Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.

Slides:



Advertisements
Similar presentations
Nick Feamster CS 6262 Spring 2009
Advertisements

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Java Script Session1 INTRODUCTION.
PHP Hypertext Preprocessor Information Systems 337 Prof. Harry Plantinga.
Cross Site Scripting & SQL injection
By Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Network and Distributed System Security(NDSS ‘07)
EECS 354 Network Security Cross Site Scripting (XSS)
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
B.Sc. Multimedia ComputingMedia Technologies Database Technologies.
XP Tutorial 9 New Perspectives on JavaScript, Comprehensive1 Working with Cookies Managing Data in a Web Site Using JavaScript Cookies.
SQL Injection and Buffer overflow
Computer Science 101 Web Access to Databases Overview of Web Access to Databases.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
1 IS 2150 / TEL 2810 Introduction to Security James Joshi Associate Professor, SIS Lecture 12.1 Nov 20, 2012 SQL Injection Cross-Site Scripting.
Workshop 3 Web Application Security Li Weichao March
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Cross-Site Scripting Vulnerabilities Adam Doupé 11/24/2014.
Security.NET Chapter 1. How Do Attacks Occur? Stages of attack Examples of attacker actions 1. FootprintRuns a port scan on the firewall 2. PenetrationExploits.
Prevent Cross-Site Scripting (XSS) attack
Lets Make our Web Applications Secure. Dipankar Sinha Project Manager Infrastructure and Hosting.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
Server-side Scripting Powering the webs favourite services.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Lecture 14 – Web Security SFDV3011 – Advanced Web Development 1.
Web Application Access to Databases. Logistics Test 2: May 1 st (24 hours) Extra office hours: Friday 2:30 – 4:00 pm Tuesday May 5 th – you can review.
JavaScript, Fourth Edition
November 13, 2008 Ohio Information Security Forum Attack Surface of Web Applications James Walden Northern Kentucky University
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
Attacking Applications: SQL Injection & Buffer Overflows.
Chapter 8 Cookies And Security JavaScript, Third Edition.
INTRODUCTION TO JAVASCRIPT AND DOM Internet Engineering Spring 2012.
NMED 3850 A Advanced Online Design January 12, 2010 V. Mahadevan.
Cross-Site Attacks James Walden Northern Kentucky University.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Prof Frankl, Spring 2008CS Polytechnic University 1 Overview of Web database applications with PHP.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
JavaScript Syntax, how to use it in a HTML document
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
IS2802 Introduction to Multimedia Applications for Business Lecture 8: JavaScript and Cookies Rob Gleasure
Example – SQL Injection MySQL & PHP code: // The next instruction prompts the user is to supply an ID $personID = getIDstringFromUser(); $sqlQuery = "SELECT.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Group 18: Chris Hood Brett Poche
Module: Software Engineering of Web Applications
Building Secure ColdFusion Applications
CSCE 548 Student Presentation Ryan Labrador
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
World Wide Web policy.
Static Detection of Cross-Site Scripting Vulnerabilities
SQL Injection Attacks Many web servers have backing databases
Computer Security Fundamentals
Cookies and JavaScript
ISC440: Web Programming 2 Server-side Scripting PHP 3
Web Systems Development (CSC-215)
Chapter 27 WWW and HTTP.
CSC 495/583 Topics of Software Security Intro to Web Security
Lecture 2 - SQL Injection
Web Programming Language
Lecture 27 Security I April 4, 2018 Open news web sites.
JavaScript.
Exploring DOM-Based Cross Site Attacks
Presentation transcript:

Web Security (cont.) 1

Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is clicked  Page that shows an image r Usage  Pay for referral  Limit access to certain pages (e.g. login pages)  Limit deep linking (e.g. bypassing advertising)  Limit CSRF r Risks:  Spam (if referral is rewarded) and spoofing  Sensitive information (i.e. session ID) in query string 2

