Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.

Slides:



Advertisements
Similar presentations
Nick Feamster CS 6262 Spring 2009
Advertisements

Cross-site Request Forgery (CSRF) Attacks
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
Lecture 2 Page 1 CS 236, Spring 2008 Security Principles and Policies CS 236 On-Line MS Program Networks and Systems Security Peter Reiher Spring, 2008.
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
1 SQL injection: attacks and defenses Dan Boneh CS 142 Winter 2009.
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Presenter Deddie Tjahjono.  Introduction  Website Application Layer  Why Web Application Security  Web Apps Security Scanner  About  Feature  How.
 A cookie is a piece of text that a Web server can store on a user's hard disk.  Cookie data is simply name-value pairs stored on your hard disk by.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Web Security Demystified Justin C. Klein Keane Sr. InfoSec Specialist University of Pennsylvania School of Arts and Sciences Information Security and Unix.
Cosc 4765 Server side Web security. Web security issues From Cenzic Vulnerability report
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Origins, Cookies and Security – Oh My! John Kemp, Nokia Mobile Solutions.
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Lecture 16 Page 1 CS 236 Online SQL Injection Attacks Many web servers have backing databases –Much of their information stored in a database Web pages.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
© Copyright 2013 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. 1 RubyJax Brent Morris/
Lecture 15 Page 1 CS 136, Fall 2014 Web Security Computer Security Peter Reiher December 9, 2014.
The attacks ● XSS – type 1: non-persistent – type 2: persistent – Advanced: other keywords (, prompt()) or other technologies such as Flash.
CIT 380: Securing Computer SystemsSlide #1 CIT 380: Securing Computer Systems Web Security.
Web Applications Testing By Jamie Rougvie Supported by.
Building Secure Web Applications With ASP.Net MVC.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
Cross Site Scripting and its Issues By Odion Oisamoje.
Lecture 19 Page 1 CS 236 Online Advanced Research Issues in Security: Web Security and Privacy CS 236 On-Line MS Program Networks and Systems Security.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
Session Management Tyler Moore CS7403 University of Tulsa Slides adapted in part or whole from Dan Boneh, Stanford CS155 1.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
COOKIES AND SESSIONS.
Software Security. Bugs Most software has bugs Some bugs cause security vulnerabilities Incorrect processing of security related data Incorrect processing.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
Lecture 15 Page 1 CS 136, Spring 2016 Web Security Computer Security Peter Reiher May 24, 2016.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Javascript worms By Benjamin Mossé SecPro
Building Secure ColdFusion Applications
Web Security CS 136 Computer Security Peter Reiher December 3, 2013
Web Security Computer Security Peter Reiher March 2, 2017
SQL Injection Attacks Many web servers have backing databases
Cross-Site Request Forgeries: Exploitation and Prevention
Riding Someone Else’s Wave with CSRF
CSC 495/583 Topics of Software Security Intro to Web Security
Web Security Advanced Network Security Peter Reiher August, 2014
Web Security CS 136 Computer Security Peter Reiher November 29, 2012
Web Security CS 136 Computer Security Peter Reiher March 11, 2010
Advanced Research Issues in Security: Web Security and Privacy CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
Presentation transcript:

Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets permanently stored –And displayed Attack based on uploading a script Other users inadvertently download it –And run it...

Lecture 16 Page 2 CS 236 Online The Effect of XSS Arbitrary malicious script executes on user’s machine In context of his web browser –At best, runs with privileges of the site storing the script –Often likely to run at full user privileges

Lecture 16 Page 3 CS 236 Online Non-Persistent XSS Embed a small script in a link pointing to a legitimate web page Following the link causes part of it to be echoed back to the user’s browser Where it gets executed as a script Never permanently stored at the server

Lecture 16 Page 4 CS 236 Online Persistent XSS Upload of data to a web site that stores it permanently Generally in a database somewhere When other users request the associated web page, They get the bad script

Lecture 16 Page 5 CS 236 Online Some Examples Twitter had a bug allowing XSS in 2010 Other XSS vulnerabilities discovered on sites run by eBay, Symantec, PayPal, Facebook, Amazon, Adobe, Microsoft, Google Gmail, LinkedIn, the Scientology website, thousands of others D-Link router flaw exploitable through XSS

Lecture 16 Page 6 CS 236 Online Why Is XSS Common? Use of scripting languages widespread –For legitimate purposes Most users leave them enabled in their browsers Sites allowing user upload are very popular Only a question of getting user to run your script

Lecture 16 Page 7 CS 236 Online Typical Effects of XSS Attack Most commonly used to steal personal information –That is available to legit web site –User IDs, passwords, credit card numbers, etc. Such information often stored in cookies at client side

Lecture 16 Page 8 CS 236 Online Solution Approaches Don’t allow uploading of anything Don’t allow uploading of scripts Provide some form of protection in browser

Lecture 16 Page 9 CS 236 Online Disallowing Data Uploading Does your web site really need to allow users to upload stuff? Even if it does, must you show it to other users? If not, just don’t take any user input Problem: Not possible for many important web sites

Lecture 16 Page 10 CS 236 Online Don’t Allow Script Uploading A no-brainer for most sites –Few web sites want users to upload scripts, after all So validate user input to detect and remove scripts Problem: Rich forms of data encoding make it hard to detect all scripts Good tools can make it easier

Lecture 16 Page 11 CS 236 Online Protect the User’s Web Browser Basically, the same solutions as for any form of protecting from malicious scripts With the same problems: –Best solutions cripple functionality

Lecture 16 Page 12 CS 236 Online Cross-Site Request Forgery CSRF Works the other way around An authenticated and trusted user attacks a web server –Usually someone posing as that user Generally to fool server into believing that the trusted user made a request

Lecture 16 Page 13 CS 236 Online CSRF in Action Attacker puts link to (say) a bank on his web page Unsuspecting user clicks on the link His authentication cookie goes with the HTTP request –Since it’s for the proper domain Bank authenticates him and transfers his funds to the attacker

Lecture 16 Page 14 CS 236 Online Issues for CSRF Attacks Not always possible or easy Attacks sites that don’t check referrer header –Indicating that request came from another web page Attacked site must allow use of web page to allow something useful (e.g., bank withdrawal) Must not require secrets from user Victim must click link on attacker’s web site And attacker doesn’t see responses

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.