web security vulnerabilities attacks
play

Web Security: Vulnerabilities & Attacks Dawn Song Cross-site - PowerPoint PPT Presentation

Aug 24, 2022 •144 likes •696 views

Computer Security Course. Dawn Song Web Security: Vulnerabilities & Attacks Dawn Song Cross-site Request Forgery Dawn Song Example Application Consider a social networking site, GraceBook, that allows users to share happenings from

  1. Computer Security Course. Dawn Song Web Security: Vulnerabilities & Attacks Dawn Song

  2. Cross-site Request Forgery Dawn Song

  3. Example Application Consider a social networking site, GraceBook, that allows users to ‘share’ happenings from around the web. Users can click the “Share with GraceBook” button which publishes content to GraceBook. When users press the share button, a POST request to http://www.gracebook.com/share.php is made and gracebook.com makes the necessary updates on the server. Dawn Song

  4. Running Example Web Server Client Browser GET form.php URL Request form.php www.gracebook.com Dawn Song

  5. Running Example Web Server Client Browser GET form.php URL Request <html><body>… form.php Request Response www.gracebook.com Dawn Song

  6. Running Example <html><body> <div> Update your status: <form action= "http://www.gracebook.com/share.php" method= "post" > <input name= "text" value= "Feeling good!" ></input> <input type= "submit" value= "Share" ></input> </form> </div> </body></html> Dawn Song

  7. Running Example Update your status: Share Feeling good! Displays to user Web Server Client Browser www.gracebook.com Dawn Song

  8. Running Example Update your status: Share Feeling good! Displays to user Web Server Client Browser share.php text=Feeling Good! On “Share” click share.php www.gracebook.com Dawn Song

  9. Running Example Update your status: Share Feeling good! Displays to user Web Server Client Browser share.php text=Feeling Good! On “Share” click share.php Session Cookie www.gracebook.com Dawn Song

  10. Running Example Update your status: Share Feeling good! Displays to user Web Server Client Browser share.php text=Feeling Good! On “Share” click share.php valid session cookie? Session Cookie www.gracebook.com Dawn Song

  11. Running Example status: Update your status: DB “Feeling Share Feeling good! Server Good!” Displays to user Web Server Client Browser share.php text=Feeling Good! On “Share” click share.php update user’s status with the text “Feeling good!” Session Cookie www.gracebook.com Dawn Song

  12. Network Requests The HTTP POST Request looks like this: POST /share.php HTTP/1.1 Host: www.gracebook.com User-Agent: Mozilla/5.0 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Referer: https://www.gracebook.com/form.php Cookie: auth=beb18dcd75f2c225a9dcd71c73a8d77b5c304fb8 text=Feeling good! Dawn Song

  13. CSRF Attack • The attacker , on attacker.com , creates a page containing the following HTML: <form action= "http://www.gracebook.com/share.php" method= "post" id= " f" > <input type= "hidden" name= "text" value= "SPAM COMMENT" ></input> <script>document.getElementById ( 'f' ). submit (); </script> • What will happen when the user visits the page? a) The spam comment will be posted to user’s share feed on gracebook.com b) The spam comment will be posted to user’s share feed if the user is currently logged in on gracebook.com c) The spam comment will not be posted to user’s share feed on gracebook.com Dawn Song

  14. CSRF Attack • The attacker , on attacker.com , creates a page containing the following HTML: <form action= "http://www.gracebook.com/share.php" method= "post" id= " f" > <input type= "hidden" name= "text" value= "SPAM COMMENT" ></input> <script>document.getElementById ( 'f' ). submit (); </script> • What will happen when the user visits the page? a) The spam comment will be posted to user’s share feed on gracebook.com b) The spam comment will be posted to user’s share feed if the user is currently logged in on gracebook.com c) The spam comment will not be posted to user’s share feed on gracebook.com Dawn Song

  15. CSRF Attack • JavaScript code can automatically submit the form in the background to post spam to the user’s GraceBook feed. • Similarly, a GET based CSRF is also possible. Making GET requests is easier: just an img tag suffices. <img src= "http://www.gracebook.com/share.php?text=SPAM%20COMMENT" /> Dawn Song

  16. Example Attack status: <input type="hidden" … DB “SPAM Server COMMENT!” Welcome to my harmless site! Displays to user Web Server Client Browser share.php text=SPAM COMMENT! Via JavaScript share.php POST update user’s status with a spam comment Session Cookie Dawn Song

