secure programming laboratory 4 web attack
play

Secure Programming Laboratory 4: Web Attack SP Demonstrators: - PowerPoint PPT Presentation

Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019 Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and


  1. Secure Programming Laboratory 4: Web Attack SP Demonstrators: Arthur Chan / David Aspinall 15th November 2019

  2. Orientation This is the fourth Laboratory Session for Secure Programming It is convened by Arthur, Henry and David. The handout and other resources are available online via the course web page. ◮ If you have question about the past labs, ask us.

  3. What is this lab about? Cross Site Scripting ◮ Task 1 ~ 2 Attaching JavaScript in web request ◮ Task 3 ~ 5 Attaching attack payload in web request ◮ Task 6 Cross Site Scripting Worm ◮ Task 7 Countermeasures for Cross Site Scripting Cross Site Request Forgery (optional) ◮ Task 1 Web request analysing tools ◮ Task 2 ~ 3 Cross Site Request Forgery ◮ Task 4 Countermeasures for CSRF

  4. What do we hope you will learn? ◮ Understanding client side web attack ◮ Understanding countermeasure for web attack ◮ Understanding further web security concerns

  5. Warning ◮ You will be attacking a web server, always point your attack payload to localhost of the seedlab. ◮ You will be attacking the web server on the following url ◮ http://www.xsslabelgg.com . ◮ http://www.csrflabattacker.com . ◮ http://www.csrflabelgg.com . We have modified the host file in the seed lab to point this url to the localhost of the SEED Lab. Don’t change this setting as it is protecting you not to attack the dice environment and the real network. ◮ ALWAYS KEEP YOUR ATTACK TRIAL WITHIN THE SEED LAB ENVIRONMENT

  6. Solutions and Checkpoints You do not need to submit a lab report to us, but please keep answers to the checkpoint questions for your own use, to check your understanding and when revising the material for the lab. Please do not post solutions on any forum. If solutions are distributed it will spoil the experience for other students using SEED labs around the world. During the lab we will provide individual help and guidance, and also make announcements during the lab with hints and tips. You can always discuss the checkpoint question or any materials with us during the lab section or through Piazza.

  7. Coursework Reminder Coursework deadline: 5pm TODAY (Before the end of this lab) You have 9 files to submit in total for both parts of the coursework, see the final page of each coursework for the required filenames.

  8. Good Luck! We hope you enjoy the lab.

Recommend


More recommend