end to end injection safety at scale
play

End-to-end Injection Safety at Scale Mike Samuel, Google Security - PowerPoint PPT Presentation

Jan 23, 2023 •109 likes •407 views

End-to-end Injection Safety at Scale Mike Samuel, Google Security Engineering March 2019 2019 | About me Security engineer @ Google Hacks libraries, tools, languages TC39 member ( JavaScript language committee ) Editor of "A Roadmap

  1. End-to-end Injection Safety at Scale Mike Samuel, Google Security Engineering March 2019 2019 |

  2. About me Security engineer @ Google Hacks libraries, tools, languages TC39 member ( JavaScript language committee ) Editor of "A Roadmap for Node.js Security" Mission: make the easiest way to express an idea in code, a secure way @mvsamuel 2019 |

  3. Trusted Types ● W3 Proposal ● Builds on 6+ years of experience within Google ● Protects Gmail, many other complex apps ● Evidence of efficacy 2019 |

  4. Trusted Types 1. Problem statement 2. Small change ⇨ big organizational effect 3. Adoption in practice 4. Early adopters welcome 2019 |

  5. "Today, a novice programmer cannot write a complex but secure application." Breaking XSS mitigations via Script Gadgets - blackhat 2017 2019 |

  6. 2019 |

  7. 2019 |

  8. 2019 |

  9. "Today, a novice programmer cannot write a complex but secure application." Breaking XSS mitigations via Script Gadgets - blackhat 2017 2019 |

  10. Reduce developers' security burden. Move it to security professionals. 2019 |

  11. Client-side JavaScript <div id=foo></div> <script> var foo = document.querySelector('#foo'); foo.innerHTML = 'raw-string'; </script> 2019 |

  12. Client-side JavaScript <meta http-equiv=... content="trusted-types p" /> <div id=foo></div> <script> var foo = document.querySelector('#foo'); foo.innerHTML = 'raw-string'; </script> 2019 |

  13. Trusted Types make Trust decisions explicit <meta http-equiv=... content="trusted-types p" /> <div id=foo></div> <script> var foo = document.querySelector('#foo'); var policy = TrustedTypes.createPolicy('p', {} ); var trusted = policy.createHTML('raw-string'); foo.innerHTML = trusted; </script> 2019 |

  14. Trusted Types make Trust decisions explicit <meta http-equiv=... content="trusted-types p" /> <div id=foo></div> <script> var foo = document.querySelector('#foo'); var policy = TrustedTypes.createPolicy('p', {} ); var trusted = policy.createHTML('raw-string'); foo.innerHTML = trusted; </script> 2019 |

  15. Trusted Types make Trust decisions explicit Our code is safe because <meta http-equiv=... content="trusted-types p" /> trust decisions are explicit & reviewed by security team <div id=foo></div> and we check trustedness <script> before doing the undoable. var foo = document.querySelector('#foo'); var policy = TrustedTypes.createPolicy('p', {} ); var trusted = policy.createHTML('raw-string'); foo.innerHTML = trusted; </script> 2019 |

  16. Step 1. Flip the switch ● Trust decisions ● Trust decisions Implicit Implicit ● No separation btw. ● No separation btw. sensitive and other sensitive and other code code ● Un-undoable acts ● Un-undoable acts ⇨ not checked checked ● Bugs non-obvious ● Bugs obvious ● Fails unsafe ● Fails safe 2019 |

  17. Step 2. Consolidate tricky code ● Trust decisions ● Trust decisions Implicit explicit ● No separation btw. ● Separation btw. sensitive and other sensitive and other code code ● Un-undoable acts ● Un-undoable acts ⇨ checked checked ● Bugs obvious ● Bugs obvious, fewer ● Fails safe ● Fails safe ● Sensitive code not scrutinized 2019 |

  18. Step 3. Automatically loop in reviewers ● Trust decisions ● Trust decisions explicit explicit ● Separation btw. ● Separation btw. sensitive and other sensitive and other code code ● Un-undoable acts ● Un-undoable acts ⇨ checked checked ● Bugs obvious, fewer ● Bugs obvious, fewer ● Fails safe ● Fails safe ● Sensitive code not ● Sensitive code scrutinized scrutinized 2019 |

  19. Lightweight process help.github.com/en/articles/about-code-owners "Code owners are automatically requested for review when someone opens a pull request that modifies code that they own." CODEOWNERS # Files under sensitive/ need extra sign-off sensitive/ @securityperson 2019 |

