Reliable Mitigation of DOM-based XSS
|
|
- Silas Welch
- 8 years ago
- Views:
Transcription
1 Intro XSS Implementation Evaluation Q&A Reliable Mitigation of DOM-based XSS Tobias Mueller / 39
2 Intro XSS Implementation Evaluation Q&A About me The results Motivation about:me MSc. cand. Dipl. Inf. presenting results of diploma thesis / USENIX paper 45 min. presentation ask immediately, Q&A afterwards 2 / 39
3 Intro XSS Implementation Evaluation Q&A About me The results Motivation Spoiler Is it possible to reliably defend against DOM-based XSS without breaking the Web? recognise new code from attacker-provided strings modified V8 s scanner, WebKit s strings, and the bindings for Chromium evaluated protection, compatibility, and speed yes, with some exceptions 3 / 39
4 Intro XSS Implementation Evaluation Q&A About me The results Motivation 1 Intro Motivation 2 Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Protection 3 Implementation Taint Tracking Compilation Chromiums Architecture V8 4 Evaluation Protection Compatibility Execution Speed 5 Q&A 4 / 39
5 Motivation feet
6 Intro XSS Implementation Evaluation Q&A About me The results Motivation Severity of XSS 2004: OWASP Top : OWASP Top : OWASP Top : OWASP Top 3 6 / 39
7 Intro XSS Implementation Evaluation Q&A About me The results Motivation Severity of XSS - 10% of CVEs are XSS 7 / 39
8 Intro XSS Implementation Evaluation Q&A About me The results Motivation Severity of XSS XSS is very common and dangerous 8 / 39
9 Intro XSS Implementation Evaluation Q&A About me The results Motivation Severity of XSS - 2 mio user records 9 / 39
10 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Overview of section 2 1 Intro Motivation 2 Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Protection 3 Implementation Taint Tracking Compilation Chromiums Architecture V8 4 Evaluation Protection Compatibility Execution Speed 5 Q&A 10 / 39
11 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Cross-Site Scripting (XSS) Code Execution in the victim s browser (JavaScript) Code execution use all browser APIs use Web app in the name of the user obtain credentials spy on behaviour 11 / 39
12 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Reflected XSS <?php // returning unsanitised data echo $_GET[ bar ];?> Attack: 12 / 39
13 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Reflected XSS Victim Browser 2 Sensitive Data 4 GET vuln/?param=xss <html>... XSS... </html> 1 3 Attacker Web Server 13 / 39
14 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Reflected XSS Victim Browser 2 Sensitive Data 4 GET vuln/?param=xss <html>... XSS... </html> 1 3 Attacker Web Server 13 / 39
15 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Reflected XSS Victim Browser 2 Sensitive Data 4 GET vuln/?param=xss <html>... XSS... </html> 1 3 Attacker Web Server 13 / 39
16 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Reflected XSS Victim Browser 2 Sensitive Data 4 GET vuln/?param=xss <html>... XSS... </html> 1 3 Attacker Web Server 13 / 39
17 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS <?php // store.php store_in_db ( some_key, $_POST[ bar ]);?> <?php // retrieve.php // returning unsanitised data echo get_from_db ( some_key );?> Attack: 1 POST / 39
18 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS Victim Browser 3 5 <html>... XSS... </html> Sensitive Data GET / POST vuln/?param=xss Attacker Web Server 15 / 39
19 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS Victim Browser 3 5 <html>... XSS... </html> Sensitive Data GET / POST vuln/?param=xss Attacker Web Server 15 / 39
20 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS Victim Browser 3 5 <html>... XSS... </html> Sensitive Data GET / POST vuln/?param=xss Attacker Web Server 15 / 39
21 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS Victim Browser 3 5 <html>... XSS... </html> Sensitive Data GET / POST vuln/?param=xss Attacker Web Server 15 / 39
22 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Stored XSS Victim Browser 3 5 <html>... XSS... </html> Sensitive Data GET / POST vuln/?param=xss Attacker Web Server 15 / 39
23 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS <HTML> <TITLE>Welcome!</TITLE> Hi <SCRIPT> var pos = document.url.indexof("name=")+5; document.write(document.url.substring(pos,document.url.length)); </SCRIPT> <BR> Welcome to our system... </HTML> Attack: 16 / 39
