Automated Generation of Event-Oriented Exploits in Android Hybrid Apps
Size: px
Start display at page:

Download "Automated Generation of Event-Oriented Exploits in Android Hybrid Apps"

Transcription

1 Automated Generation of Event-Oriented Exploits in Android Hybrid Apps Guangliang Yang, Jeff Huang, and Guofei Gu *Secure Communication and Computer Systems Lab Texas A&M University

2 In Android, the hybrid development approach is popular The use of the embedded browser, known as "WebView" rendering web content and running JavaScript code without leaving apps (i.e., hybrid apps) Advantages Easy to deploy Re-using existing web code

3 Event Handler: A unique WebView feature Through the event handler feature, developers can handle/customize web events. Security Flaws! Changing web UI, such as drawing web alert dialogs Supporting customized URL, such as tel:800 -> making a call 94.2% apps use the event handler feature

4 Event Handler: A unique WebView feature Handling/Customizing web events via Event Handler WebView HTML/JavaScript Code Web Event Native (Java) Event Handler Hybrid App

5 Event Handler: A unique WebView feature Handling/Customizing web events via Event Handler WebView HTML/JavaScript Code Native (Java) Event Handler Hybrid App

6 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input WebView HTML/JavaScript Code Server Native (Java) Event Handler Hybrid App Android Device

7 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input WebView <a href = mmsdk://c1.c2?args=...&callback=... Native shouldoverrideurlloading(webview view, String url) { } function1 hashmap(c1. c2) result = function1(args) loadurl( javascript: + callback + ( + result + ) );

8 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input WebView <a href = mmsdk://c1.c2?args=...&callback=... Native shouldoverrideurlloading(webview view, String url) { ) ); } function1 hashmap(c1. c2) Implicit Flow result = function1(args) loadurl( javascript: + callback + ( + result +

9 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input WebView Native 1. Recording audio <a href = mmsdk://c1.c2?args=...&callback= Using camera to take pictures shouldoverrideurlloading(webview view, String url) { 3. Leaking device ID 4. Attacking other apps using Intent 5. ) ); } function1 hashmap(c1. c2) Implicit Flow result = function1(args) loadurl( javascript: + callback + ( + result +

10 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#1 Target

11 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#1 Target

12 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#1 Target

13 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#2 Event Handler#1 Target

14 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#2 Event Handler#1 Target

15 Attacking Event Handlers Potential Attack#1: triggering an event handler with appropriate input Event Handler#2 Event Handler#1 Event Handler#2 Event Handler#1 Target

16 Attacking Event Handlers Potential Attack#2: Playing web events as gadgets The target program state is S t State transitions: [S 1 S 2... S t ] Web events triggering: [E 1 E 2... E t ]

17 Attacking Event Handlers Potential Attack#2: Playing web events as gadgets The target program state is S t [S 1 S 2... S t ] [E 1 E 2... E t ] Generalizing Attacks: Event Oriented Exploits (EOE) [EH 1 EH 2... EH t ]

18 Event Oriented Exploits Consequences Cross-origin/frame DOM manipulation Phishing Sensitive information leakage (such as IMEI and GPS) Local resource access (such as local database), etc. Detecting and verifying existing apps against EOE

19 Detecting and verifying apps against EOE Exiting techniques face significant challenges Static analysis (AppIntent, IntelliDroid, TriggerScope, etc.) False positives lack of real data and context False negatives Java Reflection Implicit flows

20 Detecting and verifying apps against EOE Recap WebView <a href = mmsdk://c1.c2?args=...&callback=... Native shouldoverrideurlloading(webview view, String url) { function1 hashmap(c1. c2) Implicit Flow }

21 Detecting and verifying apps against EOE Exiting techniques face significant challenges Static analysis (AppIntent, IntelliDroid, TriggerScope, etc.) False positives Lack of real data and context False negatives Java Reflection Implicit flows (Google Ads, etc.)