  17. CSRF Defense • Origin headers – Introduction of a new header, similar to Referer. – Unlike Referer, only shows scheme, host, and port (no path data or query string) • Nonce-based – Use a nonce to ensure that only form.php can get to share.php. Dawn Song

  18. CSRF via POST requests Consider the Referer value from the POST request outlined earlier. In the case of the CSRF attacks, will it be different? a. Yes b. No Dawn Song

  19. CSRF via POST requests Consider the Referer value from the POST request outlined earlier. In the case of the CSRF attacks, will it be different? a. Yes b. No Dawn Song

  20. Origin Header • Instead of sending whole referring URL, which might leak private information, only send the referring scheme, host, and port. POST /share.php HTTP/1.1 Host: www.gracebook.com User-Agent: Mozilla/5.0 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://www.gracebook.com/ Cookie: auth=beb18dcd75f2c225a9dcd71c73a8d77b5c304fb8 text=hi Dawn Song

  21. Origin Header • Instead of sending whole referring URL, which might leak private information, only send the referring scheme, host, and port. POST /share.php HTTP/1.1 No path string Host: www.gracebook.com User-Agent: Mozilla/5.0 or query data Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://www.gracebook.com/ Cookie: auth=beb18dcd75f2c225a9dcd71c73a8d77b5c304fb8 text=hi Dawn Song

  22. Nonce based protection • Recall the expected flow of the application: – The message to be shared is first shown to the user on form.php (the GET request) – When user assents, a POST request to share.php makes the actual post • The server creates a nonce, includes it in a hidden field in form.php and checks it in share.php. Dawn Song

  23. Nonce based protection The form with nonce <form action= "share.php" method= "post" > <input type= "hidden" name= "csrfnonce" value= "av834favcb623" > <input type= "textarea" name= "text" value= "Feeling good!" > POST /share.php HTTP/1.1 Host: www.gracebook.com User-Agent: Mozilla/5.0 Accept: */* Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Origin: http://www.gracebook.com/ Cookie: auth=beb18dcd75f2c225a9dcd71c73a8d77b5c304fb8 Text=Feeling good!&csrfnonce=av834favcb623 Server code compares nonce Dawn Song

  24. Legitimate Case Web Server Client Browser GET form.php URL Request form.php Dawn Song

  25. Legitimate Case Web Server Client Browser GET form.php URL Request <html><body> <input type="hidden" name=" form.php csrfnonce" value="av834favcb623">… Request Response Dawn Song

  26. Legitimate Case Update your status: Share Feeling good! <input type="hidden" name="csrfnonce" … Displays to user Web Server Client Browser Dawn Song

  27. Legitimate Case status: Update your status: DB “Feeling Share Feeling good! Server Good!” <input type="hidden" name="csrfnonce" … Displays to user Web Server Client Browser share.php text=Feeling Good! share.php csrfnonce=av834favcb623 update user’s status with the text “Feeling On “Share” click good!” after checking nonce Session Cookie Dawn Song

  28. Attack Case <input type="hidden“ … Welcome to my harmless site! Displays to user Web Server Client Browser share.php text=SPAM COMMENT! Via JavaScript share.php POST fails to update because nonce value is incorrect Session Cookie Dawn Song

  29. Recap • CSRF: Cross Site Request Forgery • An attack which forces an end user to execute unwanted actions on a web application in which he/she is currently authenticated. • Caused because browser automatically includes authorization credentials such as cookies. • Fixed using Origin headers and nonces – Origin headers not supported in older browsers. Dawn Song

  30. Web Session Management Slides credit: Dan Boneh Dawn Song

  31. Same origin policy: “high level” Same Origin Policy (SOP) for DOM: – Origin A can access origin B’s DOM if match on (scheme, domain, port) Same Original Policy (SOP) for cookies: – Based on: ([scheme], domain, path ) optional scheme://domain:port/path?params

  32. Setting/deleting cookies by server GET … Brows er Server HTTP Header: Set-cookie: NAME=VALUE ; domain = (when to send) ; scope if expires=NULL: path = (when to send) this session only secure = (only send over SSL); if expires=past date: expires = (when expires) ; browser deletes cookie HttpOnly Default scope is domain and path of setting URL

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password?