24 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS Neither Stored- nor Reflected-XSS!!111elfeins Client-side vulnerability Read from (attacker controlled) properties of the loaded document document.location, window.name, etc... Write to security sensitive sinks eval, document.write, etc... eval(document.location.hash.substring(1)) 17 / 39
25 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS Victim Browser 2 Sensitive Data 4 GET / <html>... <script>... </html> 1 3 Attacker Web Server 18 / 39
26 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS Victim Browser 2 Sensitive Data 4 GET / <html>... <script>... </html> 1 3 Attacker Web Server 18 / 39
27 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS Victim Browser 2 Sensitive Data 4 GET / <html>... <script>... </html> 1 3 Attacker Web Server 18 / 39
28 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-based XSS Victim Browser 2 Sensitive Data 4 GET / <html>... <script>... </html> 1 3 Attacker Web Server 18 / 39
29 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection DOM-XSS protection mechanisms server-side solutions inappropriate as data does not leave the client turn off JavaScript... breaks the Web WebKit s XSS Auditor Only smarter string matching inherent weaknesses, e.g. in WebKit, not V8 eval Block tainted JavaScript code too coarse grained, breaks the Web: var name=d.url.substring(d.url.indexof("name=")) use knowledge of data flows to only allow data values and forbid code 19 / 39
30 Intro XSS Implementation Evaluation Q&A Reflected XSS Stored XSS DOM-based XSS Protection Interlude: Recap XSS is a problem DOM-XSS is a client-side problem The client is the appropriate place for a fix The idea is to observe data flows to allow literals but block new code 20 / 39
31 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Overview of section 3 1 Intro Motivation 2 Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Protection 3 Implementation Taint Tracking Compilation Chromiums Architecture V8 4 Evaluation Protection Compatibility Execution Speed 5 Q&A 21 / 39
32 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Taint Tracking Annotate data and track it throughout perl -T navigator.taintenabled() 22 / 39
33 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Automated data flow detection WebKit DOM Tree Initialize v8 with JS code Tainted value t1 V8 Javascript Engine x = document.location.hash Store taint t1 in node document.title Tainted value t1 V8 Bindings Pass on taint inside v8 document.title = x y = document.title We still know the actual, unsecure source! (document.location.hash) 23 / 39
34 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Compilation Source Code Compiler Lexer var foo = bar ; Parser Code Generator Program 24 / 39
35 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Compilation Source Code Compiler Lexer var foo = bar ; VAR ID EQ STR SEMI Parser Code Generator Program 24 / 39
36 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Compilation Source Code Compiler Lexer Parser var foo = bar ; VAR ID EQ STR SEMI VariableStatement: var VariableDeclarationList Code Generator Program 24 / 39
37 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Compilation Source Code Compiler Lexer Parser var foo = bar ; VAR ID EQ STR SEMI VariableStatement: var VariableDeclarationList Code Generator sub esp, 4 Program 24 / 39
38 Intro XSS Implementation Evaluation Q&A Taint Tracking Compilation Architecture V8 Architecture Chromium 12,000k SLoC WebKit HTML Rendering 800k SLoC C++ V8 JavaScript Execution 700k SLoC C++ 25 / 39
39
40 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Overview of section 4 1 Intro Motivation 2 Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Protection 3 Implementation Taint Tracking Compilation Chromiums Architecture V8 4 Evaluation Protection Compatibility Execution Speed 5 Q&A 30 / 39
41 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Evaluation Protection: Test cases and vulnerable top Web apps ( 8% vuln.) Compatibility: Test cases and top Execution speed: standard benchmarks against baseline 31 / 39
42 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Protection - Setup in vitro (test suite) Pre-existing test suite in vivo (real world large-scale study) Find existing vulnerability + Sites with DOM-based XSS vulnerabilities Regression test + Create witness inputs Test with proposed implementation # rejections ˆ= protection capability 32 / 39