22 Detecting and verifying apps against EOE Exiting techniques face significant challenges Dynamic analysis False negatives low code coverage Our Solution: EOEDroid

23 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

24 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

25 How does EOEDroid work? Event Handler#2 Event Handler#1 Target

26 How does EOEDroid work? Event Handler#2 Event Handler#1 Target

27 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

28 How does EOEDroid work? Event Handler#2 Event Handler#1 Target

29 How does EOEDroid work? Event Handler#2 Event Handler#1 Event Handler#2 Event Handler#1 Target

30 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

31 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

32 Phase1: Event Handler Analysis Symbolic Execution Challenges Path explosion Discovering interesting paths Unsupported Fork() Keeping analysis contexts clean Hooking external-contentwriting Android ICC: intent Linking intent senders and receivers Implicit Flows Converting implicit flows to regular conditional statements

33 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

34 Phase2: Program State Analysis Event handler input generation Computing path constraints Event handler execution order generation Static backward analysis

35 Our Solution: EOEDroid 1. Dynamic Symbolic Execution 2. Static backward analysis 3. Log analysis

36 Phase3: Exploit Code Generation Conducting the systematic study of event handler triggering code and constraints Web events -> Native event handlers Transferring data Triggering constraints

37 Our Solution: EOEDroid Recap WebView <a href = mmsdk://c1.c2?args=...&callback=... Native shouldoverrideurlloading(webview view, String url) { ) ); } loadurl( javascript: + callback + ( + result +

38 Phase3: Exploit Code Generation JavaScript Code Syntax Analysis Analyzing Abstracted Syntax Tree

39 RESULTS / EVALUATION

40 Evaluation Dataset 3,652 popular apps Testbed Android Nexus 10 Methodology Monkey + Mitmproxy

41 Results 97 vulnerabilities 58 vulnerable apps Low false positives & false negatives Analysis time / per app: ~4 minutes

42 CASE STUDY

43 Case Study: Discovering a potential backdoor A high-profile browser (com.mx.xxxx) 10 million downloads Using EOE to leverage a potential backdoor Stealing IMEI

44 Case Study: Discovering a potential backdoor

45 Case Study: Discovering a potential backdoor Phase#1: applying symbolic execution to analyze each event handler

46 Case Study: Discovering a potential backdoor

47 Case Study: Discovering a potential backdoor Phase#2: applying static analysis to generate the required event handler execution order

48 Case Study: Discovering a potential backdoor Phase#2: applying static analysis to generate the required event handler execution order onpagefinished() shouldoverrideurlloading()

49 Case Study: Discovering a potential backdoor Phase#3: Generating exploit code onpagefinished() shouldoverrideurlloading()

50 CONCLUSION

51 Conclusion Despite existing discussion, the event handler feature continues to be problematic in existing apps. In this paper, we discovered the event handler feature may cause serious consequences. We propose a novel vulnerability detection and verification tool (EOEDroid), and also verified our tool is accurate and effective.

52 Thanks!

53 Detecting and verifying apps against EOE Recap WebView <a href = mmsdk://c1.c2?args=...&callback=... Native shouldoverrideurlloading(webview view, String url) { function1 hashmap(c1. c2) Implicit Flow }

54 Phase1: Event Handler Analysis Implicit Flows Converting implicit flows to regular conditional statements Hashmap r = hashmap.get(k) [k 0, k 1, k 2,..., k n ] Conversion

55 Phase3: Exploit Code Generation Conducting the systematic study of event handler triggering code and constraints Web events -> Native event handlers Transferring data Triggering constraints JavaScript Code Syntax Analysis Analyzing Abstracted Syntax Tree

56 Related Work NoFrak, MobileIFC, and Draco: extending same origin policy (SOP) to the native layer, or providing access control on event handlers Hard to deploy Hard to upgrade Course-grained WIREframe and HybridGuard: providing policy enforcement They only focus on JavaScript code. They can be bypassed by EOE.

57 Countermeasure Using safe connection channel: HTTPS Checking the frame level and the origin information of the event handler caller Upgrade WebView to the newest version Providing new APIs with rich information

Similar documents

Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications

Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications Study and Mitigation of Origin Stripping Vulnerabilities in Hybrid-postMessage Enabled Mobile Applications Guangliang Yang, Jeff Huang, Guofei Gu, and Abner Mendoza Texas A&M University {ygl, jeffhuang,

More information

Mobility meets Web. Al Johri & David Elutilo

Mobility meets Web. Al Johri & David Elutilo Mobility meets Web Al Johri & David Elutilo Origin-Based Access Control in Hybrid Application Frameworks Outline 1. Introduction Hybrid Apps & Frameworks 2. Security Models 3. Bridges 4. Fracking 5. Existing

More information

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications

An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications An Empirical Study of Web Resource Manipulation in Real-world Mobile Applications Xiaohan Zhang, Yuan Zhang, Qianqian Mo, Hao Xia, Zhemin Yang, Min Yang XiaoFeng Wang, Long Lu, and Haixin Duan Background

More information

Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps

Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps Precisely and Scalably Vetting JavaScript Bridge In Android Hybrid Apps Guangliang Yang, Abner Mendoza, Jialong Zhang, and Guofei Gu SUCCESS LAB Texas A&M University {ygl,abmendoza}@tamu.edu, {jialong,guofei}@cse.tamu.edu

More information

Android Online Training

Android Online Training Android Online Training IQ training facility offers Android Online Training. Our Android trainers come with vast work experience and teaching skills. Our Android training online is regarded as the one

More information

Copyright

Copyright 1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?

