Robust Defenses for Cross-Site Request Forgery Review
|
|
- Albert Cole
- 5 years ago
- Views:
Transcription
1 Robust Defenses for Cross-Site Request Forgery Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, Introduction to the topic and the reason for the topic being interesting In Cross-Site Request Forgery an attacker tricks the victim s browser to interact with a trustworthy site by impersonating the victim and breaking victim s session with the site. Login Cross Site Request Forgery is a form of Cross-Site Request Forgery attack, in which an attacker tricks the victims browser by logging the victim into an honest site as the attacker. This topic is interesting as it tries to protect a users privacy by safe guarding him against Cross-Site Request Forgery attacks. 2 Questions that the paper asks and how are those questions interesting This paper explores the ways of protecting a user against Cross-Site Request Forgery attacks. This question interesting as it tries to find methods to protect a users privacy by safe guarding him against Cross-Site Request Forgery attacks. 3 How does it answer the questions In Cross-Site Request Forgery an attacker breaks victim s session with the site by tricking the victim s browser to interact with a trustworthy site as the attacker. Thus by tricking the browser the attacker can access the following resources: 1. Network Connectivity: By carrying out the attack, the attacker gets access to any site behind the firewall. 2. By carrying out the attack, the attacker can read the users session cookies, thus breaching the privacy of the users. 3. By carrying out the attack, the attacker can set cookies in the browser, thus writing the browser state. The threat model which the authors propose is given below: 1. The threats which are taken into consideration by the author are given below: (a) Forum Poster: Many sites such as forums permit the users to add content to the site in the form of images or links. The attacker can take advantage of this, by writing into the source of the image the attackers malicious URL for carrying out the CSRF attack. (b) Web Attacker: A web attacker has an HTTPS certificate for his site and can carry out the CSRF attack by its web server. 1
2 (c) Network Attacker: A network attacker is capable of carrying out active CSRF attacks. 2. The threats which are not taken into consideration by the author are given below: (a) Cross Site Scripting: The attacker in this threat model does not try to inject malicious script into web pages viewed by other users. Hence this threat model rules out Cross Site Scripting Attack. (b) Malware: The threat model does not take into consideration the attack by which an attacker may inject malicious code into the users system, thus compromising the users session. (c) DNS Rebinding: Although DNS rebinding attacks are similar to CSRF attacks, but their defenses are different. The threat model does not take DNS rebinding attacks into consideration. (d) Certification Errors: This threat model assumes that users don t neglect the warning issued by the browser against certification errors. Hence this model assumes that the users do not visit the site with certification errors. (e) Phishing attacks: Phishing attacks occur when an attacker redirects a user to a fake website in order to collect users information, for example, passwords. One way in which an attacker may accomplish this redirection is by sending the user an containing the link of that website. This threat model does not take phishing attacks into consideration. (f) User Tracking: Some websites track the users browsing activities. This threat model does not take this into consideration. Login Cross Site Request Forgery is a form of Cross-Site Request Forgery attack, in which an attacker tricks the victims browser by logging the victim into an honest site as the attacker. The attacker s cookie which is stored in the users browser, collects information about the user, thus breaching the users privacy. Some of login CSRF attacks are mentioned below: 1. A login CSRF attack is depicted in the figure below: In the above figure an attacker gets to know the search history of the victim by first attracting the victim towards his site. Then the attacker entices the victim to click on a malicious link thus launching a CSRF attack and logging the victim as the attacker. This way the attacker 2
