Secure Programming Laboratory 4: Web Attack SP Demonstrators: - - PowerPoint PPT Presentation

▶

Sep 02, 2023 354 likes •442 views

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other

SLIDE 1

Secure Programming Laboratory 4: Web Attack

SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019

SLIDE 2

Orientation

This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other resources are available online via the course web page.

◮ If you have question about the past labs, ask us.

SLIDE 3

What is this lab about?

Cross Site Scripting

◮ Task 1 ~ 2 Attaching JavaScript in web request ◮ Task 3 ~ 5 Attaching attack payload in web request ◮ Task 6 Cross Site Scripting Worm ◮ Task 7 Countermeasures for Cross Site Scripting

Cross Site Request Forgery (optional or later)

◮ Task 1 Web request analysing tools ◮ Task 2 ~ 3 Cross Site Request Forgery ◮ Task 4 Countermeasures for CSRF

SLIDE 4

What do we hope you will learn?

◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

SLIDE 5

Warning

◮ You will be attacking a web server, always point

your attack payload to localhost of the seedlab.

◮ You will be attacking the web server on the

following url

◮ http://www.xsslabelgg.com. ◮ http://www.csrflabattacker.com. ◮ http://www.csrflabelgg.com.

We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network.

◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN

THE SEED LAB ENVIORNMENT

SLIDE 6

Solutions and Checkpoints

You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your

wn use, to check your understanding and when revising

the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for

ther students using SEED labs around the world.

During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

SLIDE 7

Coursework Reminder

Coursework deadline: 4PM THIS FRIDAY You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

SLIDE 8

Secure Programming Laboratory 4: Web Attack SP Demonstrators: - - PowerPoint PPT Presentation

Secure Programming Laboratory 4: Web Attack

SP Demonstrators: Arthur Chan / David Aspinall 20th March 2019

Orientation

This is the fourth Laboratory Session for Secure Programming It is convened by Arthur and David. The handout and other resources are available online via the course web page.

◮ If you have question about the past labs, ask us.

What is this lab about?

Cross Site Scripting

◮ Task 1 ~ 2 Attaching JavaScript in web request ◮ Task 3 ~ 5 Attaching attack payload in web request ◮ Task 6 Cross Site Scripting Worm ◮ Task 7 Countermeasures for Cross Site Scripting

Cross Site Request Forgery (optional or later)

◮ Task 1 Web request analysing tools ◮ Task 2 ~ 3 Cross Site Request Forgery ◮ Task 4 Countermeasures for CSRF

What do we hope you will learn?

◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

Warning

◮ You will be attacking a web server, always point

your attack payload to localhost of the seedlab.

◮ You will be attacking the web server on the

following url

We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network.

◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN

THE SEED LAB ENVIORNMENT

Solutions and Checkpoints

You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your

the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for

During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

Coursework Reminder

Coursework deadline: 4PM THIS FRIDAY You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

Good Luck!

We hope you enjoy the lab.