More information

ATC Android Application Development

ATC Android Application Development ATC Android Application Development 1. Android Framework and Android Studio b. Android Platform Architecture i. Linux Kernel ii. Hardware Abstraction Layer(HAL) iii. Android runtime iv. Native C/C++ Libraries

More information

Attacks on WebView in the Android System

Attacks on WebView in the Android System Syracuse University SURFACE Electrical Engineering and Computer Science College of Engineering and Computer Science 2011 Attacks on WebView in the Android System Tongbo Luo Syracuse University, toluo@syr.edu

More information

Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology

Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan. Stanford University, Chalmers University of Technology Stefan Heule, Devon Rifkin, Alejandro Russo, Deian Stefan Stanford University, Chalmers University of Technology One of the most popular application platforms Easy to deploy and access Almost anything

More information

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved. 1 Introduction to the Oracle Mobile Development Platform Dana Singleterry Product Management Oracle Development Tools Global Installed Base: PCs vs Mobile Devices 3 Mobile Enterprise Challenges In Pursuit

More information

1. GOALS and MOTIVATION

1. GOALS and MOTIVATION AppSeer: Discovering Interface Defects among Android Components Vincenzo Chiaramida, Francesco Pinci, Ugo Buy and Rigel Gjomemo University of Illinois at Chicago 4 September 2018 Slides by: Vincenzo Chiaramida

More information

C1: Define Security Requirements

C1: Define Security Requirements OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security

More information

Access Control for Plugins in Cordova-based Hybrid Applications

Access Control for Plugins in Cordova-based Hybrid Applications 2017 IEEE. Personal use of this material is permitted. Permission from IEEE must be obtained for all other uses, in any current or future media, including reprinting/republishing this material for advertising

More information

Android Application Development Course Code: AND-401 Version 7 Duration: 05 days

Android Application Development Course Code: AND-401 Version 7 Duration: 05 days Let s Reach For Excellence! TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC Address: 103 Pasteur, Dist.1, HCMC Tel: 08 38245819; 38239761 Email: traincert@tdt-tanduc.com Website: www.tdt-tanduc.com; www.tanducits.com

More information

Dynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton

Dynamic Detection of Inter- Application Communication Vulnerabilities in Android. Daniel Barton Dynamic Detection of Inter- Application Communication Vulnerabilities in Android Daniel Barton Authors/Paper Metadata Roee Hay IBM Security Omer Tripp IBM T.J. Watson Research Center Marco Pistoia IBM

More information

Android App Development

Android App Development Android App Development Course Contents: Android app development Course Benefit: You will learn how to Use Advance Features of Android with LIVE PROJECTS Original Fees: 15000 per student. Corporate Discount

More information

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions

2 Lecture Embedded System Security A.-R. Darmstadt, Android Security Extensions 2 Lecture Embedded System Security A.-R. Sadeghi, @TU Darmstadt, 2011-2014 Android Security Extensions App A Perm. P 1 App B Perm. P 2 Perm. P 3 Kirin [2009] Reference Monitor Prevents the installation

More information

Hybrid App Security Attack and Defense

Hybrid App Security Attack and Defense 标题文本» 正文级别 1 正文级别 2 正文级别 3 正文级别 4» 正文级别 5 Hybrid App Security Attack and Defense HuiYu Wu @ Tencent Security Platform Department About Me Security researcher at Tencent Security Platform Department Focus

More information

ANDROID SYLLABUS. Advanced Android

ANDROID SYLLABUS. Advanced Android Advanced Android 1) Introduction To Mobile Apps I. Why we Need Mobile Apps II. Different Kinds of Mobile Apps III. Briefly about Android 2) Introduction Android I. History Behind Android Development II.