43 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Protection - Results Without XSS Auditor Taint Aware browser Exploitable Domains Protection Rate 0% 28.01% 100% Table : Protection Capabilities of the XSS Auditor and the taint browser 33 / 39
44 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Compatibility - Setup Obtain list of top Web sites Browse Web sites Collect block reports #rejects ˆ= compatibility 34 / 39
45 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Compatibility - Results 8 (out of 10000) wrongfully blocked Web apps: al.com, blogger.com, elpais.com, google.com, ixian.cn, miami.com, mlive.com, toyota.jp 35 / 39
46 Intro XSS Implementation Evaluation Q&A Protection Compatibility Execution Speed Execution Speed - Setup Run Experiment Select Browser Chromium Vanilla Chromium Taint Firefox Internet Explorer Opera Select Benchmark Kraken Sunspider Dromaeo Octane Run Benchmark create fresh profile 10 times 20 times run benchmark collect results 36 / 39
47 Execution Speed - Results - 23% vs. 39%, 49%, and 63% Patched Chrome Firefox Internet Explorer Epiphany Opera Slowdown factor Kraken Sunspider Dromaeo Octane v2
48 Intro XSS Implementation Evaluation Q&A Overview of section 5 1 Intro Motivation 2 Cross-Site Scripting (XSS) Reflected XSS Stored XSS DOM-based XSS Protection 3 Implementation Taint Tracking Compilation Chromiums Architecture V8 4 Evaluation Protection Compatibility Execution Speed 5 Q&A 38 / 39
49 Intro XSS Implementation Evaluation Q&A Q&A Client-side protection mechanism against DOM-XSS Thorough evaluation of the proposed implementation Review of existing XSS protection mechanisms to be read in Precise Client-side Protection against DOM-based XSS, in: 23rd USENIX Security Symposium (USENIX Security 14). Questions? 39 / 39
A Tale of the Weaknesses of Current Client-Side XSS Filtering
Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering Martin Johns, Ben Stock, Sebastian Lekies About us Martin Johns, Ben Stock, Sebastian Lekies Security Researchers at SAP, Uni
More information25 Million Flows Later Large- scale Detec6on of DOM- based XSS. Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns
25 Million Flows Later Large- scale Detec6on of DOM- based XSS Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns Me, myself and I Dr. Martin Johns Background in software engineering Academic
More informationA Tale of the Weaknesses of Current Client-side XSS Filtering
A Tale of the Weaknesses of Current Client-side XSS Filtering Sebastian Lekies (@sebastianlekies), Ben Stock (@kcotsneb) and Martin Johns (@datenkeller) Attention hackers! These slides are preliminary!
More informationPrecise client-side protection against DOM-based Cross-Site Scripting
Precise client-side protection against DOM-based Cross-Site Scripting Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Patrick Spiegel SAP AG patrick.spiegel@sap.com Sebastian Lekies SAP AG sebastian.lekies@sap.com
More informationDetection of DOM-based Cross-Site Scripting by Analyzing Dynamically Extracted Scripts
Detection of DOM-based Cross-Site Scripting by Analyzing Dynamically Extracted Scripts Suman Saha 1, Shizhen Jin 2,3 and Kyung-Goo Doh 3 1 LIP6-Regal, France Suman.Saha@lip6.fr 2 GTOne, Seoul, Korea jinshzh@gmail.com
More informationCross Site Scripting (XSS) and PHP Security. Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011
Cross Site Scripting (XSS) and PHP Security Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011 What Is Cross Site Scripting? Injecting Scripts Into Otherwise Benign and Trusted Browser Rendered
More informationRelax Everybody: HTML5 Is Securer Than You Think
Relax Everybody: HTML5 Is Securer Than You Think Martin Johns (@datenkeller) SAP AG Session ID: ADS-W08 Session Classification: Advanced Motivation For some reason, there is a preconception that HTML5
More information25 Million Flows Later - Large-scale Detection of DOM-based XSS
25 Million Flows Later - Large-scale Detection of DOM-based XSS Sebastian Lekies SAP AG sebastian.lekies@sap.com Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Martin Johns SAP AG martin.johns@sap.com
More informationSecure Coding. External App Integrations. Tim Bach Product Security Engineer salesforce.com. Astha Singhal Product Security Engineer salesforce.
Secure Coding External App Integrations Astha Singhal Product Security Engineer salesforce.com Tim Bach Product Security Engineer salesforce.com Safe Harbor Safe harbor statement under the Private Securities
More informationProject 2: Web Security Pitfalls
EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course
More informationExample. Represent this as XML
Example INF 221 program class INF 133 quiz Assignment Represent this as XML JSON There is not an absolutely correct answer to how to interpret this tree in the respective languages. There are multiple
More informationDocument Structure Integrity: A Robust Basis for Cross-Site Scripting Defense
Document Structure Integrity: A Robust Basis for Cross-Site Scripting Defense Yacin Nadji Illinois Institute Of Technology Prateek Saxena UC Berkeley Dawn Song UC Berkeley 1 A Cross-Site Scripting Attack
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationAnalysis of Browser Defenses against XSS Attack Vectors
Analysis of Browser Defenses against XSS Attack Vectors Shital Dhamal Department of Computer Engineering Lokmanya Tilak College of Engineering Koparkhairne,Navi Mumbai,Maharashtra,India Manisha Mathur
More informationA Server and Browser-Transparent CSRF Defense for Web 2.0 Applications. Slides by Connor Schnaith
A Server and Browser-Transparent CSRF Defense for Web 2.0 Applications Slides by Connor Schnaith Cross-Site Request Forgery One-click attack, session riding Recorded since 2001 Fourth out of top 25 most
More informationNetwork Security Web Security
Network Security Web Security Anna Sperotto, Ramin Sadre Design and Analysis of Communication Systems Group University of Twente, 2012 Cross Site Scripting Cross Side Scripting (XSS) XSS is a case of (HTML)
More informationProtection, Usability and Improvements in Reflected XSS Filters
Protection, Usability and Improvements in Reflected XSS Filters Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University May 2, 2012 1 / 19 Riccardo Pelizzi Improvements
More informationA tale of the weaknesses of current client-side XSS filtering
A tale of the weaknesses of current client-side XSS filtering Sebastian Lekies SAP AG sebastian.lekies@sap.com @sebastianlekies Martin Johns SAP AG martin.johns@sap.com @datenkeller Ben Stock FAU Erlangen-Nuremberg
More informationAlhambra: A System for Creating, Enforcing, and Testing Browser Security Policies
Alhambra: A System for Creating, Enforcing, and Testing Browser Security Policies ABSTRACT Shuo Tang University of Illinois, Urbana-Champaign, IL stang6@illinois.edu Onur Aciicmez Samsung Advanced Institute
More informationWeb-Application Security
Web-Application Security Kristian Beilke Arbeitsgruppe Sichere Identität Fachbereich Mathematik und Informatik Freie Universität Berlin 29. Juni 2011 Overview Web Applications SQL Injection XSS Bad Practice
More informationXSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks
XSS-GUARD : Precise Dynamic Prevention of Cross Site Scripting (XSS) Attacks Prithvi Bisht (http://cs.uic.edu/~pbisht) Joint work with : V.N. Venkatakrishnan Systems and Internet Security Laboratory Department
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationSESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER
SESSION IDENTIFIER ARE FOR NOW, PASSWORDS ARE FOREVER XSS-BASED ABUSE OF BROWSER PASSWORD MANAGERS Ben Stock, Martin Johns, Sebastian Lekies Browser choices Full disclosure: Ben was an intern with Microsoft
More informationServer-Side JavaScript Injection Bryan Sullivan, Senior Security Researcher, Adobe Secure Software Engineering Team July 2011
Server-Side JavaScript Injection Bryan Sullivan, Senior Security Researcher, Adobe Secure Software Engineering Team July 2011 Abstract This whitepaper is presented in support of the BlackHat USA 2011 talk,
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationThe Past, Present and Future of XSS Defense Jim Manico. HITB 2011 Amsterdam
The Past, Present and Future of XSS Defense Jim Manico HITB 2011 Amsterdam 0 Jim Manico Managing Partner, Infrared Security Web Developer, 15+ Years OWASP Connections Committee Chair OWASP ESAPI Project
More informationUniversal XSS via IE8s XSS Filters
Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides: http://p42.us/ie8xss/ About Us Eduardo Vela Nava aka sirdarckcat http://sirdarckcat.net http://twitter.com/sirdarckcat
More informationAdvanced XSS. Nicolas Golubovic
Advanced XSS Nicolas Golubovic Image courtesy of chanpipat / FreeDigitalPhotos.net Today's menu 1. Starter: reboiled XSS 2. Course: spicy blacklists & filters 3. Course: sweet content sniffing 4. Course:
More informationAMIT KLEIN, FORMER DIRECTOR OF SECURITY AND RESEARCH, SANCTUM
AMIT KLEIN, FORMER DIRECTOR OF SECURITY AND RESEARCH, SANCTUM A whitepaper from Watchfire TABLE OF CONTENTS Introduction 1 Full Explanation The XSS Technique. 1 Scope and Feasibility.. 3 Variations on
More informationClient Side Cross Site Scripting
Client Side Cross Site Scripting 1 Client Side Cross Site Scripting CLIENT SIDE XSS - DI PAOLA 2 Soluzioni e sicurezza per applicazioni mobile e payments Consorzio Triveneto, azienda leader nei sistemi
More informationHTML5. Eoin Keary CTO BCC Risk Advisory. www.bccriskadvisory.com www.edgescan.com
HTML5 Eoin Keary CTO BCC Risk Advisory www.bccriskadvisory.com www.edgescan.com Where are we going? WebSockets HTML5 AngularJS HTML5 Sinks WebSockets: Full duplex communications between client or server
More informationCross-site site Scripting Attacks on Android WebView
IJCSN International Journal of Computer Science and Network, Vol 2, Issue 2, April 2013 1 Cross-site site Scripting Attacks on Android WebView 1 Bhavani A B 1 Hyderabad, Andhra Pradesh-500050, India Abstract
More informationFinding XSS in Real World
Finding XSS in Real World by Alexander Korznikov nopernik@gmail.com 1 April 2015 Hi there, in this tutorial, I will try to explain how to find XSS in real world, using some interesting techniques. All
More informationAcunetix Website Audit. 5 November, 2014. Developer Report. Generated by Acunetix WVS Reporter (v8.0 Build 20120808)
Acunetix Website Audit 5 November, 2014 Developer Report Generated by Acunetix WVS Reporter (v8.0 Build 20120808) Scan of http://filesbi.go.id:80/ Scan details Scan information Starttime 05/11/2014 14:44:06
More informationClient vs. Server Implementations of Mitigating XSS Security Threats on Web Applications
Journal of Basic and Applied Engineering Research pp. 50-54 Krishi Sanskriti Publications http://www.krishisanskriti.org/jbaer.html Client vs. Server Implementations of Mitigating XSS Security Threats
More informationJavaScript static security analysis made easy with JSPrime
JavaScript static security analysis made easy with JSPrime Nishant Das Patnaik & Sarathi Sabyasachi Sahoo nishant.dp@gmail.com & sarathisahoo@gmail.com JavaScript is the lingua-franca of Web 2.0 and, recently,
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationThe Top Web Application Attacks: Are you vulnerable?
QM07 The Top Web Application Attacks: Are you vulnerable? John Burroughs, CISSP Sr Security Architect, Watchfire Solutions jburroughs@uk.ibm.com Agenda Current State of Web Application Security Understanding
More informationHTTPParameter Pollution. ChrysostomosDaniel
HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider
More informationCross Site Scripting Prevention
Project Report CS 649 : Network Security Cross Site Scripting Prevention Under Guidance of Prof. Bernard Menezes Submitted By Neelamadhav (09305045) Raju Chinthala (09305056) Kiran Akipogu (09305074) Vijaya
More information2009-12-26 PST_WEBZINE_0X04. How to solve XSS and mix user's HTML/JavaScript code with your content with just one script
ACS - Active Content Signatures By Eduardo Vela Nava ACS - Active Content Signatures How to solve XSS and mix user's HTML/JavaScript code with your content with just one script Eduardo Vela Nava (sirdarckcat@gmail.com)
More informationAttacks on Clients: Dynamic Content & XSS
Software and Web Security 2 Attacks on Clients: Dynamic Content & XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client
More informationAre AJAX Applications Vulnerable to Hack Attacks?
Are AJAX Applications Vulnerable to Hack Attacks? The importance of Securing AJAX Web Applications This paper reviews AJAX technologies with specific reference to JavaScript and briefly documents the kinds
More informationHOD of Dept. of CSE & IT. Asst. Prof., Dept. Of CSE AIET, Lko, India. AIET, Lko, India
Volume 5, Issue 12, December 2015 ISSN: 2277 128X International Journal of Advanced Research in Computer Science and Software Engineering Research Paper Available online at: www.ijarcsse.com Investigation
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationSeminar: Cryptographic Protocols Staged Information Flow for JavaScript
Seminar: Cryptographic Protocols Staged Information Flow for JavaScript Sebastian Wild 1 Introduction JavaScript is an important component of modern web applications since it is possible to execute code
More informationWeb Application Security
Web Application Security A Beginner's Guide Bryan Sullivan Vincent Liu Mc r New York Chicago San Francisco Lisbon London Madrid Mexico City Milan New Delhi San Juan Seoul Singapore Sydney Toronto Contents
More informationCriteria for web application security check. Version 2015.1
Criteria for web application security check Version 2015.1 i Content Introduction... iii ISC- P- 001 ISC- P- 001.1 ISC- P- 001.2 ISC- P- 001.3 ISC- P- 001.4 ISC- P- 001.5 ISC- P- 001.6 ISC- P- 001.7 ISC-
More informationUploaded images filter evasion for carrying out XSS attacks
February 25, 2007 Uploaded images filter evasion for carrying out XSS attacks Digitаl Security Research Group (DSecRG) Alexander Polyakov a.polyakov@dsec.ru http://dsecrg.ru Table of contents Introduction...3
More informationExploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense
Exploitation of Cross-Site Scripting (XSS) Vulnerability on Real World Web Applications and its Defense Shashank Gupta Lecturer in Department of Information Technology, Model Institute of Engineering and
More informationChapter 1 Web Application (In)security 1
Introduction xxiii Chapter 1 Web Application (In)security 1 The Evolution of Web Applications 2 Common Web Application Functions 4 Benefits of Web Applications 5 Web Application Security 6 "This Site Is
More informationThomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch
Thomas Röthlisberger IT Security Analyst thomas.roethlisberger@csnc.ch Compass Security AG Werkstrasse 20 Postfach 2038 CH-8645 Jona Tel +41 55 214 41 60 Fax +41 55 214 41 61 team@csnc.ch www.csnc.ch What
More information1000 Projects later. Security Code Scans at SAP
1000 Projects later Security Code Scans at SAP About Us Ruediger Bachmann is a Development Architect at SAP AG working, as member of the central code analyses team, in the areas application security and
More informationWhat about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)
Security What about MongoDB? Even though MongoDB doesn t use SQL, it can be vulnerable to injection attacks db.collection.find( {active: true, $where: function() { return obj.credits - obj.debits < req.body.input;
More informationelearning for Secure Application Development
elearning for Secure Application Development Curriculum Application Security Awareness Series 1-2 Secure Software Development Series 2-8 Secure Architectures and Threat Modeling Series 9 Application Security
More informationWhat is Web Security? Motivation
brucker@inf.ethz.ch http://www.brucker.ch/ Information Security ETH Zürich Zürich, Switzerland Information Security Fundamentals March 23, 2004 The End Users View The Server Providers View What is Web
More informationRecent Web Security Technology. Lieven Desmet iminds-distrinet-ku Leuven 3th February 2015 B-CCENTRE closing workshop Lieven.Desmet@cs.kuleuven.
