1/ 14 Outline Browser Security Principles: 1 Cross Site Scripting (XSS) 2 Types of XSS 3 Lecture 16: 2/ 14
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationPrevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side
www.ijcsi.org 650 Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side S.SHALINI 1, S.USHA 2 1 Department of Computer and Communication, Sri Sairam Engineering College,
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationCross-Site Request Forgery: The Sleeping Giant. Jeremiah Grossman Founder and CTO, WhiteHat Security
Cross-Site Request Forgery: The Sleeping Giant Jeremiah Grossman Founder and CTO, WhiteHat Security Cross-Site Request Forgeries (CSRF) 1. Session Riding 2. Client-Side Trojans 3. Confused Deputy 4. Web
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More information2/16/18. Secure Coding. CYSE 411/AIT 681 Secure Software Engineering. Web Security Outline. The Web. The Web, Basically.
Secure Coding CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationAutomatically Checking for Session Management Vulnerabilities in Web Applications
Regular Paper Automatically Checking for Session Management Vulnerabilities in Web Applications Yusuke Takamatsu 1,a) Yuji Kosuga 2 Kenji Kono 1,3 Received: July 4, 2012, Accepted: October 17, 2012 Abstract:
More informationThis slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in
1 This slide shows the OWASP Top 10 Web Application Security Risks of 2017, which is a list of the currently most dangerous web vulnerabilities in terms of prevalence (how much the vulnerability is widespread),
More informationA Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University December 8, 2011 1 / 18 Riccardo Pelizzi
More informationMore attacks on clients: Click-jacking/UI redressing, CSRF
Web Security More attacks on clients: Click-jacking/UI redressing, CSRF (Section 7.2.3 on Click-jacking; Section 7.2.7 on CSRF; Section 7.2.8 on Defenses against client-side attacks) 1 Recall from last
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Fall 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationPenetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
More informationCross-Site Request Forgery
Cross-Site Request Forgery Venkateshwar Reddy S, MBA (Banking Technology), Pondicherry Central University, Puducherry, bobby938@gmail.com. Project guide: Dr. N.P. Dhavale, Deputy General Manager, INFINET
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationWebGoat& WebScarab. What is computer security for $1000 Alex?
WebGoat& WebScarab What is computer security for $1000 Alex? Install WebGoat 10 Download from Google Code 20 Unzip the folder to where ever you want 30 Click on WebGoat.bat 40 Goto http://localhost/webgoat/attack
More informationCross Site Request Forgery
Cross Site Request Forgery VULNERABILITY OVERVIEW WHITE PAPER PUBLIC Version: 1.0 By: Acadion Security URL: http://www.acadion.nl/ Date: February 6, 2013 Address: Koornmarkt 46 2611 EH Delft Nederland
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationAbusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationIntroduction to Ethical Hacking
Introduction to Ethical Hacking Summer University 2017 Seoul, Republic of Korea Alexandre Karlov Today Some tools for web attacks Wireshark How a writeup looks like 0x04 Tools for Web attacks Overview
More informationCross-Site Request Forgery in Cisco SG220 series
Cross-Site Request Forgery in Cisco SG220 series Security advisory 12/09/2016 Renaud Dubourguais Nicolas Collignon www.synacktiv.com 5 rue Sextius Michel 75015 Paris Vulnerability description The Cisco
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationAcknowledgments... xix
CONTENTS IN DETAIL PREFACE xvii Acknowledgments... xix 1 SECURITY IN THE WORLD OF WEB APPLICATIONS 1 Information Security in a Nutshell... 1 Flirting with Formal Solutions... 2 Enter Risk Management...
More informationAuthentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1
Authentication and Password CS166 Introduction to Computer Security 2/11/18 CS166 1 CIA Triad Confidentiality Prevent disclosure of information to unauthorized parties Integrity Detect data tampering Availability
More informationExploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Midterm 1 Print your name:, (last) (first) I am aware of the Berkeley Campus Code of Student Conduct and acknowledge that any academic misconduct will be reported
More informationHacking Intranet Websites from the Outside
1 Hacking Intranet Websites from the Outside "JavaScript malware just got a lot more dangerous" Black Hat (Japan) 10.05.2006 Jeremiah Grossman (Founder and CTO) WhiteHat Security 2 WhiteHat Sentinel -
More informationWeb Security. Thierry Sans
Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationCross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationThe PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
More informationCSWAE Certified Secure Web Application Engineer
CSWAE Certified Secure Web Application Engineer Overview Organizations and governments fall victim to internet based attacks every day. In many cases, web attacks could be thwarted but hackers, organized
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationCS 161 Computer Security
Paxson Spring 2011 CS 161 Computer Security Discussion 6 March 2, 2011 Question 1 Cross-Site Scripting (XSS) (10 min) As part of your daily routine, you are browsing through the news and status updates
More informationCNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationSecurity Course. WebGoat Lab sessions
Security Course WebGoat Lab sessions WebGoat Lab sessions overview Initial Setup Tamper Data Web Goat Lab Session 4 Access Control, session information stealing Lab Session 2 HTTP Basics Sniffing Parameter
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationWeb Security: Web Application Security [continued]
CSE 484 / CSE M 584: Computer Security and Privacy Web Security: Web Application Security [continued] Spring 2017 Franziska (Franzi) Roesner franzi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann,
More informationReflected XSS Cross-Site Request Forgery Other Attacks
Reflected XSS Cross-Site Request Forgery Other Attacks CS 166: Introduction to Computer Systems Security 2/21/18 XSS, CSRF, Other Attacks 1 Reflected XSS 2/21/18 XSS, CSRF, Other Attacks 2 Recap of Persistent
More informationXSS Homework. 1 Overview. 2 Lab Environment
XSS Homework 1 Overview Cross-site scripting (XSS) is a type of vulnerability commonly found in web applications. This vulnerability makes it possible for attackers to inject malicious code (e.g. JavaScript
More information