More information

VirtualSwindle: An Automated Attack Against In-App Billing on Android

VirtualSwindle: An Automated Attack Against In-App Billing on Android Northeastern University Systems Security Lab VirtualSwindle: An Automated Attack Against In-App Billing on Android ASIACCS 2014 Collin Mulliner, William Robertson, Engin Kirda {crm,wkr,ek}[at]ccs.neu.edu

More information

OWASP Top 10 The Ten Most Critical Web Application Security Risks

OWASP Top 10 The Ten Most Critical Web Application Security Risks OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain

More information

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis

Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Obfuscation-Resilient Privacy Leak Detection for Mobile Apps Through Differential Analysis Andrea Continella, Yanick Fratantonio, Martina Lindorfer, Alessandro Puccetti, Ali Zand, Christopher Kruegel,

More information

Hybrid Apps Combining HTML5 + JAVASCRIPT + ANDROID

Hybrid Apps Combining HTML5 + JAVASCRIPT + ANDROID Hybrid Apps Combining HTML5 + JAVASCRIPT + ANDROID Displaying Web Page For displaying web page, two approaches may be adopted: 1. Invoke browser application: In this case another window out side app will

More information

Android Essentials with Java

Android Essentials with Java Android Essentials with Java Before You Program o Exercise in algorithm generation Getting Started o Using IntelliJ CE Using Variables and Values o Store data in typed variables Static Methods o Write

More information

Understanding and Detecting Wake Lock Misuses for Android Applications

Understanding and Detecting Wake Lock Misuses for Android Applications Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated by FSE 2016 Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research

More information

Overview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises

More information

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews

BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews BabelView: Evaluating the Impact of Code Injection Attacks in Mobile Webviews Claudio Rizzo, Lorenzo Cavallaro, and Johannes Kinder Royal Holloway, University of London {claudio.rizzo.2015 lorenzo.cavallaro

More information

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui

Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Honours/Master/PhD Thesis Projects Supervised by Dr. Yulei Sui Projects 1 Information flow analysis for mobile applications 2 2 Machine-learning-guide typestate analysis for UAF vulnerabilities 3 3 Preventing

More information

PROCE55 Mobile: Web API App. Web API. https://www.rijksmuseum.nl/api/...

PROCE55 Mobile: Web API App. Web API. https://www.rijksmuseum.nl/api/... PROCE55 Mobile: Web API App PROCE55 Mobile with Test Web API App Web API App Example This example shows how to access a typical Web API using your mobile phone via Internet. The returned data is in JSON

More information

Android Application Development

Android Application Development Android Application Development Course Code: AND-401 Version 7 (Nougat) 2016 Android ATC Published by: Android ATC Fourth Printing: December 2016. First Printing: October 2013. ISBN: 978-0-9900143-8-6

More information

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection

Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are

More information

Understanding and Detecting Wake Lock Misuses for Android Applications

Understanding and Detecting Wake Lock Misuses for Android Applications Understanding and Detecting Wake Lock Misuses for Android Applications Artifact Evaluated Yepang Liu, Chang Xu, Shing-Chi Cheung, and Valerio Terragni Code Analysis, Testing and Learning Research Group

More information

COURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3

COURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3 COURSE OUTLINE MOC 20480: PROGRAMMING IN HTML5 WITH JAVASCRIPT AND CSS3 MODULE 1: OVERVIEW OF HTML AND CSS This module provides an overview of HTML and CSS, and describes how to use Visual Studio 2012

More information

Breaking and Securing Mobile Apps

Breaking and Securing Mobile Apps Breaking and Securing Mobile Apps Aditya Gupta @adi1391 adi@attify.com +91-9538295259 Who Am I? The Mobile Security Guy Attify Security Architecture, Auditing, Trainings etc. Ex Rediff.com Security Lead

More information

55191: Advanced SharePoint Development

55191: Advanced SharePoint Development Let s Reach For Excellence! TAN DUC INFORMATION TECHNOLOGY SCHOOL JSC Address: 103 Pasteur, Dist.1, HCMC Tel: 08 38245819; 38239761 Email: traincert@tdt-tanduc.com Website: www.tdt-tanduc.com; www.tanducits.com

More information

Firefox for Android. Reviewer s Guide. Contact us:

Firefox for Android. Reviewer s Guide. Contact us: Reviewer s Guide Contact us: press@mozilla.com Table of Contents About Mozilla 1 Move at the Speed of the Web 2 Get Started 3 Mobile Browsing Upgrade 4 Get Up and Go 6 Customize On the Go 7 Privacy and

More information

Beginner s Guide to Cordova and Mobile Application Development

Beginner s Guide to Cordova and Mobile Application Development November 13, 2018 Beginner s Guide to Cordova and Mobile Application Development George Campbell Lead Software Engineer Doug Davies Lead Software Engineer George Campbell Lead Software Engineer Doug Davies

