Csci5931 Web Security1 More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book)

Slides:



Advertisements
Similar presentations
Getting Your Web Site Found. Meta Tags Description Tag This allows you to influence the description of your page with the web crawlers.
Advertisements

WEB DESIGN TABLES, PAGE LAYOUT AND FORMS. Page Layout Page Layout is an important part of web design Why do you think your page layout is important?
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Introduction to JavaScript
The Web Warrior Guide to Web Design Technologies
JavaScript 101 Lesson 01: Writing Your First JavaScript.
Tutorial 6 Working with Web Forms
Macromedia Dreamweaver MX 2004 Design Professional Web Page DEVELOPING A.
Active X Microsoft’s Answer to Dynamic Content Reference: Using Active X by Brian Farrar QUE
Create head content and set page properties Create, import, and format text Add links to Web pages Use the History panel and Code Inspector Modify and.
1 Computing for Todays Lecture 22 Yumei Huo Fall 2006.
CM143 - Web Week 2 Basic HTML. Links and Image Tags.
JavaScript 101 Lesson 5: Introduction to Events. Lesson Topics Event driven programming Events and event handlers The onClick event handler for hyperlinks.
Tutorial 6 Working with Web Forms. XP Objectives Explore how Web forms interact with Web servers Create form elements Create field sets and legends Create.
Unit 4.4 We are HTML Editors
XP Tutorial 1 New Perspectives on JavaScript, Comprehensive1 Introducing JavaScript Hiding Addresses from Spammers.
1st Project Introduction to HTML.
CPSC 203 Introduction to Computers Lab 39, 40 By Jie (Jeff) Gao.
Computer Concepts 2014 Chapter 7 The Web and .
Server- Side technologies Client-side vs. Server-side scripts PHP basic ASP.NET basic ColdFusion.
1 CS 3870/CS 5870 Static and Dynamic Web Pages ASP.NET and IIS.
CSCI 6962: Server-side Design and Programming Course Introduction and Overview.
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Dynamic Web Pages (Flash, JavaScript)
JavaScript, Fifth Edition Chapter 1 Introduction to JavaScript.
Overview of Previous Lesson(s) Over View  ASP.NET Pages  Modular in nature and divided into the core sections  Page directives  Code Section  Page.
Article: Source Code Review Systems Author: Jason Remillard Presenter: Joe Borosky Class: Principles and Applications of Software Design Date: 11/2/2005.
Penetration Testing James Walden Northern Kentucky University.
Working with Cookies Managing Data in a Web Site Using JavaScript Cookies* *Check and comply with the current legislation regarding handling cookies.
1 rfXcel Confidential Copyright 2007 Web Technology JavaScript 12/10/07.
Copyright © 2008 Pearson Prentice Hall. All rights reserved. 1 Exploring Microsoft Office Word 2007 Chapter 8 Word and the Internet Robert Grauer, Keith.
University of Sunderland CDM105 Session 5 Web Authoring Tools The past and present A history of web authoring tools and an overview of Macromedia Dreamweaver.
HTML. WHAT IS HTML HTML stands for Hyper Text Markup Language HTML is not a programming language, it is a markup language A markup language is a set of.
Title, meta, link, script.  The title looks like:  The tag defines the title of the document in the browser toolbar.  It also: ◦ Provides a title for.
Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and check boxes using HTML Add a pull-down.
Dreamweaver MX Unit B CIS 205—Web Site Design and Development.
Validating, Promoting, & Publishing Your Web Site Writing For the Web The Internet Writer’s Handbook 2/e.
Tutorial 10 Programming with JavaScript
Done by: Hanadi Muhsen1 Tutorial 1.  Learn the history of JavaScript  Create a script element  Write text to a Web page with JavaScript  Understand.
Introduction to JavaScript 41 Introduction to Programming the WWW I CMSC Winter 2004 Lecture 17.
CA Professional Web Site Development Class 2: Anatomy of a Web Site and Web Page & Intro to HTML.
LOGO FORMs in HTML CHAPTER 5 Eastern Mediterranean University School of Computing and Technology Department of Information Technology ITEC229 Client-Side.
CPSC 203 Introduction to Computers Lab 33 By Jie Gao.
CPSC 203 Introduction to Computers Lab 66 By Jie Gao.
JavaScript Tutorial 1 - Introduction to JavaScript1 Tutorial 1 Introduction to JavaScript Section A – Programming, HTML, and JavaScript.
Introduction to JavaScript CS101 Introduction to Computing.
The Web Wizard’s Guide to HTML Chapter One World Wide Web Basics.
 Previous lessons have focused on client-side scripts  Programs embedded in the page’s HTML code  Can also execute scripts on the server  Server-side.
CS 330 Class 2: Programming Plan for Today Recap from last time More UNIX Begin HTML (material from Chapters 5-8) –Tags and attributes –Hyperlinks Features.
Module: Software Engineering of Web Applications Chapter 2: Technologies 1.
Ch 13 HTML and CSS Web Standards Solutions A Web Standardistas’ Approach.
Website design and structure. A Website is a collection of webpages that are linked together. Webpages contain text, graphics, sound and video clips.
Javascript JavaScript is what is called a client-side scripting language:  a programming language that runs inside an Internet browser (a browser is also.
 Web pages originally static  Page is delivered exactly as stored on server  Same information displayed for all users, from all contexts  Dynamic.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
Since you’ll need a place for the user to enter a search query. Every form must have these basic components: – The submission type defined with the method.
JavaScript and Ajax (Internet Background) Week 1 Web site:
Java Script. What is JavaScript ? It is an scripting language, developed by Netscape Navigator. It can be used to replace CGI scripts for client-side.
1 CSC160 Chapter 1: Introduction to JavaScript Chapter 2: Placing JavaScript in an HTML File.
INTERNET APPLICATIONS CPIT405 Forms, Internal links, meta tags, search engine friendly websites.
HTML Tutorial. What is HTML HTML is a markup language for describing web documents (web pages) HTML documents are described by HTML tags Each HTML tag.
XP Creating Web Pages with Microsoft Office
HTML PROJECT #1 Project 1 Introduction to HTML. HTML Project 1: Introduction to HTML 2 Project Objectives 1.Describe the Internet and its associated key.
Basic concepts of web design
Project 1 Introduction to HTML.
Chapter 27 WWW and HTTP.
HTML Structure.
Common Page Design Elements
Use an Internet Browser
Presentation transcript:

csci5931 Web Security1 More Web Hacking & Tools: HTML Source and Site Linkage Analysis (MSS book)

csci5931 Web Security2 Topics A. Ch. 7 (Reading between the lines) B. Ch. 8 (Site Linkage Analysis)

csci5931 Web Security3 Reading between the lines  Whenever you view a Web page through a browser, you see only the browser’s interpretation and rendering of the content delivered to it.  Vast amount of information may be hidden from view: HTML comments, hidden input fields, tags, JavaScript codes, …  What you see isn’t necessarily what you get.  What you can’t see isn’t necessarily not there!

csci5931 Web Security4 Reading between the lines  Source sifting: Going through the HTML source of a Web page to find clues for Web hacking  Manual source sifting can be a painstaking task.  There exist automated source sifting techniques and tools.  Information leakage through HTML may seem trivial, but it adds pieces of information to the attacker’s toolbox.

csci5931 Web Security5 Reading between the lines  c.f., source code disclosure attacks Techniques whereby the Web server is tricked into sending the source code of a script or an application without its being parsed or executed; The attacker gets to see the source code as it was coded in the original script.  Source sifting only lets the viewer see the HTML content generated by the script, not the actual code of the script.

csci5931 Web Security6 Source Sifting using the Browser  Netscape Navigator: View | Page Source  Internet Explorer: View | Source  For HTML specification, refer to

csci5931 Web Security7 Source Sifting: Clues to look for A. HTML comments revision history, details about the developer/author, cross-references to files and scripts, reminders and placeholders, comments inserted by Web application servers, old “commented-out” codes

csci5931 Web Security8 Source Sifting: Clues to look for B. Internal and external hyperlinks Hyperlinks may link resources within the same Web site, or to resources on external Web sites. Studying hyperlinks helps to reveal how the application is structured and thus may help to identify the weak link.

csci5931 Web Security9 Source Sifting: Clues to look for C. addresses and usernames or as part of the comments “ harvesting”: Using a Web crawler program to gather addresses from Web pages D. Keywords and meta tags an HTML page = the HTML header + the body The header holds information about the contents of the body section, such as the title, the name of the author, etc.

csci5931 Web Security10 Source Sifting: Clues to look for E. Hidden input fields Problems: 1. information leakage 2. possible tampering of the hidden fields F. Client-side scripts Problems: visible and modifiable by the users Lessons: Use server-side scripts if possible.

csci5931 Web Security11 Automated Source Sifting  wget  grep  Sam Spade  Black Widow  Teleport Pro (shareware, up to 40 trials before registration) Teleport Ultra (trial version available)

csci5931 Web Security12 Teleport Pro - New project wizard

csci5931 Web Security13 Teleport Pro - New project wizard

csci5931 Web Security14 Teleport Pro - New project wizard

csci5931 Web Security15 Teleport Pro - New project wizard

csci5931 Web Security16 Teleport Pro

csci5931 Web Security17 Teleport Pro

csci5931 Web Security18 Teleport Pro

csci5931 Web Security19 Teleport Pro

csci5931 Web Security20 Topics Ch. 8 (Site Linkage Analysis)

csci5931 Web Security21 Site linkage analysis Method to understand the conceptual links between web resources and their functionality. –the purpose of a web page –its type –the overall structure of the web site  The result: An inventory of web resources of a site

csci5931 Web Security22 Procedure of site linkage analysis

csci5931 Web Security23 Automated tools  wget  Black Widow  Funnel web profiler

csci5931 Web Security24 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security25 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security26 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security27 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security28 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security29 Site linkage analysis (example) - Funnel web profiler

csci5931 Web Security30

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.