Redirection r HTTP uses redirection for  Similar domain names  Moved sites  Referral masking – before leaving site, redirect through less sensitive page r Implementation: several methods  Usually, 3xx HTTP status (e.g. 301 or 302) followed by location tag r Malicious uses  Phishing  Ad clicking and other malicious sites 3

XSS r Cross Site Scripting r Attacker, target, web server scenario r Target executes client-side script crafted by attacker r Types  Reflected – browser to server to same browser  Stored – browser to server to any browser  DOM – do not necessarily reach web browser r Delivery – reflected or stored. DOM is typically reflected. 4

XSS DOM r DOM – Document Object Model  Objects in page r Examples  document.URL  document.location  document.cookie  document.referrer r Javascript can access and manipulate these objects and properties r Problems:  HTML page can be static (independent of parameters)  Script in page runs on DOM objects 5

XSS DOM (cont.) r The XSS attack may not reach the server  Server side filtering won’t detect attack r URL format  r Fragment does not reach server 6

Example – DOM XSS I r Welcome page r Welcome! Hi var pos=document.URL.indexOf("name=")+5; document.write(document.URL.substring(pos,document.URL.l ength)); Welcome to our system … 7

Example – DOM XSS II r Attack that doesn’t go through server  alert(do cument.cookie) r What happens if the Javascript checks that all characters in name are alphanumeric? Here is an attack  alert(document.cookie) &name=Joe r Defenses  Manipulate objects in server side scripts and sanitize them.  Or, sanitize carefully in client-side script. 8

Browser separation model r Separation from OS  Scripts cannot manipulate data and processes outside the browser context, e.g. local files r Same origin policy  Separation of domains  Suppose two pages interact  If the host name matches, i.e. (possibly other matches such as port number) then the pages interactwww.cse.bgu.ac.il  Page can set document.domain to higher domain, e.g. bgu.ac.il  Two pages with the same domain can interact (but all others with the same domain can also interact) 9

More on same origin r Behavior on high level domains (.com) not defined r Behavior on file:// not defined  Depending on browser(e.g. all IE versions), local files may access other local file r Same-origin for cookies  Based on identical host name  May be changed by DOMAIN or PATH headers r There are similar same origin requirements for Flash, Java and other technologies r What’s not same origin  Multimedia - or  Remote scripts 10

SQL Injection 11

SQL r Common database language r Database organized in schema r Data is organized in tables r Tables organized in rows of data fields r SQL enables  Table creation, data insertion, deletion  Queries to the database r Implementation issues and checks outside the scope of the language 12

Tidbits of SQL syntax r Table creation  CREATE TABLE users( UserName VARCHAR(50), CreditCard VARCHAR(30), ExpirationDate VARCHAR(8), PRIMARY KEY (username); r Row insertion  INSERT INTO users (UserName, CreditCard ) VALUES (‘Bob', ‘6510….'); 13

More syntax r Deletion  Delete users WHERE UserName = ‘Bob’;  DROP users; 14

SQL queries r SELECT UserName, CreditCard  FROM users  WHERE UserName = ‘Bob’; r WHERE evaluates a logical statement to true or false r SELECT UserName, CreditCard  FROM users  WHERE UserName = ‘Bob’ AND ExpirationDate < $date; 15

More queries r Queries can be prepared in statements, which are executed by parameter r statement =  "SELECT UserName, CreditCard FROM users WHERE name = '" + userName + "';“ 16

Usage scenario in web server r E-commerce web server stores user data in SQL database r Registration process  User enters name and credit card number  Database adds row to database r Shopping process  User authenticates to web server (e.g. TLS and HTTP authentication)  User selects products  Database retrieves user data and web server shows it to user  User clicks “buy” and process ends 17

Example continued r Username passed by browser in  ame=Bob ame=Bob r Attack  ame=‘or '1'='1 r SQL interprets as  SELECT UserName, CreditCard FROM users WHERE UserName = ‘‘or '1'='1’; r WHERE evaluates to true. 18

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.