Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.

Slides:



Advertisements
Similar presentations
17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.
Advertisements

PHP Form and File Handling
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Nick Feamster CS 6262 Spring 2009
JavaScript I. JavaScript is an object oriented programming language used to add interactivity to web pages. Different from Java, even though bears some.
Cross Site Scripting (XSS)
Past, Present and Future By Eoin Keary and Jim Manico
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
HI-TEC 2011 SQL Injection. Client’s Browser HTTP or HTTPS Web Server Apache or IIS HTML Forms CGI Scripts Database SQL Server or Oracle or MySQL ODBC.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Lecture 6/2/12. Forms and PHP The PHP $_GET and $_POST variables are used to retrieve information from forms, like user input When dealing with HTML forms.
Tutorial 6 Creating a Web Form
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
1 Project 2: Web App Security Collin Jackson CS 155 Spring 2007.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
By Brian Vees.  SQL Injection  Username Enumeration  Cross Site Scripting (XSS)  Remote Code Execution  String Formatting Vulnerabilities.
 2008 Pearson Education, Inc. All rights reserved JavaScript: Introduction to Scripting.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
Tutorial 14 Working with Forms and Regular Expressions.
Introduction to the OWASP Top 10. Cross Site Scripting (XSS)  Comes in several flavors:  Stored  Reflective  DOM-Based.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Handling Security Threats in Kentico CMS Karol Jarkovsky Sr. Solution Architect Kentico Software
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
Automatic Creation of SQL Injection and Cross-Site Scripting Attacks 2nd-order XSS attacks 1st-order XSS attacks SQLI attacks Adam Kiezun, Philip J. Guo,
Computer Concepts 2014 Chapter 7 The Web and .
4.1 JavaScript Introduction
PHP Tutorials 02 Olarik Surinta Management Information System Faculty of Informatics.
1 Chapter 6 – Creating Web Forms and Validating User Input spring into PHP 5 by Steven Holzner Slides were developed by Jack Davis College of Information.
Reading Data in Web Pages tMyn1 Reading Data in Web Pages A very common application of PHP is to have an HTML form gather information from a website's.
Open Source Server Side Scripting ECA 236 Open Source Server Side Scripting Cookies & Sessions.
Prevent Cross-Site Scripting (XSS) attack
 2003 Prentice Hall, Inc. All rights reserved. CHAPTER 3 JavaScript 1.
+ Websites Vulnerabilities. + Content Expand of The Internet Use of the Internet Examples Importance of the Internet How to find Security Vulnerabilities.
VEX: VETTING BROWSER EXTENSIONS FOR SECURITY VULNERABILITIES XIANG PAN.
CSCI 6962: Server-side Design and Programming Secure Web Programming.
Chapter 9 Web Applications. Web Applications are public and available to the entire world. Easy access to the application means also easy access for malicious.
CGI Security COEN 351. CGI Security Security holes are exploited by user input. We need to check user input against Buffer overflows etc. that cause a.
INTRODUCTION TO JAVASCRIPT AND DOM Internet Engineering Spring 2012.
 2003 Prentice Hall, Inc. All rights reserved. CHAPTER 3 JavaScript 1.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Working with Forms and Regular Expressions Validating a Web Form with JavaScript.
XP Tutorial 8 Adding Interactivity with ActionScript.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
JSP BASICS AND ARCHITECTURE. Goals of JSP Simplify Creation of dynamic pages. Separate Dynamic and Static content.
PHP Error Handling & Reporting. Error Handling Never allow a default error message or error number returned by the mysql_error() and mysql_errno() functions.
Since you’ll need a place for the user to enter a search query. Every form must have these basic components: – The submission type defined with the method.
Introduction of XSS:-- Cross-Site Scripting (XSS) attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted.
Internet & World Wide Web How to Program, 5/e © by Pearson Education, Inc. All Rights Reserved.
Session 11: Cookies, Sessions ans Security iNET Academy Open Source Web Development.
Tutorial 6 Creating a Web Form
By Collin Donaldson. Hacking is only legal under the following circumstances: 1.You hack (penetration test) a device/network you own. 2.You gain explicit,
SlideSet #20: Input Validation and Cross-site Scripting Attacks (XSS) SY306 Web and Databases for Cyber Operations.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Group 18: Chris Hood Brett Poche
CSCE 548 Student Presentation Ryan Labrador
An Introduction to Web Application Security
Web Application Vulnerabilities, Detection Mechanisms, and Defenses
WWW and HTTP King Fahd University of Petroleum & Minerals
Static Detection of Cross-Site Scripting Vulnerabilities
19.10 Using Cookies A cookie is a piece of information that’s stored by a server in a text file on a client’s computer to maintain information about.
Chapter 7 - JavaScript: Introduction to Scripting
JavaScript an introduction.
JavaScript: Introduction to Scripting
PHP.
Chapter 7 - JavaScript: Introduction to Scripting
Chapter 7 - JavaScript: Introduction to Scripting
Exploring DOM-Based Cross Site Attacks
Cross-Site Scripting Attack (XSS)
Chapter 7 - JavaScript: Introduction to Scripting
Presentation transcript:

Hossain Shahriar Mohammad Zulkernine

One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated inputs, which might contain HTML tags, Javescript code and so on. When invalidated contents are interpreted by browser, unintended and malicious web page behaviors are generated

persistent (or stored) XSS vulnerability injected code is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc. The victim retrieves the malicious script from the server when it requests the stored information.

The injected code is reflected off the web server, such as in an error message, search result, or any other response that includes some or all of the input sent to the server as part of the request

DOM allow program or script can visit and change web documents content, structure, and style dynamically Using DOM, Script program on client side can check and alter web page dynamically without interacting with server side If the data has not been checked, there might be XSSVs

URL: From welcome web page: Welcome! Hi var pos=document.URL.indexOf("name=")+5; document.write(document.URL.substring(pos,document.U RL.length)); But how about we enter: alert(d ocument.cookie) as URL?

An effective testing of XSSVs helps fixing implementations early and decreasing losses. After modifying the programs source code, output behavior of test case should be affected. This is a method of evaluating the quality of test cases. The paper is focusing on obtaining an adequate test data set, which implies a collection of test cases that can exploit XSSVs.

The process is fault-based Mutant: Objects being tested are injected with modifications to generate mutants Mutation Operator: Rule of injecting faults Kill and Live Mutants: If a test case causes different output between the original program and a mutant, then we say it kills a mutant. Otherwise, the mutant is said to be live.

Denote the original implementation as P, and the mutant as M. Killing Criterion 1(C1): The number of HTML tags generated in P(N P ) is not equal to that in the mutant(N M ). (N P !=N M ) Killing Criterion 2(C2): The HTML contents displayed in P(H P ) is different than that in M(H M ). (H P !=H M )

Mutation Score(MS): Ratio of the number of killed mutants to the total number of non- equivalent mutants.

Basic Idea: If our operators are effective: When test cases are powerful at killing mutants gererated by operators, they should be powerful at distinguishing good apps and malicious apps

Add escape function calls (ADES) Modify arguments of write function calls, adding escape function, which encodes special punctuation characters into hexadecimal chars, so the injected HTML tags will not be executed. Remove escape function calls(RESC)

Replace write function with eval (RWWE) Replace write function call with eval, which can execute JavsScript expressions and statements in string arguments.

Replace innerHTML property with text node addition in DOM(RIHA) innerHTML property of DOM can be used to modify text of HTML tags, which is vulnerable to XSS.

Modify arguments of replace function calls(MARF) MARF operator injects faults into the search string pattern by modifying (a)local search with global search (b) case sensitive search to case insensitive

Add htmlspecialchars function calls(AHSC) htmlspecialchars function can replace each character in the accepted string with its HTML equivalent. Mutant can be killed by C1. Remove htmlspecialchars function calls(RHSC)

Add htmlentities function calls(AHEN) Similar to AHSC. The function converts all input characters to their corresponding HTML entities Remove htmlentities function calls(RHEN)

Modify allowable tag parameter in striptags function calls(MALT) striptags function can remove all HTML tags, except for allowable tags. By modifying allowable tag argument, more tags are allowed. Remove strip_tags function calls(RSTT)

Choose five open source web apps from Open Source Vulnerability Database(OSVDB), both vulnerable version(bad app) and upgraded or manually fixed version(good app). Mutants of good apps are generated by the tool.

Collect 303 test cases to form an attack test pool Each app has an initial test data set composed of 10 test cases, which do not contain attack test cases Use attack test cases from attack test pool to augment initial test cases, let each app has 50 test cases

For each app, do the procedure: randomly choose 10 out of 50 test cases to construct an initial test data set. Repeatedly add to the set if needed until MS reach 100%. Repeat the procedure 15 times and calculate the average test set size.

Check whether test data set can distinguish between good and bad apps by checking whether at least one test case in the set can distinguish following either of the killing criterion Result showed that all the adequate test data sets(with MS 100%) for a bad program can distinguish the corresponding good program. Operators are proved to be effective.

Extending MUTEC tool to support automatic mutation analysis process Performing adequate testing of XSSVs on large scale web-based applications Propose mutation operators for filters implemented using PHP library functions such as preg_replace and preg_search.

Qustions? Presenter: Dengfeng Xia

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.