3 is able to track the victims search history and it gets stored into the victims accounts search history. 2. Paypal: As paypal lets its customers transfer money in each other accounts. Hence an advantage of this fact and perform a CSRF attack by first luring a victim to visit a malicious site and clicking on a malicious link in that site which takes him to PayPal s site, where the user logs in. But the attacker would log him into its account and when the user enters his credit card information, the attacker would transfer funds from the victim s credit card to its own account. Some of the present CSRF defenses along with the loopholes in these defenses are mentioned below: 1. Secret Validation Token: In order to figure out that the request has come from an honest sender secret validation tokens are used. Some of the techniques for creating secret tokens are mentioned below: (a) The users session identifier can be used as the secret validation token. The drawback of this technique is that sometimes users unknowingly post their web pages containing session identifiers on their forums or s, which an attacker can extract to carry out the attack. (b) A freshly generated random value can be used as the session identifier. When a request is generated by the browser the server matches this random value to the value stored in the cookie. (c) The server stores the users session value with the CSRF token. Every time a request is sent to the server it matches the request token with the value of the session identifier. The disadvantage of this approach is the requirement to store huge amount of data on the server. The author states that this approach has been adopted by CSRF, CSRFx and NoForge. (d) A server can store the HMAC value of the session identifier. And when a request is sent to the server it matches the value of the CSRF token containing the HMAC with the value of the HMAC of the session identifier. The disadvantage of the above approaches is that websites fail to implement the secret token defense correctly. Consider the example of NoForge which implements third type of secret token. NoForge attaches the secret token to all the hyperlinks and form submissions. The approach of NoForge has the following loopholes: (a) HTML pages created on the client side does not include the CSRF token. (b) NoForge allows a web application to create links to other sites, this site receives the CSRF token values of the user, when the user clicks on such links. (c) NoForge does not have any defense against log-in CSRF attacks, as the matching of the token is done when the user already has a session identifier. 2. Referrer Header: Referrer Header is used to identify the site which generated the request. If a website uses the Referrer header as a shield against CSRF attack, it has the following two options to choose from: (a) Lenient Referrer Validation: The site s server obstruct only those request which contain erroneous referrer header, rest of the requests including requests containing no referrer header are accepted. (b) Strict Referrer Validation: The site s server obstructs requests containing erroneous referrer header and no referrer header. The following experiment was conducted to find out the compatibility of the strict referrer header. Experiment: (Reference for the experiment: Robust Defenses for Cross-Site Request Forgery 3
4 by Adam Barth et.al.) The author bought 283,945 advertisement impressions by employing two advertisement networks. On Advertisement Network A the keywords were Firefox, Game, Internet Explorer, Video, You Tube. While on Advertisement Network B the keywords were Ballet, Finance, Flowers, Food and Gardening. When the advertisements were rendered they generated a random number for identifying them. One of the two server sends content over both HTTP and HTTPS. On getting request from the Client the server records the Referrer Header, the User-Agent header, the date, the clients network address, session identifier and document.referrer value. The results obtained by the authors were: (a) The referrer header was removed for a greater number of times for HTTP requests than for HTTPS. The reason for this being, the ability of the proxies to remove the header for HTTP but not the HTTPS. (b) The browsers remove both the referrer header and the value of document.referrer, whereas the network removes only the referrer header. But as referrer header was observed to be removed more often, hence its value must been removed by the network. The authors obtained the following two conclusions: (a) The server must adopt strict referrer validation for HTTPS and lenient referrer validation for HTTP. (b) In order to protect users privacy, Referrer header must not be used over HTTP. 3. Custom HTTP headers: In order to protect a user from CSRF, custom HTTP headers can be used. Custom HTTP headers cannot be send from one site to another site but can be send from one site to itself using XMLHttpRequest. In order to defend a site against CSRF, the authors propose that browsers must be altered to send Origin headers with post request. The origin header indicates the origin of the website which sent the request. The origin header maintains the users privacy in the following ways: 1. The origin header contains just the requisite amount of information which is required to identify the sender. 2. By just clicking hyperlinks the origin header is not sent to the server. To use the origin header the server should modify its policy as follows: 1. All the requests must be sent by the POST method. 