More information

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications Marco Balduzzi, Carmen Torrano Gimenez, Davide Balzarotti, and Engin Kirda NDSS 2011 The Web as We Know It 2 Has evolved from

More information

IGEEKS TECHNOLOGIES. Software Training Division. Academic Live Projects For BE,ME,MCA,BCA and PHD Students

IGEEKS TECHNOLOGIES. Software Training Division. Academic Live Projects For BE,ME,MCA,BCA and PHD Students Duration:40hours IGEEKS TECHNOLOGIES Software Training Division Academic Live Projects For BE,ME,MCA,BCA and PHD Students IGeekS Technologies (Make Final Year Project) No: 19, MN Complex, 2nd Cross, Sampige

More information

Secure Frame Communication in Browsers Review

Secure Frame Communication in Browsers Review Secure Frame Communication in Browsers Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic being

More information

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated

Ch 1: The Mobile Risk Ecosystem. CNIT 128: Hacking Mobile Devices. Updated Ch 1: The Mobile Risk Ecosystem CNIT 128: Hacking Mobile Devices Updated 1-12-16 The Mobile Ecosystem Popularity of Mobile Devices Insecurity of Mobile Devices The Mobile Risk Model Mobile Network Architecture

More information

Connect and Transform Your Digital Business with IBM

Connect and Transform Your Digital Business with IBM Connect and Transform Your Digital Business with IBM 1 MANAGEMENT ANALYTICS SECURITY MobileFirst Foundation will help deliver your mobile apps faster IDE & Tools Mobile App Builder Development Framework

More information

Security Philosophy. Humans have difficulty understanding risk

Security Philosophy. Humans have difficulty understanding risk Android Security Security Philosophy Humans have difficulty understanding risk Safer to assume that Most developers do not understand security Most users do not understand security Security philosophy

More information

We need a browser that just works with modern web sites and services. I m worried about Internet security threats and the risk to my business

We need a browser that just works with modern web sites and services. I m worried about Internet security threats and the risk to my business WHAT WE HEARD FROM YOU We need a browser that just works with modern web sites and services I m worried about Internet security threats and the risk to my business My employees need to be productive when

More information

The course also includes an overview of some of the most popular frameworks that you will most likely encounter in your real work environments.

The course also includes an overview of some of the most popular frameworks that you will most likely encounter in your real work environments. Web Development WEB101: Web Development Fundamentals using HTML, CSS and JavaScript $2,495.00 5 Days Replay Class Recordings included with this course Upcoming Dates Course Description This 5-day instructor-led

More information

To be Technical Or not to be THAT is the question!

To be Technical Or not to be THAT is the question! To be Technical Or not to be THAT is the question! The Questions We Ask.. No Future of Exploratory (Manual) Testing? The Questions We Ask.. How to Learn Automation? The Perceived Career Path Management

More information

DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com

DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com DreamFactory Customer Privacy and Security Whitepaper Delivering Secure Applications on Salesforce.com By Bill Appleton, CTO, DreamFactory Software billappleton@dreamfactory.com Introduction DreamFactory

More information

We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries

We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries PoCs included Content Security Policy WAFs whitelists nonces

More information

arxiv: v3 [cs.cr] 1 Sep 2014

arxiv: v3 [cs.cr] 1 Sep 2014 Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky K. C. Chang Department of Computing, The Hong Kong Polytechnic University {csdwu,csrchang}@comp.polyu.edu.hk arxiv:1404.4553v3

More information

Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University

Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University Detecting Drive-by-Download Attacks based on HTTP Context-Types Ryo Kiire, Shigeki Goto Waseda University 1 Outline Background Related Work Purpose Method Experiment Results Conclusion & Future Work 2

More information

Web Security. advanced topics on SOP. Yan Huang. Credits: slides adapted from Stanford and Cornell Tech

Web Security. advanced topics on SOP. Yan Huang. Credits: slides adapted from Stanford and Cornell Tech Web Security advanced topics on SOP Yan Huang Credits: slides adapted from Stanford and Cornell Tech Same Origin Policy protocol://domain:port/path?params Same Origin Policy (SOP) for DOM: Origin A can

More information

Software Testing

Software Testing Ali Complex, 2nd block, Kormangala, Madiwala, Bengaluru-560068 Page 1 What is Software Testing? Software Testing is the process of testing software with the purpose of finding bugs and ensuring that it

