Presentation is loading. Please wait.

Presentation is loading. Please wait.

Design and logic issues Yes Memory corruption (buffer overflows) Yes-- Malicious script injection --Yes.

Published byJustina Fox Modified over 9 years ago

Similar presentations

Presentation on theme: "Design and logic issues Yes Memory corruption (buffer overflows) Yes-- Malicious script injection --Yes."— Presentation transcript:

1

2

3

4

5

6

7 Design and logic issues Yes Memory corruption (buffer overflows) Yes-- Malicious script injection --Yes

8

9

10

11 Vulnerability example: exposing WinRT to the web WinJS.xhr({url:”http://contoso.com/fetchcmd”}).done( function fulfilled(result) { var cmd = JSON.parse(result.responseText); eval(cmd.evalMe); }

12 Vulnerability example: exposing WinRT to the web WinJS.xhr({url:”http://contoso.com/fetchcmd”}).done( function fulfilled(result) { var cmd = JSON.parse(result.responseText); switch(cmd.apiNum) { case 0: localFolder.createFileAsync(cmd.filename).then(function (f){ windows.Storage.FilIO.writeTextAsync(f,cmd.content); } case 1: …

13

14

15

16

17

18

19

20

21 Windows Runtime and capabilities YesNo Cross-domain XHR requests YesNo External script references NoYes Automatic toStaticHTML validation YesNo

22

23

24

25 Following established patterns can produce code that’s easier to test and debug.

26

27

28

29

30 Validate source of postMessage event // Secure message handler, validates message domain origin window.addEventListener('message', function (e) { if (e.origin === 'http://data.contoso.com') { div.innerHTML = window.toStaticHTML(e.data); } }, false);

31 Sanitizing HTML from share source if(shareOperation.data.contains(StandardDataFormats.html)) { shareOperation.data.getHtmlFormatAsync().then(function (ut_html) { if (ut_html !== null) { var s_htmlFragment = HtmlFormatHelper.getStaticFragment(ut_html); var myDiv = document.getElementById("htmlContent"); myDiv.innerHTML = s_htmlFragment; } });

32 You can now navigate a WebView directly to saved content in your AppData directory. The domain for saved content is based on the directory. Preserve same-origin policy. Save HTML content from different domains to different directories.

33 Vulnerability: SOP violation (pseudo code) page1 = xhr(“http://contoso.com/page1.html”); page2 = xhr(“http://adnetwork.net/1-78235-872.html”); Windows.Storage.ApplicationData.current.localFolder.createFolderAsync( “MySaved”); // save page1 and page2 content to files in MySaved folder // navigate to page2.html myWebView.navigate(“ms-appdata:///local/MySaved/page2.html”) // page2 can access contents of page 1.

34

35

36 Custom certificate in the app manifest

37 Encrypt sensitive data using WinRT API Windows.Security.Cryptography.DataProtection Use XDomainRequest instead of XHR when cookies are not needed See MSDN documentation and links in resources for more details.

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

Download ppt "Design and logic issues Yes Memory corruption (buffer overflows) Yes-- Malicious script injection --Yes."

Similar presentations

Same Origin Policies Hidetake Jo.

Same Origin Policies Hidetake Jo.
Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.

Hands-on SQL Injection Attack and Defense HI-TEC July 21, 2013.
JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.

JavaScript FaaDoOEngineers.com FaaDoOEngineers.com.
Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky Chang Oct 13, 2014 The Hong Kong Polytechnic University Information Security.

Analyzing Android Browser Apps for file:// Vulnerabilities Daoyuan Wu and Rocky Chang Oct 13, 2014 The Hong Kong Polytechnic University Information Security.
An Evaluation of the Google Chrome Extension Security Architecture

An Evaluation of the Google Chrome Extension Security Architecture
Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University

Web Security Model CSE 591 – Security and Vulnerability Analysis Spring 2015 Adam Doupé Arizona State University
It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.

It’s always better live. MSDN Events Securing Web Applications Part 1 of 2 Understanding Threats and Attacks.
DT211/3 Internet Application Development

DT211/3 Internet Application Development
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.

Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
Tutorial 10 Programming with JavaScript

Tutorial 10 Programming with JavaScript
Beware of Finer-Grained Origins

Beware of Finer-Grained Origins
Chapter 4 Application Security Knowledge and Test Prep

Chapter 4 Application Security Knowledge and Test Prep
Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.

Jonas Thomsen, Ph.d. student Computer Science University of Aarhus Best Practices and Techniques for Building Secure Microsoft.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Modern JavaScript Develop And Design Instructor’s Notes Chapter 2- JavaScript in Action Modern JavaScript Design And Develop Copyright © 2012 by Larry.

Modern JavaScript Develop And Design Instructor’s Notes Chapter 2- JavaScript in Action Modern JavaScript Design And Develop Copyright © 2012 by Larry.
Understanding SharePoint 2013 Add-In Security Vulnerabilities

Understanding SharePoint 2013 Add-In Security Vulnerabilities
Presented by…. Group 2 1. Programming language 2Introduction.

Presented by…. Group 2 1. Programming language 2Introduction.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.

Architecture Of ASP.NET. What is ASP?  Server-side scripting technology.  Files containing HTML and scripting code.  Access via HTTP requests.  Scripting.
Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.

Testing Tools. Categories of testing tools Black box testing, or functional testing Testing performed via GUI. The tool helps in emulating end-user actions.

Similar presentations

Ads by Google