2. Any request with erroneous origin header should be rejected. The following is the security examination of the origin header: 1. Since the supporting browsers would contain an Origin header in POST requests. Hence the attacker can not change the supporting browser to be non supporting. 2. To prevent an attacker from exploiting the vulnerability of cross site requests, all cross site HTTP requests should be made with trusted websites. The origin header imbibes the features from the following four proposals: 1. Cross-Site XMLHttpRequest uses Access-Control-Origin header to identify the origin of the sender. Cross-Site XMLHttpRequest s working group accepted the authors suggestion to rename this header as origin 2. XDomainRequest API in Internet Explorer 8 does not include the path and the query in its header. Microsoft accepted the authors suggestion to name the header to origin. 3. JSONRequest API s domain header contains the name of the sender. Whereas Origin also contains the senders scheme and port. JSONRequest s specification editor accepted the authors suggestion to adopt origin header. 4
5 4. Cross-Document Messaging API in HTML5 uses the origin header on the client side. The authors employed the origin header in an eight line patch to Webkit and in a 466 line extension to Firefox. Though after the session initialization security can be maintained by the server by verifying the session identifier. But while performing session initialization the below mentioned loopholes can be exploited by an attacker: 1. An attacker can obligate the site to use the attacker s session identifier. After authentication the attacker can access the site as an honest user. 2. An attacker can obligate the site to start the session in the users browser but with the attacker being logged in. One way perform this is to use login CSRF. The below mentioned are methods of performing an attack during session initialization. 1. HTTP Requests: The attacker may force the victim s browser to access a trustworthy site via HTTP and cause the site to start a session. Two case studies for this are shown below: (a) OpenID: OpenID does not have a method to associate a session to the users browser. Hence an attacker may exploit this flaw as follows: i. In one window of its machine, the attacker starts authenticating with a site and in the other window the attacker opens a relying site. ii. Upon authentication, the browser of the attacker then redirects it to return to URL of Relying party. iii. The attacker navigates the users browser to return to URL, instead of navigating himself. iv. Relying Site stores the attacker s cookie in the victim s browser. Thus the user interacts with the relying site as the attacker. In order to protect the user the relying site should store a freshly generated random number in the users browser as well as include it in the return to URL. (b) PHP cookieless authentication is performed by some sites to protect the users privacy by deleting the cookies. The attacker may take advantage of this in the following manner: i. The attacker first authenticates himself with the target site. ii. The attacker navigates the victim s browser to the URL appearing in its own location bar. iii. User is now logged on to the target site as the attacker. To protect the users the site must incorporate some method to associate the session identifier with the authenticator s browser. 2. Cookie Overwriting: An active attacker may send its cookie over HTTP and store it in the users browser. The browser may now send a request over HTTPS to the site, the site can not identify that the cookie has come from the attacker. In order to protect the users the authors propose that the browsers should include the integrity header in its HTTPS request.some of the design decision regarding cookie overwrite which have been proposed by the author are: (a) To conserve bandwidth only the index of the cookie is sent in the HTTP request. (b) By identifying the cookies with their index, the cookies can be uniquely identified by the server. (c) Cookie-Integrity header does not protect when cookies are set for.abc.in. Now if there is dishonest site as a.abc.in, then this site can also access the cookies of.abc.in 4 Methodology used to investigate the paper The methodology used to investigate the paper is a case study based approach. While testing the comparability of the Strict Referrer header the author adopted an empirical approach. 5