More information

Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets

Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets Sebastian Lekies (@slekies) Krzysztof Kotowicz (@kkotowicz) Eduardo Vela Nava (@sirdarckcat) Agenda 1. 2. 3. 4. 5. 6. Introduction

More information

Application Security through a Hacker s Eyes James Walden Northern Kentucky University

Application Security through a Hacker s Eyes James Walden Northern Kentucky University Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways

More information

CS 161 Computer Security

CS 161 Computer Security Paxson Spring 2011 CS 161 Computer Security Discussion 6 March 2, 2011 Question 1 Cross-Site Scripting (XSS) (10 min) As part of your daily routine, you are browsing through the news and status updates

More information

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps

WebSphere Puts Business In Motion. Put People In Motion With Mobile Apps WebSphere Puts Business In Motion Put People In Motion With Mobile Apps Use Mobile Apps To Create New Revenue Opportunities A clothing store increases sales through personalized offers Customers can scan

More information

Design Inaccuracy Cross Link Authoring Flaw - ipaper Platform

Design Inaccuracy Cross Link Authoring Flaw - ipaper Platform COSEINC Design Inaccuracy Cross Link Authoring Flaw - ipaper Platform Aditya K Sood, - Sr. Security Researcher, Vulnerability Research Labs, COSEINC Email: Aditya [at] research.coseinc.com Website: http://www.coseinc.com

More information

Adaptive Android Kernel Live Patching

Adaptive Android Kernel Live Patching USENIX Security Symposium 2017 Adaptive Android Kernel Live Patching Yue Chen 1, Yulong Zhang 2, Zhi Wang 1, Liangzhao Xia 2, Chenfu Bao 2, Tao Wei 2 Florida State University 1 Baidu X-Lab 2 Android Kernel

More information

Chat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev

Chat with a hacker. Increase attack surface for Pentest. A talk by Egor Karbutov and Alexey Pertsev Chat with a hacker Increase attack surface for Pentest A talk by Egor Karbutov and Alexey Pertsev $ Whoarewe Egor Karbutov & Alexey Pertsev Penetration testers @Digital Security Speakers Bug Hunters 2

More information

Oracle Mobile Application Framework

Oracle Mobile Application Framework Oracle Mobile Application Framework Oracle Mobile Application Framework (Oracle MAF) is a hybrid-mobile development framework that enables development teams to rapidly develop single-source applications

More information

Incident Play Book: Phishing

Incident Play Book: Phishing Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons

More information

Finding Vulnerabilities in Web Applications

Finding Vulnerabilities in Web Applications Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of

More information

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED

01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED 01/02/2014 SECURITY ASSESSMENT METHODOLOGIES SENSEPOST 2014 ALL RIGHTS RESERVED Contents 1. Introduction 3 2. Security Testing Methodologies 3 2.1 Internet Footprint Assessment 4 2.2 Infrastructure Assessments

More information

Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn

Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn Secure Parameter Filter (SPF) (AKA Protecting Vulnerable Applications with IIS7) Justin Clarke, Andrew Carey Nairn Our Observations The same old code-level problems Input Validation, Parameter Manipulation,

More information

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar

Produced by. Mobile Application Development. Higher Diploma in Science in Computer Science. Eamonn de Leastar Mobile Application Development Higher Diploma in Science in Computer Science Produced by Eamonn de Leastar (edeleastar@wit.ie)! Department of Computing, Maths & Physics Waterford Institute of Technology

More information

Etanova Enterprise Solutions

Etanova Enterprise Solutions Etanova Enterprise Solutions Front End Development» 2018-09-23 http://www.etanova.com/technologies/front-end-development Contents HTML 5... 6 Rich Internet Applications... 6 Web Browser Hardware Acceleration...

More information

Mobile Applications 2013/2014

Mobile Applications 2013/2014 Mobile Applications 2013/2014 Mike Taylor Product Manager February 6, 2015 Advanced Development Technology Agenda Devices App Types Test/Deploy Summary Devices Mobile (Feature) Phones Windows version 5/6

More information

Android Programming (5 Days)

Android Programming (5 Days) www.peaklearningllc.com Android Programming (5 Days) Course Description Android is an open source platform for mobile computing. Applications are developed using familiar Java and Eclipse tools. This Android

More information

What Mobile Development Model is Right for You?