  20. Trusted Types make Trust decisions explicit Our code is safe because <meta http-equiv=... content="trusted-types p" /> trust decisions are explicit & reviewed by security team <div id=foo></div> and we check trustedness <script> before doing the undoable. var foo = document.querySelector('#foo'); var policy = TrustedTypes.createPolicy('p', {} ); var trusted = policy.createHTML('raw-string'); foo.innerHTML = trusted; </script> 2019 |

  21. github.com/gothinkster/realworld RealWorld React App 2019 |

  22. RealWorld React App public/index.html 2019 |

  23. RealWorld React App src/components/Article/index.js 2019 |

  24. RealWorld React App src/components/Article/index.js 2019 |

  25. RealWorld React App src/index.js 2019 |

  26. RealWorld React App src/trustedtypes.js 2019 |

  27. Tools Integration Most trust decisions in common infrastructure that is safe-by-construction: ● Template Systems (strict, contextually autoescaped) ● Sanitizers ● Programmatic Builder APIs ● Protobufs bridge server- and client-side trusted values. 2019 |

  28. Trusted Types Gets security eyes on decisions to trust Long experience migrating projects Reduces XSS payments to vulnerability hunters Proposed as web standard Available in Chrome with origin trial token Contributors in Munich, NY, Prague, Seattle, Zürich 2019 |

  29. Resources ● Early adopters: trusted-types@googlegroups.com ● Specification: github.com/WICG/trusted-types ● "Securing the Tangled Web" by C. Kern, ACM Queue 2014 @mvsamuel (Ask me about tools integration) 2019 |

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection

Injection Safety Every Provider s Responsibility Outline Safe Injection Practices The ONE and ONLY Campaign Outbreak History Mistaken Beliefs A Call to Action Resources and Information

591 views • 20 slides
A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a

A1 (Part 2): Injection SQL Injection SQL injection is prevalent SQL injection is impactful Why a password manager is a good idea! SQL injection is ironic SQL injection is funny Overviewtrated Account Summary Account: Account: &quot;SELECT

445 views • 32 slides
5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring

5.2) Injections (part 2) Shell Injection, XML Injection, LDAP injection Emmanuel Benoist Spring Term 2016 Berner Fachhochschule | Haute cole spcialise bernoise | Berne University of Applied Sciences 1 Table of Contents Injection in PHP

995 views • 73 slides
A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks

A1 (Part 3): Injection Blind SQL Injection Blind SQL Injection SQL injectio ion that tricks ks databases into reveal l information by way of the success or failure of injected querie ies Analogous example le: Login prompt that stops ps

602 views • 14 slides
Consum er safety issues Approach for injection site residues Presented by: Bruno Urbain CVMP

Consum er safety issues Approach for injection site residues Presented by: Bruno Urbain CVMP

Consum er safety issues Approach for injection site residues Presented by: Bruno Urbain CVMP member (BE) An agency of the European Union Revised reflection paper ( RP) on injection site ( I S) residues: considerations for risk assessm ent

488 views • 11 slides
Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch type of injection mismatch will lead to an emittance blow-up. Off axis

Injection mismatch: As a rule, proton/ion accelerators need their full aperture at injection, thus avoiding mismatch allows a beam of larger normalized emittance * and containing more Protons. In proton/ion ring accelerators any Injection

454 views • 4 slides
A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application

A1 (Part 1): Injection Command and Code injection A1 Injection Tricking an application into executing commands or code embedded in data Data and code mixing! Often injected into interpreters SQL, PHP, Python, JavaScript, LDAP,

377 views • 14 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

466 views • 29 slides
INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible

TECHNOLOGY APPLICATIONS FOR HYDRO ISOLATION AND REPAIR OF UNDERGROUND FACILITIES INJECTION GEL www.eurastechnology.com WHAT IS INJECTION GEL? An injectable gel is a flexible mass of mineral origin, for both dry and wet surfaces solvent-free,

487 views • 21 slides
Scale Up 4 Safety Wessex Patient Safety Collaborative Connecting and sharing across Wessex to

Scale Up 4 Safety Wessex Patient Safety Collaborative Connecting and sharing across Wessex to

Scale Up 4 Safety Wessex Patient Safety Collaborative Connecting and sharing across Wessex to improve patient safety Wessex PSC is looking to partner with up to 5 teams in 17/18 to support patient safety scale up projects across Wessex Partners

544 views • 10 slides
Overflows, Injection, and Memory Safety CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Overflows, Injection, and Memory Safety CS 161: Computer Security Prof. Vern Paxson TAs: Paul

Overflows, Injection, and Memory Safety CS 161: Computer Security Prof. Vern Paxson TAs: Paul Bramsen, Apoorva Dornadula, David Fifield, Mia Gil Epner, David Hahn, Warren He, Grant Ho, Frank Li, Nathan Malkin, Mitar Milutinovic, Rishabh Poddar,