6 5 What I learned from the paper From this paper I leaned the ways to protect a site from Cross-site Script Request Forgery. 6 How the paper relates to previous work The paper relates to the follwoing work: 1. RequestRedeo: RequestRedeo protects the users from CRSF by providing defenses from the client site. It removes sensitive information like cookie headers from the HTTP request which are going to the other sites. The drawback of RequestRedeo is that it does not protect from login CSRF. 2. CAPTCHAs: A user can be protected from CSRF by solving CAPTCHAs. The only disadvantage of CAPTCHAs is that, if CAPTCHAs are not random, then an attacker can guess them. 7 Strengths of the paper I like the proposal of the author to send origin header with the POST request as this approach solves both the problems of protecting the privacy the user and protecting the user from CSRF. 8 Weaknesses of the paper I found the following weakness in the paper: The paper mentions that in order to use Origin header, state modifying GET requests must be blocked, but it is evident that if we use this policy in the present scenario then many users requests will be blocked. 9 Results The author proposes the following CSRF defenses for the below mentioned scenarios: 1. To protect from Login CSRF the authors propose that strict referrer validation should be used. 2. For sites which operate on HTTPS, the authors propose strict referrer validation. 3. For sites that embed third party content, secret token validation should be used. 4. For future purposes the author proposes origin header, which gives better protection From the paper it can be inferred that Fool Proof protection from CSRF can not be provided in the existing scenario. 6
Robust Defenses for Cross-Site Request Forgery
Robust Defenses for Cross-Site Request Forgery Tsampanaki Nikoleta Lilitsis Prodromos Gigis Petros Paper Authors: Adam Barth, Collin Jackson, John C. Mitchell Outline What is CSRF attack? What is a login
More informationRobust Defenses for Cross-Site Request Forgery
University of Cyprus Department of Computer Science Advanced Security Topics Robust Defenses for Cross-Site Request Forgery Name: Elena Prodromou Instructor: Dr. Elias Athanasopoulos Authors: Adam Barth,
More informationSecure Frame Communication in Browsers Review
Secure Frame Communication in Browsers Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationWeb Security. Course: EPL 682 Name: Savvas Savva
Web Security Course: EPL 682 Name: Savvas Savva [1] A. Barth and C. Jackson and J. Mitchell, Robust Defenses for Cross-Site Request Forgery, pub. in 15th ACM Conference, 2008. [2] L. Huang and A. Moshchuk
More informationA Security Evaluation of DNSSEC with NSEC Review
A Security Evaluation of DNSSEC with NSEC Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being
More informationAttacks Against Websites. Tom Chothia Computer Security, Lecture 11
Attacks Against Websites Tom Chothia Computer Security, Lecture 11 A typical web set up TLS Server HTTP GET cookie Client HTML HTTP file HTML PHP process Display PHP SQL Typical Web Setup HTTP website:
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationAttacks Against Websites 3 The OWASP Top 10. Tom Chothia Computer Security, Lecture 14
Attacks Against Websites 3 The OWASP Top 10 Tom Chothia Computer Security, Lecture 14 OWASP top 10. The Open Web Application Security Project Open public effort to improve web security: Many useful documents.
More informationWEB SECURITY: XSS & CSRF
WEB SECURITY: XSS & CSRF CMSC 414 FEB 22 2018 Cross-Site Request Forgery (CSRF) URLs with side-effects http://bank.com/transfer.cgi?amt=9999&to=attacker GET requests should have no side-effects, but often
More informationA Look Back at Security Problems in the TCP/IP Protocol Suite Review
A Look Back at Security Problems in the TCP/IP Protocol Suite Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka October 26, 2011 1 Introduction to the topic and the reason
More informationBuffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review
Buffer Overflows: Attacks and Defenses for the Vulnerability of the Decade Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka September 24, 2011. 1 Introduction to the topic
More informationA Survey of BGP Security Review
A Survey of BGP Security Review Network Security Instructor:Dr. Shishir Nagaraja Submitted By: Jyoti Leeka November 16, 2011 1 Introduction to the topic and the reason for the topic being interesting Border
More informationProvide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any
OWASP Top 10 Provide you with a quick introduction to web application security Increase you awareness and knowledge of security in general Show you that any tester can (and should) do security testing
More informationP2_L12 Web Security Page 1
P2_L12 Web Security Page 1 Reference: Computer Security by Stallings and Brown, Chapter (not specified) The web is an extension of our computing environment, because most of our daily tasks involve interaction
More informationOpenID Security Analysis and Evaluation
University of British Columbia OpenID Security Analysis and Evaluation San-Tsai Sun, Kirstie Hawkey, Konstantin Beznosov Laboratory for Education and Research in Secure Systems Engineering (LERSSE) University
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2017 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2465 1 Assignment
More informationWeb Application Security. Philippe Bogaerts
Web Application Security Philippe Bogaerts OWASP TOP 10 3 Aim of the OWASP Top 10 educate developers, designers, architects and organizations about the consequences of the most common web application security
