Secure Programming Laboratory 4: Web Attack SP Demonstrators: - - PowerPoint PPT Presentation

▶

Apr 04, 2024 471 likes •561 views

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and

SLIDE 1

Secure Programming Laboratory 4: Web Attack

SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019

SLIDE 2

Orientation

This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and other resources are available online via the course web page. ◮ If you have question about the past labs, ask us.

SLIDE 3

What is this lab about?

Cross Site Scripting ◮ Task 1 ~ 2 Attaching JavaScript in web request ◮ Task 3 ~ 5 Attaching attack payload in web request ◮ Task 6 Cross Site Scripting Worm ◮ Task 7 Countermeasures for Cross Site Scripting Cross Site Request Forgery (optional) ◮ Task 1 Web request analysing tools ◮ Task 2 ~ 3 Cross Site Request Forgery ◮ Task 4 Countermeasures for CSRF

SLIDE 4

What do we hope you will learn?

◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

SLIDE 5

Warning

◮ You will be attacking a web server, always point your attack payload to localhost of the seedlab. ◮ You will be attacking the web server on the following url

◮ http://www.xsslabelgg.com. ◮ http://www.csrflabattacker.com. ◮ http://www.csrflabelgg.com.

We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network. ◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN THE SEED LAB ENVIRONMENT

SLIDE 6

Solutions and Checkpoints

You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your

wn use, to check your understanding and when revising

the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for

ther students using SEED labs around the world.

During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

SLIDE 7

Coursework Reminder

Coursework deadline: 5pm TODAY (Before the end

f this lab)

You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

SLIDE 8

Secure Programming Laboratory 4: Web Attack SP Demonstrators: - - PowerPoint PPT Presentation

Secure Programming Laboratory 4: Web Attack

SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019

Orientation

This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and other resources are available online via the course web page. ◮ If you have question about the past labs, ask us.

What is this lab about?

What do we hope you will learn?

◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

Warning

◮ You will be attacking a web server, always point your attack payload to localhost of the seedlab. ◮ You will be attacking the web server on the following url

◮ http://www.xsslabelgg.com. ◮ http://www.csrflabattacker.com. ◮ http://www.csrflabelgg.com.

We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network. ◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN THE SEED LAB ENVIRONMENT

Solutions and Checkpoints

You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your

the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for

During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

Coursework Reminder

Coursework deadline: 5pm TODAY (Before the end

You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

Good Luck!

We hope you enjoy the lab.