What Mobile Development Model is Right for You? What Mobile Development Model is Right for You? An analysis of the pros and cons of Responsive Web App, Hybrid App I - Hybrid Web App, Hybrid App II - Hybrid Mixed App and Native App Contents Mobile Development

More information

TESTBEDS Paris

TESTBEDS Paris TESTBEDS 2010 - Paris Rich Internet Application Testing Using Execution Trace Data Dipartimento di Informatica e Sistemistica Università di Napoli, Federico II Naples, Italy Domenico Amalfitano Anna Rita

More information

Information Security CS 526 Topic 8

Information Security CS 526 Topic 8 Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive

More information

Symantec Endpoint Protection Family Feature Comparison

Symantec Endpoint Protection Family Feature Comparison Symantec Endpoint Protection Family Feature Comparison SEP SBE SEP Cloud SEP Cloud SEP 14.2 Device Protection Laptop, Laptop Laptop, Tablet Laptop Tablet & & Smartphone Smartphone Meter Per Device Per

More information

Computer Security CS 426 Lecture 41

Computer Security CS 426 Lecture 41 Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general

More information

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014

6.858 Quiz 2 Review. Android Security. Haogang Chen Nov 24, 2014 6.858 Quiz 2 Review Android Security Haogang Chen Nov 24, 2014 1 Security layers Layer Role Reference Monitor Mandatory Access Control (MAC) for RPC: enforce access control policy for shared resources

More information

Eradicating DNS Rebinding with the Extended Same-Origin Policy

Eradicating DNS Rebinding with the Extended Same-Origin Policy Eradicating DNS Rebinding with the Extended Same-Origin Policy Martin Johns, Sebastian Lekies and Ben Stock USENIX Security August 16th, 2013 Agenda DNS Rebinding The basic attack History repeating HTML5

More information

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE

ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE ENTERPRISE ENDPOINT PROTECTION BUYER S GUIDE TABLE OF CONTENTS Overview...3 A Multi-Layer Approach to Endpoint Security...4 Known Attack Detection...5 Machine Learning...6 Behavioral Analysis...7 Exploit

More information

Advanced Windows Store App Development Using C#

Advanced Windows Store App Development Using C# Course 20485C: Advanced Windows Store App Development Using C# Course Details Course Outline Module 1: Windows Store App Essentials In this module, you will get an overview of the Windows 8.1 user experience

More information

Bifocals: Analyzing WebView Vulnerabilities in Android Applications

Bifocals: Analyzing WebView Vulnerabilities in Android Applications Bifocals: Analyzing WebView Vulnerabilities in Android Applications Erika Chin and David Wagner University of California, Berkeley {emc, daw}@cs.berkeley.edu Abstract. WebViews allow Android developers

More information

XHound: Quantifying the Fingerprintability of Browser Extensions. Priyankit Bangia Software Engineering. By Oleksii Starov & Nick Nikiforakis

XHound: Quantifying the Fingerprintability of Browser Extensions. Priyankit Bangia Software Engineering. By Oleksii Starov & Nick Nikiforakis XHound: Quantifying the Fingerprintability of Browser Extensions By Oleksii Starov & Nick Nikiforakis Priyankit Bangia Software Engineering INTRODUCTION What are browser extensions? Browsers are designed

More information

1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague

1000 Ways to Die in Mobile OAuth. Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague 1000 Ways to Die in Mobile OAuth Eric Chen, Yutong Pei, Yuan Tian, Shuo Chen,Robert Kotcher and Patrick Tague What is this work about? In 2014, Studied OAuth usage in 200 Android/iOS OAuth applications.

More information

On the Static Analysis of Hybrid Mobile Apps. Outline What is a Hybrid App?

On the Static Analysis of Hybrid Mobile Apps. Outline What is a Hybrid App? On the Static Analysis of Hybrid Mobile Apps A Report on the State of Apache Cordova Nation Achim D Brucker and Michael Herzberg {abrucker,msherzberg1@sheffieldacuk Department of Computer Science, The

More information

Identity-based Access Control

Identity-based Access Control Identity-based Access Control The kind of access control familiar from operating systems like Unix or Windows based on user identities This model originated in closed organisations ( enterprises ) like

More information

ORACLE UNIVERSITY AUTHORISED EDUCATION PARTNER (WDP)

ORACLE UNIVERSITY AUTHORISED EDUCATION PARTNER (WDP) Android Syllabus Pre-requisite: C, C++, Java Programming SQL & PL SQL Chapter 1: Introduction to Android Introduction to android operating system History of android operating system Features of Android

More information

Content Security Policy

Content Security Policy About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training

