web security vulnerabilities attacks
play

Web Security: Vulnerabilities & Attacks Dawn Song Cross-site - PowerPoint PPT Presentation

Feb 29, 2024 •223 likes •760 views

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities & Attacks Dawn Song Cross-site Scripting Dawn Song What is Cross-site Scripting (XSS)? Vulnerability in web application that

  1. Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities & Attacks Dawn Song

  2. Cross-site Scripting Dawn Song

  3. What is Cross-site Scripting (XSS)? • Vulnerability in web application that enables attackers to inject client-side scripts into web pages viewed by other users. Dawn Song

  4. T ype 2 T ype 1 T ype 0 Three T ypes of XSS • Type 2: Persistent or Stored – The attack vector is stored at the server • T ype 1: Refmected – The attack value is ‘refmected’ back by the server • T ype 0: DOM Based – The vulnerability is in the client side code Dawn Song

  5. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail T ransfers banking content User 1. User asks a question via HTTP POST (message: “How do I get a loan?”) Server Dawn Song

  6. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail ransfers T banking content User 1. User asks a question via HTTP POST (message: “How do I get a loan?”) 2. Server stores question in Server database. Dawn Song

  7. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d requests A ccounts Bill Pay Mail T ransfers banking content Associ the ate 1. User asks a questions question via page HTTP POST (message: “How do I get a loan?”) 2. Server stores question in Server database. Dawn Song

  8. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail T ransfers banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST (message: “How do I get a DB loan?”) 2. Server stores question in Server database. Dawn Song

  9. T ype 2 T ype 1 T ype 0 PHP CODE: <? echo "<div class=’question'> $question </div>";?> SAFEBANK login passwor d HTML Code: <div class= ’question' > ”How do I get a loan?” </div> c A counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST (message: “How do I get a DB 5. Server loan?”) returns HTML 2. Server stores embedded with question in the question Server database. Dawn Song

  10. T ype 2 T ype 1 T ype 0 PHP CODE: <? echo "<div class=’question'> $question </div>";?> SAFEBANK login passwor d HTML Code: <div class= ’question' > ”How do I get a loan?” </div> A c counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST SAFEBA (message: “How do I get a DB 5. Server loan?”) NK Customer 5: returns HTML “How do I get a loan?” 2. Server stores embedded with question in the question Server database. Dawn Song

  11. T ype 2 T ype 1 T ype 0 T ype 2 XSS Injection Look at the following code fragments. Which one of these could possibly be a comment that could be used to perform a XSS injection? a. '; system('rm –rf /'); b. rm –rf / c. DROP TABLE QUESTIONS; d. <script>doEvil()</script> Dawn Song

  12. T ype 2 T ype 1 T ype 0 Script Injection Which one of these could possibly be a comment that could be used to perform a XSS injection? a. '; system('rm –rf /'); b. rm –rf / c. DROP TABLE QUESTIONS; d. <script>doEvil()</script> <html><body> ... <div class=‘question’> <script>doEvil()</script> </div> ... </body></html> Dawn Song

  13. T ype 2 T ype 1 T ype 0 Stored XSS 1. Attacker asks malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) Server Dawn Song

  14. T ype 2 T ype 1 T ype 0 Stored XSS 1. Attacker asks malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  15. T ype 2 T ype 1 T ype 0 Stored XSS 3. Victim requests SAFEBANK login passwor d the A ccounts Bill Pay Mail T ransfers banking content Associ questions ate 1. Attacker asks page malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  16. T ype 2 T ype 1 T ype 0 Stored XSS 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  17. T ype 2 T ype 1 T ype 0 Stored XSS PHP CODE: <? echo "<div class=’question'> $question </div>";?> HTML Code: <div class= ’question' > <script>doEvil()</script> </div> 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB 5. Server returns ( message: “<script>doEvil()</script>” ) HTML embedded 2. Server with malicious stores question Server question in Dawn Song

  18. T ype 2 T ype 1 T ype 0 Stored XSS PHP CODE: <? echo "<div class=’question'> $question </div>";?> HTML Code: <div class= ’question' > <script>doEvil()</script> </div> 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB SAFEBA 5. Server returns ( message: NK “<script>doEvil()</script>” ) Customer 5: HTML embedded 2. Server with malicious stores question Server question in Dawn Song

  19. T ype 2 T ype 1 T ype 0 Three T ypes of XSS • T ype 2: Persistent or Stored – The attack vector is stored at the server • Type 1: Refmected – The attack value is ‘refmected’ back by the server • T ype 0: DOM Based – The vulnerability is in the client side code Dawn Song

  20. T ype 2 T ype 1 T ype 0 Example Continued: Blog • safebank.com also has a transaction search interface at search.php safebank.com/search.php?query=chocolate • search.php accepts a query and shows the SAFEBA results, with a helpful message at the top. NK Your query chocolate returned 81 results. <? echo “Your query $_GET['query'] returned (results) $num results.";?> Example: Your query chocolate returned 81 results. • What is a possible malicious URI an attacker could use to exploit this? Dawn Song