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationA Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications
A Server- and Browser-Transparent CSRF Defense for Web 2.0 Applications Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University December 8, 2011 1 / 18 Riccardo Pelizzi
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationCross-Site Request Forgery in Cisco SG220 series
Cross-Site Request Forgery in Cisco SG220 series Security advisory 12/09/2016 Renaud Dubourguais Nicolas Collignon www.synacktiv.com 5 rue Sextius Michel 75015 Paris Vulnerability description The Cisco
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Web Application Security Dr. Basem Suleiman Service Oriented Computing Group, CSE, UNSW Australia Semester 1, 2016, Week 8 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2442
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationApplication Security through a Hacker s Eyes James Walden Northern Kentucky University
Application Security through a Hacker s Eyes James Walden Northern Kentucky University waldenj@nku.edu Why Do Hackers Target Web Apps? Attack Surface A system s attack surface consists of all of the ways
More informationWelcome to the OWASP TOP 10
Welcome to the OWASP TOP 10 Secure Development for Java Developers Dominik Schadow 03/20/2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN 1 AGENDA
More informationAbusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
More informationCOMP9321 Web Application Engineering
COMP9321 Web Application Engineering Semester 2, 2016 Dr. Amin Beheshti Service Oriented Computing Group, CSE, UNSW Australia Week 9 http://webapps.cse.unsw.edu.au/webcms2/course/index.php?cid=2445 1 Assignment
More information2/16/18. CYSE 411/AIT 681 Secure Software Engineering. Secure Coding. The Web. Topic #11. Web Security. Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun Secure Coding String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationComputer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition. Chapter 3 Investigating Web Attacks
Computer Forensics: Investigating Network Intrusions and Cyber Crime, 2nd Edition Chapter 3 Investigating Web Attacks Objectives After completing this chapter, you should be able to: Recognize the indications
More informationSecurity of Web Level User Identity Management
Security of Web Level User Identity Management Jakov Krolo, Marin Šilić, and Siniša Srbljić Faculty of Electrical Engineering and Computing, University of Zagreb Unska 3, 10000 Zagreb, Croatia Phone: +385
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationCopyright
1 Security Test EXTRA Workshop : ANSWER THESE QUESTIONS 1. What do you consider to be the biggest security issues with mobile phones? 2. How seriously are consumers and companies taking these threats?
More informationCSE361 Web Security. Attacks against the client-side of web applications. Nick Nikiforakis
CSE361 Web Security Attacks against the client-side of web applications Nick Nikiforakis nick@cs.stonybrook.edu Despite the same origin policy Many things can go wrong at the client-side of a web application
More informationOWASP Top 10 Risks. Many thanks to Dave Wichers & OWASP
OWASP Top 10 Risks Dean.Bushmiller@ExpandingSecurity.com Many thanks to Dave Wichers & OWASP My Mom I got on the email and did a google on my boy My boy works in this Internet thing He makes cyber cafes
More informationReflected XSS Cross-Site Request Forgery Other Attacks
Reflected XSS Cross-Site Request Forgery Other Attacks CS 166: Introduction to Computer Systems Security 2/21/18 XSS, CSRF, Other Attacks 1 Reflected XSS 2/21/18 XSS, CSRF, Other Attacks 2 Recap of Persistent
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationOWASP Thailand. Proxy Caches and Web Application Security. OWASP AppSec Asia October 21, Using the Recent Google Docs 0-Day as an Example
Proxy Caches and Web Application Security Using the Recent Google Docs 0-Day as an Example Tim Bass, CISSP Chapter Leader, Thailand +66832975101, tim@unix.com AppSec Asia October 21, 2008 Thailand Worldwide
More informationOWASP Top 10 The Ten Most Critical Web Application Security Risks
OWASP Top 10 The Ten Most Critical Web Application Security Risks The Open Web Application Security Project (OWASP) is an open community dedicated to enabling organizations to develop, purchase, and maintain
More informationC1: Define Security Requirements
OWASP Top 10 Proactive Controls IEEE Top 10 Software Security Design Flaws OWASP Top 10 Vulnerabilities Mitigated OWASP Mobile Top 10 Vulnerabilities Mitigated C1: Define Security Requirements A security
More informationHow to perform the DDoS Testing of Web Applications
How to perform the DDoS Testing of Web Applications Peerlyst November 02, 2017 Nasrumminallah Zeeshan (zeeshan@nzwriter.com) A Denial of Service (DoS) attack is consisted of carrying out traffic flooding
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationWeb insecurity Security strategies General security Listing of server-side risks Language specific security. Web Security.