652 views • 47 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

10/25/19 Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio Network Security Byzantine failures in distributed spectrum sensing Security vulnerabilities in IEEE 802.22 Yao Zheng 1 2

383 views • 7 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

471 views • 21 slides
SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access Control 6 Security

682 views • 8 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security &amp; Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Scripting Dawn Song What is

Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Scripting Dawn Song What is

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Scripting Dawn Song What is Cross-site Scripting (XSS)? Vulnerability in web application that

760 views • 53 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and Stefan Savage Department of Computer Science and Engineering University of California, San Diego Motivation n 802.11-based networks have flourished

389 views • 25 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Creating Your Celestial Marriage Many years ago, after World War II, I was attending college.

Creating Your Celestial Marriage Many years ago, after World War II, I was attending college.

CREATING YOUR CELESTIAL MARRIAGE L ESSONS F ROM A D IAMOND R ING Aaron &amp; April Jacob BYU-Idaho Education Week 2015 Creating Your Celestial Marriage Many years ago, after World War II, I was attending college. There I met Donna Smith.

608 views • 38 slides
Programmable Data Plane at Terabit Speeds Milad Sharif SOFTWARE ENGINEER PISA: Protocol

Programmable Data Plane at Terabit Speeds Milad Sharif SOFTWARE ENGINEER PISA: Protocol

AUGUST 2018 Programmable Data Plane at Terabit Speeds Milad Sharif SOFTWARE ENGINEER PISA: Protocol Independent Switch Architecture PISA Block Diagram Match+Action Stage Memory ALU Programmable Programmable Match-Action Pipeline

627 views • 20 slides
Transformations Vectors, bases, and matrices Vectors, bases, and matrices Translation, rotation,

Transformations Vectors, bases, and matrices Vectors, bases, and matrices Translation, rotation,

Announcements Is your account working yet? Watch out for ^M and missing newlines Assignment 1 is due next Thursday at midnight Check the webpage and newsgroup for answers to questions about the assignment Questions on

534 views • 24 slides
Sunday Morning in the Word September 8, 2019 Ministry Year Kickoff Sunday CORE VALUES Gods

Sunday Morning in the Word September 8, 2019 Ministry Year Kickoff Sunday CORE VALUES Gods

Sunday Morning in the Word September 8, 2019 Ministry Year Kickoff Sunday CORE VALUES Gods Glory, The Bible The Gospel, Christs Our Focus Our Our Passion Church, Our Authority Family DISCIPLIN G Helping others to follow

531 views • 35 slides
Safety Data Sheet (SDS) OSHA HazCom Standard 29 CFR 1910.1200(g), Rev. 2012 and GHS Rev 03.

Safety Data Sheet (SDS) OSHA HazCom Standard 29 CFR 1910.1200(g), Rev. 2012 and GHS Rev 03.

FORM SDS-00077 REV 03 Page 1/6 Safety Data Sheet (SDS) OSHA HazCom Standard 29 CFR 1910.1200(g), Rev. 2012 and GHS Rev 03. Printing date 12/19/2014 Reviewed on 12/19/2014 * 1 Identification Product identifier Trade name: Trehalose Slides

258 views • 6 slides
CS 3700 Networks and Distributed Systems The Web Client-Server Computing 2 99% of all

CS 3700 Networks and Distributed Systems The Web Client-Server Computing 2 99% of all

CS 3700 Networks and Distributed Systems The Web Client-Server Computing 2 99% of all distributed systems use client-server architectures! Today: look at the most popular client-server The Web The Web The Web has become a

1.57k views • 113 slides
What is frame busting? What is frame busting? HTML allows for any site to frame any URL with an

What is frame busting? What is frame busting? HTML allows for any site to frame any URL with an

What is frame busting? What is frame busting? HTML allows for any site to frame any URL with an IFRAME (internal frame) &lt;iframe src=http://www.google.com&gt; Ignored by most browsers &lt;/iframe&gt; What is frame busting?

539 views • 52 slides
NRC Workshop on 10 CFR Part 61 Phoenix Hyatt Regency Hotel March 4, 2011 Afternoon Agenda 1:10

NRC Workshop on 10 CFR Part 61 Phoenix Hyatt Regency Hotel March 4, 2011 Afternoon Agenda 1:10

NRC Workshop on 10 CFR Part 61 Phoenix Hyatt Regency Hotel March 4, 2011 Afternoon Agenda 1:10 - 1:20p Introductory Remarks (L. Camper) 1:20 - 1:40 NRC Keynote Speaker (Charlie Miller) An Overview of the FSME LLW Program &amp; Public

944 views • 69 slides

More recommend