More information

OWASP AppSec Research The OWASP Foundation New Insights into Clickjacking

OWASP AppSec Research The OWASP Foundation New Insights into Clickjacking New Insights into Clickjacking Marco `embyte` Balduzzi iseclab @ EURECOM embyte@iseclab.org AppSec Research 2010 Joint work with Egele, Kirda, Balzarotti and Kruegel Copyright The Foundation Permission

More information

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez

The Attacker s POV Hacking Mobile Apps. in Your Enterprise to Reveal Real Vulns and Protect the Business. Tony Ramirez The Attacker s POV Hacking Mobile Apps in Your Enterprise to Reveal Real Vulns and Protect the Business Tony Ramirez AGENDA & SPEAKERS Introduction Attacks on Mobile Live Demo Recommendations Q&A Tony

More information

Web Browser as an Application Platform Antero Taivalsaari

Web Browser as an Application Platform Antero Taivalsaari Web Browser as an Application Platform Antero Taivalsaari November 27, 2007 http://research.sun.com/projects/lively lively@sun.com Background The widespread adoption of the World Wide Web has dramatically

More information

Android App Development

Android App Development Android App Development Outline Introduction Android Fundamentals Android Studio Tutorials Introduction What is Android? A software platform and operating system for mobile devices Based on the Linux kernel

More information

Copyright 2014, Oracle and/or its affiliates. All rights reserved.

Copyright 2014, Oracle and/or its affiliates. All rights reserved. 1 Oracle Mobile Suite an Overview Vincent Hu Principal Sales Consultant Oracle Mobile Suite Everything you need to mobile enable enterprise applications in one package One Platform, Any App, Any Data,

More information

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar.

Mobile Payment Application Security. Security steps to take while developing Mobile Application s. SISA Webinar. Mobile Payment Application Security Security steps to take while developing Mobile Application s About SISA Payment Security Specialists PCI Certification Body (PCI Qualified Security Assessor) Payment

More information

Web Application Penetration Testing

Web Application Penetration Testing Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate

More information

Real-world security analyses of OAuth 2.0 and OpenID Connect

Real-world security analyses of OAuth 2.0 and OpenID Connect Real-world security analyses of OAuth 2.0 and OpenID Connect Wanpeng Li and Chris J Mitchell 1 Agenda Single sign-on and identity management OAuth 2.0 Two case studies Security analyses OpenID Connect

More information

How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on OAuth and API Design in Online Social Networks

How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on OAuth and API Design in Online Social Networks How to Leak a 100-Million-Node Social Graph in Just One Week? - A Reflection on OAuth and API Design in Online Social Networks Pili Hu and Wing Cheong Lau July 1, 2014 Abstract In this paper 1, we discuss

More information

Static Analysis for Android: GUIs, Callbacks, and Beyond

Static Analysis for Android: GUIs, Callbacks, and Beyond Static Analysis for Android: GUIs, Callbacks, and Beyond Atanas (Nasko) Rountev Joint work with Dacong Yan Shengqian Yang Haowei Wu Yan Wang Hailong Zhang Ohio State University PRESTO: Program Analyses

More information

Benefits of Building HTML5 Mobile Enterprise Applications

Benefits of Building HTML5 Mobile Enterprise Applications Benefits of Building HTML5 Mobile Enterprise Applications Product Version 2.0 Table of Contents Introducing OpenText Gupta TD Mobile and HTML5... 3 Challenges of Mobile Enterprise Application Development...

More information

I, J, K. Eclipse, 156

I, J, K. Eclipse, 156 Index A, B Android PhoneGap app, 158 deploying and running, 172 New Eclipse project, 158 Activity dialog, 162 application properties, 160 AVD, 170 configuration, 167 Launcher Icon dialog, 161 PhoneGap

More information

CS 161 Computer Security

CS 161 Computer Security Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing

More information

Software Development & Education Center ANDROID. Application Development

Software Development & Education Center ANDROID. Application Development Software Development & Education Center ANDROID Application Development Android Overview and History ANDROID CURRICULUM How it all got started Why Android is different (and important) Android Stack Overview

More information

Version 1.1. Mobile Optimisation

Version 1.1. Mobile Optimisation Version 1.1 1 Table Of contents 1. Introduction. Page 3 1.1. SmartPay mobile payment pages... Page 3 1.2. A simple and straight forward Multi page..page 3 2. How to integrate...page 4 2.1. Option 1: native

More information

MWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS

MWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4

More information
2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback