web security vulnerabilities attacks
play

Web Security: Vulnerabilities & Attacks Dawn Song Cross-site - PowerPoint PPT Presentation

Feb 29, 2024 •223 likes •760 views

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities & Attacks Dawn Song Cross-site Scripting Dawn Song What is Cross-site Scripting (XSS)? Vulnerability in web application that

  1. Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities & Attacks Dawn Song

  2. Cross-site Scripting Dawn Song

  3. What is Cross-site Scripting (XSS)? • Vulnerability in web application that enables attackers to inject client-side scripts into web pages viewed by other users. Dawn Song

  4. T ype 2 T ype 1 T ype 0 Three T ypes of XSS • Type 2: Persistent or Stored – The attack vector is stored at the server • T ype 1: Refmected – The attack value is ‘refmected’ back by the server • T ype 0: DOM Based – The vulnerability is in the client side code Dawn Song

  5. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail T ransfers banking content User 1. User asks a question via HTTP POST (message: “How do I get a loan?”) Server Dawn Song

  6. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail ransfers T banking content User 1. User asks a question via HTTP POST (message: “How do I get a loan?”) 2. Server stores question in Server database. Dawn Song

  7. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d requests A ccounts Bill Pay Mail T ransfers banking content Associ the ate 1. User asks a questions question via page HTTP POST (message: “How do I get a loan?”) 2. Server stores question in Server database. Dawn Song

  8. T ype 2 T ype 1 T ype 0 Consider a form on safebank.com that allows a user to chat with a customer service associate. SAFEBANK login passwor d c A counts Bill P ay Mail T ransfers banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST (message: “How do I get a DB loan?”) 2. Server stores question in Server database. Dawn Song

  9. T ype 2 T ype 1 T ype 0 PHP CODE: <? echo "<div class=’question'> $question </div>";?> SAFEBANK login passwor d HTML Code: <div class= ’question' > ”How do I get a loan?” </div> c A counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST (message: “How do I get a DB 5. Server loan?”) returns HTML 2. Server stores embedded with question in the question Server database. Dawn Song

  10. T ype 2 T ype 1 T ype 0 PHP CODE: <? echo "<div class=’question'> $question </div>";?> SAFEBANK login passwor d HTML Code: <div class= ’question' > ”How do I get a loan?” </div> A c counts Bill P ay Mail ransfers T banking content User 3. Associate SAFEBANK login passwor d 4. Server requests A ccounts Bill Pay Mail T ransfers retrieves banking content Associ the ate 1. User asks a all questions question via questions page from the HTTP POST SAFEBA (message: “How do I get a DB 5. Server loan?”) NK Customer 5: returns HTML “How do I get a loan?” 2. Server stores embedded with question in the question Server database. Dawn Song

  11. T ype 2 T ype 1 T ype 0 T ype 2 XSS Injection Look at the following code fragments. Which one of these could possibly be a comment that could be used to perform a XSS injection? a. '; system('rm –rf /'); b. rm –rf / c. DROP TABLE QUESTIONS; d. <script>doEvil()</script> Dawn Song

  12. T ype 2 T ype 1 T ype 0 Script Injection Which one of these could possibly be a comment that could be used to perform a XSS injection? a. '; system('rm –rf /'); b. rm –rf / c. DROP TABLE QUESTIONS; d. <script>doEvil()</script> <html><body> ... <div class=‘question’> <script>doEvil()</script> </div> ... </body></html> Dawn Song

  13. T ype 2 T ype 1 T ype 0 Stored XSS 1. Attacker asks malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) Server Dawn Song

  14. T ype 2 T ype 1 T ype 0 Stored XSS 1. Attacker asks malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  15. T ype 2 T ype 1 T ype 0 Stored XSS 3. Victim requests SAFEBANK login passwor d the A ccounts Bill Pay Mail T ransfers banking content Associ questions ate 1. Attacker asks page malicious question via HTTP POST ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  16. T ype 2 T ype 1 T ype 0 Stored XSS 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB ( message: “<script>doEvil()</script>” ) 2. Server stores Server question in Dawn Song

  17. T ype 2 T ype 1 T ype 0 Stored XSS PHP CODE: <? echo "<div class=’question'> $question </div>";?> HTML Code: <div class= ’question' > <script>doEvil()</script> </div> 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB 5. Server returns ( message: “<script>doEvil()</script>” ) HTML embedded 2. Server with malicious stores question Server question in Dawn Song

  18. T ype 2 T ype 1 T ype 0 Stored XSS PHP CODE: <? echo "<div class=’question'> $question </div>";?> HTML Code: <div class= ’question' > <script>doEvil()</script> </div> 3. Victim requests SAFEBANK login passwor d the 4. Server A ccounts Bill Pay Mail T ransfers banking content Associ questions retrieves ate 1. Attacker asks page malicious malicious question question via HTTP POST from the DB SAFEBA 5. Server returns ( message: NK “<script>doEvil()</script>” ) Customer 5: HTML embedded 2. Server with malicious stores question Server question in Dawn Song

  19. T ype 2 T ype 1 T ype 0 Three T ypes of XSS • T ype 2: Persistent or Stored – The attack vector is stored at the server • Type 1: Refmected – The attack value is ‘refmected’ back by the server • T ype 0: DOM Based – The vulnerability is in the client side code Dawn Song

  20. T ype 2 T ype 1 T ype 0 Example Continued: Blog • safebank.com also has a transaction search interface at search.php safebank.com/search.php?query=chocolate • search.php accepts a query and shows the SAFEBA results, with a helpful message at the top. NK Your query chocolate returned 81 results. <? echo “Your query $_GET['query'] returned (results) $num results.";?> Example: Your query chocolate returned 81 results. • What is a possible malicious URI an attacker could use to exploit this? Dawn Song

  21. T ype 2 T ype 1 T ype 0 T ype 1: Refmected XSS A request to “search.php?query=<script>doEvil()</script>” causes script injection. Note that the query is never stored on the server, hence the term 'refmected' PHP Code: <? echo “Your query $_GET['query'] returned $num results.";?> HTML Code: Your query <script>doEvil()</script> returned 0 results But this only injects code in the attacker’s page. The attacker needs to inject code in the user’s page for the attack to be efgective. Dawn Song

  22. T ype 2 T ype 1 T ype 0 Refmected XSS 1. Send Email with malicious link safebank.com/search.php?query=<script>doEvil()</script> (email client) User Vulnerable Server Dawn Song

  23. T ype 2 T ype 1 T ype 0 Refmected XSS 1. Send Email with malicious link safebank.com/search.php?query=<script>doEvil()</script> 2. Click on Link with malicious params (email client) User Vulnerable Server Dawn Song

  24. T ype 2 T ype 1 T ype 0 Refmected XSS Your query 1. Send Email <script>doEvil()</script> with malicious link returned 0 results safebank.com/search.php?query=<script>doEvil()</script> 3. Server inserts malicious params into HTML 2. Click on Link with malicious params (email client) User Vulnerable Server Dawn Song

Recommend

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State

Defending against Memory Corruption Vulnerabilities and Advanced Attacks Gang Tan Penn State University Spring 2019 CMPSC 447, Software Security * some slides adapted from those by Trent Jaeger Overflow Vulnerabilities Despite

901 views • 46 slides
Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug

Introduction to Network Security Chapter 4 Taxonomy of Network-Based Vulnerabilities Dr. Doug Jacobson - Introduction to 1 Network Security - 2009 Topics Network Security Model Header attacks Protocol Attacks

597 views • 25 slides
Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song

Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song

Computer Security Course. Dawn Song Web Security: Vulnerabilities &amp; Attacks Dawn Song Cross-site Request Forgery Dawn Song Example Application Consider a social networking site, GraceBook, that allows users to share happenings from

696 views • 54 slides
Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User

Computer Security Course. Dawn Computer Security Course. Dawn Song Song Web Security: Vulnerabilities &amp; Attacks Slide credit: John Mitchell Dawn Song Security User Interface Dawn Song Safe to type your password?

652 views • 47 slides
The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security

CS 640: Introduction to Computer Networks Aditya Akella Lecture 25 Network Security The Road Ahead Security Vulnerabilities DoS and D-DoS Firewalls Security Vulnerabilities Security Problems in the TCP/IP Protocol

1.29k views • 13 slides
Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust

Engineering Secure Software The Basics of Software Security Terminology Vulnerabilities Trust Boundary Attacks Threats Application Attacker Exploit Vulnerability : a software defect with security consequences Threat : a potential danger to

1.54k views • 80 slides
Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio

10/25/19 Outline A taxonomy of CR security threats Primary user emulation attacks Cognitive Radio Network Security Byzantine failures in distributed spectrum sensing Security vulnerabilities in IEEE 802.22 Yao Zheng 1 2

383 views • 7 slides
Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to

DAISY D ata A nalysis and I nformation S ecurit Y Lab Vulnerabilities of Voice Assistants at the Edge: From Defeating Hidden Voice Attacks to Audio-based Adversarial Attacks Yingying (Jennifer) Chen Professor, Electrical and Computer

1.05k views • 46 slides
ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User

ISE 331 Fundamentals of Computer Security Authentication and Attacks Agenda User Authentication Authentication process Means of authentication Passwords Vulnerabilities of passwords Password Cracking Dictionary Attacks

472 views • 21 slides
SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017

SQL Injection Attacks: A Quick Primer hassan.abudu@owasp.org OWASP Top 10 Vulnerabilities - 2017 Rank Name 1 Injection 2 Broken Authentication 3 Sensitive Data Exposure 4 XML External Entities 5 Broken Access Control 6 Security