Web Security Web Programming Uta Priss ZELL, Ostfalia University 2013 Web Programming Web Security Slide 1/25 Outline Web insecurity Security strategies General security Listing of server-side risks Language
More informationCOPYRIGHTED MATERIAL. Contents. Part I: The Basics in Depth 1. Chapter 1: Windows Attacks 3. Chapter 2: Conventional and Unconventional Defenses 51
Acknowledgments Introduction Part I: The Basics in Depth 1 Chapter 1: Windows Attacks 3 Attack Classes 3 Automated versus Dedicated Attacker 4 Remote versus Local 7 Types of Attacks 8 Dedicated Manual
More informationJohn Coggeshall Copyright 2006, Zend Technologies Inc.
PHP Security Basics John Coggeshall Copyright 2006, Zend Technologies Inc. Welcome! Welcome to PHP Security Basics Who am I: John Coggeshall Lead, North American Professional Services PHP 5 Core Contributor
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More information2/16/18. Secure Coding. CYSE 411/AIT 681 Secure Software Engineering. Web Security Outline. The Web. The Web, Basically.
Secure Coding CYSE 411/AIT 681 Secure Software Engineering Topic #11. Web Security Instructor: Dr. Kun Sun String management Pointer Subterfuge Dynamic memory management Integer security Formatted output
More informationImproving Web Security:
Finding and fixing vulnerabilities in web security mechanisms Devdatta Akhawe, Adam Barth, Peifung E. Lam, John C. Mitchell and Dawn Song Stanford Computer Security Lab Improving Web Security: Introduction
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationWebomania Solutions Pvt. Ltd. 2017
The other name for link manipulation is Phishing or you can say link manipulation is type of phishing attack done generally to mislead the user to a replica website or a looka-like of some well-known site.
More informationSecurity+ Guide to Network Security Fundamentals, Third Edition. Chapter 3 Protecting Systems
Security+ Guide to Network Security Fundamentals, Third Edition Chapter 3 Protecting Systems Objectives Explain how to harden operating systems List ways to prevent attacks through a Web browser Define
More informationRBS NetGain Enterprise Manager Multiple Vulnerabilities of 11
RBS-2018-004 NetGain Enterprise Manager Multiple Vulnerabilities 2018-03-22 1 of 11 Table of Contents Vendor / Product Information 3 Vulnerable Program Details 3 Credits 3 Impact 3 Vulnerability Details
More informationPhishing. Eugene Davis UAH Information Security Club April 11, 2013
Phishing Eugene Davis UAH Information Security Club April 11, 2013 Overview A social engineering attack in which the attacker impersonates a trusted entity Attacker attempts to retrieve privileged information
More informationEasyCrypt passes an independent security audit
July 24, 2017 EasyCrypt passes an independent security audit EasyCrypt, a Swiss-based email encryption and privacy service, announced that it has passed an independent security audit. The audit was sponsored
More informationAndrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing. Security Testing. Taming the Wild West
Andrew Muller, Canberra Managing Director, Ionize, Canberra The challenges of Security Testing Advancing Expertise in Security Testing Taming the Wild West Canberra, Australia 1 Who is this guy? Andrew
More informationCross-Site Request Forgery (CSRF) Attack Lab
Laboratory for Computer Security Education 1 Cross-Site Request Forgery (CSRF) Attack Lab (Web Application: Collabtive) Copyright c 2006-2011 Wenliang Du, Syracuse University. The development of this document
More informationExcerpts of Web Application Security focusing on Data Validation. adapted for F.I.S.T. 2004, Frankfurt
Excerpts of Web Application Security focusing on Data Validation adapted for F.I.S.T. 2004, Frankfurt by fs Purpose of this course: 1. Relate to WA s and get a basic understanding of them 2. Understand
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationSecurity and Privacy. SWE 432, Fall 2016 Design and Implementation of Software for the Web
Security and Privacy SWE 432, Fall 2016 Design and Implementation of Software for the Web Today Security What is it? Most important types of attacks Privacy For further reading: https://www.owasp.org/index.php/
More informationPreparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense By Chuck Willis chuck.willis@mandiant.com Presented at Black Hat Briefings DC 2008 on February 20, 2008 Slides available at www.blackhat.com. Abstract:
More informationSolutions Business Manager Web Application Security Assessment