665 views • 42 slides
A VERY BAD PLACE TO TRY AN EXPERIMENT? URSA PAD A INJECTION WELL Robert L. Arrington,

A VERY BAD PLACE TO TRY AN EXPERIMENT? URSA PAD A INJECTION WELL Robert L. Arrington,

A VERY BAD PLACE TO TRY AN EXPERIMENT? URSA PAD A INJECTION WELL Robert L. Arrington, P.E. Battlement Mesa, Colorado GEOLOGIC TIME SCALE ERA PERIOD Quaternary Tertiary Cretaceous Jurassic

370 views • 18 slides
The use of the Abbreviated Injury Scale in the Swedish Road Safety effort The definition of a

The use of the Abbreviated Injury Scale in the Swedish Road Safety effort The definition of a

The use of the Abbreviated Injury Scale in the Swedish Road Safety effort The definition of a serious injury Hans-Yngve Berg, Ph. D Senior Road Safety Analyst Systematic approach in road safety work 1. Define the burden and nature of road

598 views • 21 slides
Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry

Reaction Injection Molding (RIM)- Low Quantity Injection Molding for the Life Sciences Industry Presented by: Ken Schweitz, President and Doug Culbertson, VP Business Development of Premold Corp Section I. Advantages of RIM Economical

441 views • 29 slides
Occupational Health and Safety in Small Scale Mines Prof. Dr. K. G. Jadoon Balochistan

Occupational Health and Safety in Small Scale Mines Prof. Dr. K. G. Jadoon Balochistan

Occupational Health and Safety in Small Scale Mines Prof. Dr. K. G. Jadoon Balochistan University of Information Technology Engineering and Management Sciences, Quetta Small scale Mining Definition Different countries have different criteria

625 views • 39 slides
C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore

C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore

C0 2 / Acid Gas Injection Well Injection Well Conversion Prepared for the 5 Th Well Bore Integrity Network Meeting. Calgary Alberta May 14, 2009 Agenda Wellbore integrity Well design with annular integrity Well design without

443 views • 22 slides
Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU

Understanding and Automatically Preventing Injection Attacks on Node.js Michael Pradel TU Darmstadt Joint work with Cristian Staicu (TU Darmstadt) and Ben Livshits (Microsoft Research, Redmond) 1 Why JavaScript? Relevant and challenging

520 views • 48 slides
The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation *

The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation *

Center for W eb I ntelligence Center for W eb I ntelligence School of CTI, DePaul University Chicago, Illinois, USA The Impact of Attack Profile Classification on the Robustness of Collaborative Recommendation * Chad Williams, Runa Bhaumik,

380 views • 24 slides
Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

Static vs. Dynamic Analysis Static analysis: analyze source code or byte code Imprecise

I NTELLI D ROID A Targeted Input Generator for the Dynamic Analysis of Android Malware Michelle Y. Wong and David Lie University of Toronto Department of Electrical and Computer Engineering NDSS Symposium 2016 ! ! ! B ACKGROUND Static vs.

1.02k views • 32 slides
COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in

COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in

COMMAND INJECTION IN IRULES LOADBALANCER SCRIPTS A story about how TCL interpretation works in F5 iRules and how it can be detected or exploited WHOAMI AND THANKS Big thanks to my fellow researchers Jesper Blomstrm Pasi Saarinen

679 views • 47 slides
Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions

SAC Summer School 2019 Encrypted Search: Leakage Attacks Seny Kamara How do we Deal with Leakage? Our definitions allow us to prove that our schemes achieve a certain leakage profile but doesnt tell us if a leakage profile is

477 views • 22 slides
Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models

Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models

Physics of Injection-induced Earthquakes Unveiled by Seismic Wave Analysis and Numerical Models Yihe Huang University of Michigan Injection-induced earthquakes : Earthquakes induced by fluid injection related to energy technologies including

756 views • 32 slides
BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP

BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP

BP MIDSTREAM PARTNERS BP Midstream Partners 4Q and full year 2018 Results February 28, 2019 BP MAD DOG 1 BP MIDSTREAM PARTNERS 4Q &amp; FULL YEAR 2018 RESULTS Offshore deepwater Gulf of Mexico Cautionary statement BP MIDSTREAM PARTNERS

456 views • 27 slides
Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20,

Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20,

Practical Enclave Malware with Intel SGX Michael Schwarz, Samuel Weiser, Daniel Gruss June 20, 2019 - DIMVA19 Graz University of Technology www.tugraz.at Outline SGX 2 Michael Schwarz , Samuel Weiser, Daniel Gruss Graz University of

1.34k views • 100 slides

More recommend