6. Stealing Session Cookies
Step 2: Cookie is sent to
Attacker
Step 3: Attacker hijacks
Step 1: Victim Clicks Attack Victim’s session by adding
Payload stolen cookie to the browser
7. Steal Passwords
Step 2: Victim is
forced to re-login
Step 1: Victim Clicks Attack
Payload Step 3: Malicious payload
sends username and
password to Attacker
9. DB Compromise :(
Step 2: Victim can’t
Step 1: Attacker shuts DB do anything on the
website. DB is down
10. What’s the biggest app security issue?
Cross Site Scripting?
SQL / Command Injection?
Malicious URL Redirection?
Malicious File Execution?
Answer: It is temporal.
And this approach, not appropriate
http://www.flickr.com/photos/34838158@N00/3370167184/
11. OK. Let’s try again.
A better approach.
What’s that single biggest solution?
http://www.flickr.com/photos/14318462@N00/66012169/
12. What’s that single biggest solution?
Context-sensitive Auto Sanitization
&
Defensive Coding
http://www.flickr.com/photos/55046645@N00/3933514241/
13. (includes validation and encoding) Sanitization
http://www.flickr.com/photos/37386206@N08/4056667699/
14. (Use Platforms with) Auto (Sanitization)
http://www.flickr.com/photos/73344134@N00/2366984016/
16. But Evolution Doesn’t stop
No prod auto Web 2.0
solution yet. DOM
Ajax/JSON/
Encode Manually XML
But that’s highly
error prone. Misuse cases
http://www.flickr.com/photos/88442983@N00/1541378785/
17. Defensive Coding
• Evolution Theory
• E.g. quality code/capability
– document.getElementById('
myAnchor').innerHTML=url;
– YUI().use('node', function
(Y) {
var node =
Y.one('#myanchor');
node.set('text',url);});
• But why do so
– Murphy’s Law
– Mr. Einstein said as well
http://www.flickr.com/photos/diavolo/5870934960/
18. Yes, takes 2 to tango..
http://www.flickr.com/photos/9737768@N04/3537843322/