White Paper Solutions Business Manager Solutions Business Manager 11.3.1 Web Application Security Assessment Table of Contents Micro Focus Takes Security Seriously... 1 Solutions Business Manager Security
More informationTabular Presentation of the Application Software Extended Package for Web Browsers
Tabular Presentation of the Application Software Extended Package for Web Browsers Version: 2.0 2015-06-16 National Information Assurance Partnership Revision History Version Date Comment v 2.0 2015-06-16
More informationOWASP TOP 10. By: Ilia
OWASP TOP 10 By: Ilia Alshanetsky @iliaa ME, MYSELF & I PHP Core Developer Author of Guide to PHP Security Security Aficionado WEB SECURITY THE CONUNDRUM USABILITY SECURITY YOU CAN HAVE ONE ;-) OPEN WEB
More informationSichere Software vom Java-Entwickler
Sichere Software vom Java-Entwickler Dominik Schadow Java Forum Stuttgart 05.07.2012 BASEL BERN LAUSANNE ZÜRICH DÜSSELDORF FRANKFURT A.M. FREIBURG I.BR. HAMBURG MÜNCHEN STUTTGART WIEN We can no longer
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationCross-Site Request Forgery: The Sleeping Giant. Jeremiah Grossman Founder and CTO, WhiteHat Security
Cross-Site Request Forgery: The Sleeping Giant Jeremiah Grossman Founder and CTO, WhiteHat Security Cross-Site Request Forgeries (CSRF) 1. Session Riding 2. Client-Side Trojans 3. Confused Deputy 4. Web
More informationAN E-GOVERNANCE WEB SECURITY AUDIT Deven Pandya 1, Dr. N. J. Patel 2 1 Research Scholar, Department of Computer Application
AN E-GOVERNANCE WEB SECURITY AUDIT Deven Pandya 1, Dr. N. J. Patel 2 1 Research Scholar, Department of Computer Application 2 HOD, Department of Computer Application, Ganpat University Kherva, Gujarat,
More informationProject 2: Web Security
EECS 388 September 30, 2016 Intro to Computer Security Project 2: Web Security Project 2: Web Security This project is due on Thursday, October 13 at 6 p.m. and counts for 8% of your course grade. Late
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationMore attacks on clients: Click-jacking/UI redressing, CSRF
Web Security More attacks on clients: Click-jacking/UI redressing, CSRF (Section 7.2.3 on Click-jacking; Section 7.2.7 on CSRF; Section 7.2.8 on Defenses against client-side attacks) 1 Recall from last
More informationAguascalientes Local Chapter. Kickoff
Aguascalientes Local Chapter Kickoff juan.gama@owasp.org About Us Chapter Leader Juan Gama Application Security Engineer @ Aspect Security 9+ years in Appsec, Testing, Development Maintainer of OWASP Benchmark
More informationCombating Common Web App Authentication Threats
Security PS Combating Common Web App Authentication Threats Bruce K. Marshall, CISSP, NSA-IAM Senior Security Consultant bmarshall@securityps.com Key Topics Key Presentation Topics Understanding Web App
More informationDEFENSIVE PROGRAMMING. Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology
DEFENSIVE PROGRAMMING Lecture for EDA 263 Magnus Almgren Department of Computer Science and Engineering Chalmers University of Technology Traditional Programming When writing a program, programmers typically
More informationSPOOFING. Information Security in Systems & Networks Public Development Program. Sanjay Goel University at Albany, SUNY Fall 2006
SPOOFING Information Security in Systems & Networks Public Development Program Sanjay Goel University at Albany, SUNY Fall 2006 1 Learning Objectives Students should be able to: Determine relevance of
More informationWeb Application Whitepaper
Page 1 of 16 Web Application Whitepaper Prepared by Simone Quatrini and Isa Shorehdeli Security Advisory EMEAR 6 th September, 2017 1.0 General Release Page 2 of 16 1. Introduction In this digital age,
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationCS Paul Krzyzanowski
Original Browser Static content on clients Servers were responsible for dynamic parts Computer Security 14. Web Security Security attacks were focused on servers Malformed URLs, buffer overflows, root
More informationComputer Security. 14. Web Security. Paul Krzyzanowski. Rutgers University. Spring 2018
Computer Security 14. Web Security Paul Krzyzanowski Rutgers University Spring 2018 April 15, 2018 CS 419 2018 Paul Krzyzanowski 1 Original Browser Static content on clients Servers were responsible for
More informationCSC 482/582: Computer Security. Cross-Site Security
Cross-Site Security 8chan xss via html 5 storage ex http://arstechnica.com/security/2015/09/serious- imgur-bug-exploited-to-execute-worm-like-attack-on- 8chan-users/ Topics 1. Same Origin Policy 2. Credential
More informationPerslink Security. Perslink Security. Eleonora Petridou Pascal Cuylaerts. System And Network Engineering University of Amsterdam.