  21. T ype 2 T ype 1 T ype 0 T ype 1: Refmected XSS A request to “search.php?query=<script>doEvil()</script>” causes script injection. Note that the query is never stored on the server, hence the term 'refmected' PHP Code: <? echo “Your query $_GET['query'] returned $num results.";?> HTML Code: Your query <script>doEvil()</script> returned 0 results But this only injects code in the attacker’s page. The attacker needs to inject code in the user’s page for the attack to be efgective. Dawn Song

  22. T ype 2 T ype 1 T ype 0 Refmected XSS 1. Send Email with malicious link safebank.com/search.php?query=<script>doEvil()</script> (email client) User Vulnerable Server Dawn Song

  23. T ype 2 T ype 1 T ype 0 Refmected XSS 1. Send Email with malicious link safebank.com/search.php?query=<script>doEvil()</script> 2. Click on Link with malicious params (email client) User Vulnerable Server Dawn Song

  24. T ype 2 T ype 1 T ype 0 Refmected XSS Your query 1. Send Email <script>doEvil()</script> with malicious link returned 0 results safebank.com/search.php?query=<script>doEvil()</script> 3. Server inserts malicious params into HTML 2. Click on Link with malicious params (email client) User Vulnerable Server Dawn Song

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song

Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song

Computer Security Course. Dawn Song Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song Example Application Consider a social networking site, GraceBook, that allows users to share happenings from

696 views • 54 slides
Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password?

652 views • 47 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

10/25/19 Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio Network Security Byzantine failures in distributed spectrum sensing Security vulnerabilities in IEEE 802.22 Yao Zheng 1 2

383 views • 7 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

471 views • 21 slides
SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access Control 6 Security

682 views • 8 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security &amp; Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and Stefan Savage Department of Computer Science and Engineering University of California, San Diego Motivation n 802.11-based networks have flourished

389 views • 25 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Objectives Continuing text processing, manipulation String operations, processing, methods

Objectives Continuing text processing, manipulation String operations, processing, methods

Objectives Continuing text processing, manipulation String operations, processing, methods Feb 25, 2019 Sprenkle - CSCI111 1 Review How do we represent text? How can we represent really long text? How can we combine strings?

364 views • 14 slides
Remembering subresults (Part I): Well-formed substring tables Detmar Meurers: Intro to

Remembering subresults (Part I): Well-formed substring tables Detmar Meurers: Intro to

Remembering subresults (Part I): Well-formed substring tables Detmar Meurers: Intro to Computational Linguistics I OSU, LING 684.01, 12. February 2004 Problem: Inefficiency of recomputing subresults Two example sentences and their potential

686 views • 65 slides
holder.addCallback(this); holder.setType(SurfaceHolder.STP); MediaRecorder r = new

holder.addCallback(this); holder.setType(SurfaceHolder.STP); MediaRecorder r = new

Camera camera = Camera.open(); Camera camera = Camera.open(); camera.setDisplayOrientation(90); camera.setDisplayOrientation(90); camera.unlock(); SurfaceHolder holder = getHolder(); holder.addCallback(this);

324 views • 21 slides
# Camera camera = Camera.open();

# Camera camera = Camera.open();

# Camera camera = Camera.open(); Camera camera = Camera.open(); camera.setDisplayOrientation(90); camera.setDisplayOrientation(90); camera.unlock(); SurfaceHolder holder =

819 views • 33 slides
Hierarchical Overlap Graph B. Cazaux and E. Rivals LIRMM &amp; IBC, Montpellier 8. Feb. 2018

Hierarchical Overlap Graph B. Cazaux and E. Rivals LIRMM &amp; IBC, Montpellier 8. Feb. 2018

Hierarchical Overlap Graph B. Cazaux and E. Rivals LIRMM &amp; IBC, Montpellier 8. Feb. 2018 arXiv:1802.04632 2018 B. Cazaux &amp; E. Rivals 1 / 29 Overlap Graph for a set of words Consider the set P := { abaa , abba , ababb , aab } The

580 views • 41 slides
Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan

Finding Characteristic Substrings from Compressed Texts Shunsuke Inenaga Kyushu University, Japan Hideo Bannai Kyushu University, Japan Text Mining and Text Compression Text mining is a task of finding some rule and/or knowledge from given textual

719 views • 45 slides
Suffix Tries Slides adapted from the course by Ben Langmead ben.langmead@gmail.com Indexing with

Suffix Tries Slides adapted from the course by Ben Langmead ben.langmead@gmail.com Indexing with

Suffix Tries Slides adapted from the course by Ben Langmead ben.langmead@gmail.com Indexing with su ffi xes Until now, our indexes have been based on extracting substrings from T A very di ff erent approach is to extract su ffi xes from T. This

471 views • 24 slides
Exercise 3.7. Find a regular expression corresponding to each of the following subsets of { a, b }

Exercise 3.7. Find a regular expression corresponding to each of the following subsets of { a, b }

Exercise 3.7. Find a regular expression corresponding to each of the following subsets of { a, b } . a. The language of all strings containing exactly two a s. c. The language of all strings that do not end with ab . e. The language of all

214 views • 8 slides

More recommend