Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group 19 Juan O’Connell Justin Rand ECE 4112 Group 19 May 1, 2007 Georgia Institute of Technology College of Engineering School of Electrical and Computer.

Published byJob Tucker Modified over 9 years ago

Similar presentations

Presentation on theme: "Group 19 Juan O’Connell Justin Rand ECE 4112 Group 19 May 1, 2007 Georgia Institute of Technology College of Engineering School of Electrical and Computer."— Presentation transcript:

1 Group 19 Juan O’Connell Justin Rand ECE 4112 Group 19 May 1, 2007 Georgia Institute of Technology College of Engineering School of Electrical and Computer Engineering JavaScript Injection and Web Hacking Techniques

2 Group 19 Motivation To learn more about web security Analyze rather than double click There is no set path to assess vulnerabilities JavaScript is used in millions of web pages Supplement from Lab 9 It is easy to learn!

3 Group 19 What is JavaScript? JavaScript is a dynamic scripting language that supports prototype based object construction Developed by Netscape Adds additional interaction between the web site and its visitors JavaScript is the most popular scripting language on the internet.

4 Group 19 PkCrack – Cracking PkZip Encryption Known plaintext attack –Need unencrypted file Command line program –\PkCrack> pkcrack -C -c -P -p -d »-C »-c »-P »-p »-d

5 Group 19 Lab Layout Section 0: Setup Section 1: JavaScript Section 1.1 – The Basics: JavaScript Tutorial Section 1.2 – JavaScript Injection Section 1.3 – Vulnerability Assessment of Guest Books Section 2 - “Realistic” Web Hack

6 Group 19 Section 1.2 Demo Variable change http://www.prism.gatech.edu/~gtg131v/4112/ The code Grandma’s Cookie http://www.prism.gatech.edu/~gtg131v/4112/ The code <javascript:void:(document.cookie=”Authorized=true”); javascript:alert(document.cookie);>

7 Group 19 Section 1.3 Real Demo Guest Book http://www.legacy.com/Atlanta/Obituaries.asp Assessment code some text Injection Get Creative!

8 Group 19 Solutions JavaScript Injection Always validate the input received against a white list Do not rely on client side validation to validate the user input Validate the input every time Guest Books Use a code filter!

9 Group 19 Section 2 – “Realistic” Web Hack Search page source for hidden directory Download critical file Exploit using PkCrack From here?

10 Group 19

11

12 Solution Limit Directory access Apache can use.htaccess and.htpasswd –Must change httpd.conf »AllowOverride AuthConfig –Create.htaccess in the directory you want to protect »Will reference.htpasswd and ask for authorization

13 Group 19 References –[1] http://www.hackthissite.orghttp://www.hackthissite.org

14 Group 19 ? Questions

Download ppt "Group 19 Juan O’Connell Justin Rand ECE 4112 Group 19 May 1, 2007 Georgia Institute of Technology College of Engineering School of Electrical and Computer."

Similar presentations

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.

17 HTML, Scripting, and Interactivity Section 17.1 Add an audio file using HTML Create a form using HTML Add text boxes using HTML Add radio buttons and.
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.

Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.

What is code injection? Code injection is the exploitation of a computer bug that is caused by processing invalid data. Code injection can be used by.
Chapter 17: WEB COMPONENTS

Chapter 17: WEB COMPONENTS
Web Trust Boundaries and Security Vulnerabilities Haris Volos and Hidayat Teonadi CS739 – Distributed Systems.

Web Trust Boundaries and Security Vulnerabilities Haris Volos and Hidayat Teonadi CS739 – Distributed Systems.
WEB BROWSER SECURITY By Robert Sellers Brian Bauer.

WEB BROWSER SECURITY By Robert Sellers Brian Bauer.
©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane

©2009 Justin C. Klein Keane PHP Code Auditing Session 5 XSS & XSRF Justin C. Klein Keane
IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.

IDAsec copyright - all rights reserved1 Web Vulnerabilities in the real world.
Server-Side vs. Client-Side Scripting Languages

Server-Side vs. Client-Side Scripting Languages
How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.

How Clients and Servers Work Together. Objectives Learn about the interaction of clients and servers Explore the features and functions of Web servers.
There is a certain way that an HTML file should be set up. The HTML section declares a beginning and an ending. Within the HTML, there should be a HEAD.

There is a certain way that an HTML file should be set up. The HTML section declares a beginning and an ending. Within the HTML, there should be a HEAD.
Browser Exploitation Framework (BeEF) Lab

Browser Exploitation Framework (BeEF) Lab
Website Generator for SoftLab By Yohann SABBAH & Mikael V.H Cohen -Under the supervision of Viktor Kulikov- Final Presentation 7/20/2015.

Website Generator for SoftLab By Yohann SABBAH & Mikael V.H Cohen -Under the supervision of Viktor Kulikov- Final Presentation 7/20/2015.
COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.

COMPUTER TERMS PART 1. COOKIE A cookie is a small amount of data generated by a website and saved by your web browser. Its purpose is to remember information.
CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?

CROSS SITE SCRIPTING..! (XSS). Overview What is XSS? Types of XSS Real world Example Impact of XSS How to protect against XSS?
Introduction to JavaScript. Aim To enable you to write you first JavaScript.

Introduction to JavaScript. Aim To enable you to write you first JavaScript.
1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)

1 CS428 Web Engineering Lecture 18 Introduction (PHP - I)
Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.

Introducing LAMP: Linux, Apache, MySQL and PHP Track 2 Workshop PacNOG 7 July 1, 2010 Pago Pago, American Samoa.
Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 

Web Application Vulnerabilities Checklist. EC-Council Parameter Checklist  URL request  URL encoding  Query string  Header  Cookie  Form field 
Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Security and Risk Management. Who Am I Matthew Strahan from Content Security Principal Security Consultant I look young, but I’ve been doing this for.

Similar presentations

Ads by Google