682 views • 8 slides
vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration

Security &amp; Knowledge Management a.a. 2019/20 There are a set of sources that provide updated information about security vulnerabilities CVE, Common Vulnerabilities and Exposures CWE, Common Weakness Enumeration CAPEC,

197 views • 8 slides
NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2

1 NECESSARY BACKGROUND ON MEMORY EXPLOITS AND WEB APPLICATION VULNERABILITIES Outline 2 Memory safety attacks Buffer overruns Format string vulnerabilities Web application vulnerabilities SQL injections Cross-site

901 views • 39 slides
CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC410/611: Security Security Security Attacks Security Threats Crypto

CPSC 410 / 611 : Operating Systems CPSC410/611: Security Security Security Attacks Security Threats Crypto Authentication Examples SSL Security Threats Breach of confidentiality unauthorized access to

458 views • 18 slides
Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction

Database Security Threats and Vulnerabilities John Bissonette Aaron McClure Introduction Databases are the crown jewels of a business or organization Security is paramount Vulnerabilities grant attackers keys to the

600 views • 14 slides
802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and

802.11 Denial-of-Service Attacks Real Vulnerabilities and Practical Solutions John Bellardo and Stefan Savage Department of Computer Science and Engineering University of California, San Diego Motivation n 802.11-based networks have flourished

389 views • 25 slides
WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and

WISTP 07 A comparative analysis of common threats, vulnerabilities, attacks and countermeasures within smart card and wireless sensor network node technologies. Kevin Eagles, Konstantinos Markantonakis and Keith Mayes Smart Card Centre,

337 views • 22 slides
Hunting PBX For Vulnerabilities Sachin Wagh Security Analyst Security Intelligence Team @

Hunting PBX For Vulnerabilities Sachin Wagh Security Analyst Security Intelligence Team @

Hunting PBX For Vulnerabilities Sachin Wagh Security Analyst Security Intelligence Team @ Symantec Speaker at Hakon and Geek Street - Infosecurity Europe Bug Hunter | Penetration Tester Security Blogger @tiger_tigerboy

801 views • 38 slides
Contactless Payment Cards: Vulnerabilities, Attacks, and Solutions Dr. Ricardo J. Rodr guez

Contactless Payment Cards: Vulnerabilities, Attacks, and Solutions Dr. Ricardo J. Rodr guez

Contactless Payment Cards: Vulnerabilities, Attacks, and Solutions Dr. Ricardo J. Rodr guez All wrongs reversed rjrodriguez@unizar.es @RicardoJRdez www.ricardojrodriguez.es Department of Computer Science and Systems Engineering

1.83k views • 137 slides
(IN)SECURITY , RISK &amp; THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK &amp; THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at

(IN)SECURITY , RISK &amp; THE LIFECYCLE OF VULNERABILITIES Dr. Stefan Frei Security Architect at Swisscom frei@techzoom.net Twitter @stefan_frei Cyber &amp; Networking Security Networking security has become critical issue for all types

788 views • 66 slides
Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing

Webapp security: SQL injection Network Security Lecture 9 Today We have finished analyzing the security of network protocols We will now focus on web applications and their vulnerabilities (and attacks) SQL injection Eike Ritter

815 views • 25 slides
HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel

HOWTO Basic Vulnerabilities and their Exploitation Samuel Angebault HOWTO Reminders Basic Vulnerabilities and their Vulnerabilities Exploitation Security Samuel Angebault staphylo@lse.epita.fr http://lse.epita.fr/ July 18, 2013 Table

969 views • 57 slides
Software Security Explorative Lecture A brief history of security problems attacks on

Software Security Explorative Lecture A brief history of security problems attacks on

1/30/2020 Software Security Explorative Lecture A brief history of security problems attacks on multi-user UNIX systems for fun viruses &amp; worms attacking operating systems due to buffer overflow, format string attacks, integer

477 views • 37 slides
Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun &amp;

Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun &amp;

15th USENIX Security Symposium | July 31st August 4th 2006 | Vancouver, B.C. - Canada Security vulnerabilities, exploits and attack patterns: 15 years of art, pseudo-science, fun &amp; profit Ivn Arce Core Security Technologies Humboldt

767 views • 41 slides
iLab2: WWW Security Johannes Naab &lt;2019-03-15 Fri&gt; Contents 1 WWW Basics 1 2

iLab2: WWW Security Johannes Naab &lt;2019-03-15 Fri&gt; Contents 1 WWW Basics 1 2

iLab2: WWW Security Johannes Naab &lt;2019-03-15 Fri&gt; Contents 1 WWW Basics 1 2 Security 2 3 Attacks 3 4 Defenses &amp; Mitigation 5 5 Reporting Vulnerabilities 7 1 WWW Basics reading mails chatting on facebook

177 views • 7 slides

More recommend