Eleonora Petridou Pascal Cuylaerts System And Network Engineering University of Amsterdam June 30, 2011 Outline Research question About Perslink Approach Manual inspection Automated tests Vulnerabilities
More informationWeb Attacks Lab. 35 Points Group Lab Due Date: Lesson 16
CS482 SQL and XSS Attack Lab AY172 1 Web Attacks Lab 35 Points Group Lab Due Date: Lesson 16 Derived from c 2006-2014 Wenliang Du, Syracuse University. Do not redistribute with explicit consent from MAJ
More informationHomework 5: Exam Review
CIS 331 April 18, 2017 Introduction to Networks & Security Homework 5: Exam Review Homework 5: Exam Review This homework is due Wednesday, April 26 at 10 p.m.. You will have a budget of five late days
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationCS 155 Project 2. Overview & Part A
CS 155 Project 2 Overview & Part A Project 2 Web application security Composed of two parts Part A: Attack Part B: Defense Due date: Part A: May 5th (Thu) Part B: May 12th (Thu) Project 2 Ruby-on-Rails
More informationDomino Web Server Security
Domino Web Server Security What you don t know can cost you Andrew Pollack, President Northern Collaborative Technologies andrewp@thenorth.com http://www.thenorth.com Special thanks to Howard Greenberg
More informationUNIVERSITY OF TARTU FACULTY OF SCIENCE AND TECHNOLOGY INSTITUTE OF COMPUTER SCIENCE INFORMATICS. CVE Hiie-Helen Raju
UNIVERSITY OF TARTU FACULTY OF SCIENCE AND TECHNOLOGY INSTITUTE OF COMPUTER SCIENCE INFORMATICS CVE-2013-2559 Hiie-Helen Raju Tartu 2017 Contents Introduction... 3 Vulnerability description... 3 Threat
More informationAutomatically Checking for Session Management Vulnerabilities in Web Applications
Regular Paper Automatically Checking for Session Management Vulnerabilities in Web Applications Yusuke Takamatsu 1,a) Yuji Kosuga 2 Kenji Kono 1,3 Received: July 4, 2012, Accepted: October 17, 2012 Abstract:
More informationIncident Play Book: Phishing
Incident Play Book: Phishing Issue: 1.0 Issue Date: September 12, 2017 Copyright 2017 Independent Electricity System Operator. Some Rights Reserved. The following work is licensed under the Creative Commons
More informationPreventing Image based Cross Site Request Forgery Attacks
Preventing Image based Cross Site Request Forgery Attacks Ramarao R, Radhesh M, Alwyn R Pais Information Security Lab, Department of Computer Engineering, National Institute of Technology Karnataka, Surathkal,
More informationPenetration Testing following OWASP. Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant
Penetration Testing following OWASP Boyan Yanchev Chief Technology Ofcer Peter Dimkov IS Consultant За Лирекс Penetration testing A method of compromising the security of a computer system or network by
More information