Recent Web Security Technology Lieven Desmet iminds-distrinet-ku Leuven 3th February 2015 B-CCENTRE closing workshop Lieven.Desmet@cs.kuleuven.be About myself: Lieven Desmet Research manager at KU Leuven
More informationBug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)
Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.
More informationSidste chance for Early Bird! Tilmeld dig før d. 30. juni og spar 4.000 DKK. Læs mere og tilmeld dig på www.gotocon.
Sidste chance for Early Bird! Tilmeld dig før d. 30. juni og spar 4.000 DKK. Læs mere og tilmeld dig på www.gotocon.com/aarhus-2012 SIKKERHED I WEBAPPLIKATIONER Anders Skovsgaard Hackavoid anders@hackavoid.dk
More informationBASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS
BASELINE SECURITY TEST PLAN FOR EDUCATIONAL WEB AND MOBILE APPLICATIONS Published by Tony Porterfield Feb 1, 2015. Overview The intent of this test plan is to evaluate a baseline set of data security practices
More informationA Survey on Threats and Vulnerabilities of Web Services
A Survey on Threats and Vulnerabilities of Web Services A Thesis submitted in partial fulfillment of the requirements for the degree of Master of Computer Science and Engineering of Jadavpur University
More informationSecurity in Offline Web Applications
Security in Offline Web Applications Anja Svartberg Master of Science in Communication Technology Submission date: November 2009 Supervisor: Danilo Gligoroski, ITEM Co-supervisor: Kåre Presttun, Mnemonic
More informationWeb attacks and security: SQL injection and cross-site scripting (XSS)
Web attacks and security: SQL injection and cross-site scripting (XSS) License This work by Z. Cliffe Schreuders at Leeds Metropolitan University is licensed under a Creative Commons Attribution-ShareAlike
More informationA Study on Dynamic Detection of Web Application Vulnerabilities
A Study on Dynamic Detection of Web Application Vulnerabilities A Dissertation Presented by Yuji Kosuga Submitted to the School of Science for Open and Environmental Systems in partial fulfillment of the
More informationTowards Automated Malicious Code Detection and Removal on the Web
Towards Automated Malicious Code Detection and Removal on the Web Dabirsiaghi, Arshan Open Web Application Security Project Aspect Security, Inc., 2007 Abstract The most common vulnerability in web applications
More informationBypassing XSS Auditor: Taking Advantage of Badly Written PHP Code
Bypassing XSS Auditor: Taking Advantage of Badly Written PHP Code Anastasios Stasinopoulos, Christoforos Ntantogian, Christos Xenakis Department of Digital Systems, University of Piraeus {stasinopoulos,
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationSpigit, Inc. Web Application Vulnerability Assessment/Penetration Test. Prepared By: Accuvant LABS
Web Application Vulnerability Assessment/enetration Test repared By: Accuvant LABS November 20, 2012 Web Application Vulnerability Assessment/enetration Test Introduction Defending the enterprise against
More informationWeb Application Security
Web Application Security The OWASP Foundation Securing the application Input validation Authorization Session mgmt Config mgmt Authenticatio n Error handling Web server App server DB server Secure storage
More informationxjs: Practical XSS Prevention for Web Application Development
xjs: Practical XSS Prevention for Web Application Development Elias Athanasopoulos, Vasilis Pappas, Antonis Krithinakis, Spyros Ligouras, Evangelos P. Markatos Institute of Computer Science, Foundation
More informationPenetration Test Report
Penetration Test Report Acme Test Company ACMEIT System 26 th November 2010 Executive Summary Info-Assure Ltd was engaged by Acme Test Company to perform an IT Health Check (ITHC) on the ACMEIT System
More informationQualysGuard WAS. Getting Started Guide Version 3.3. March 21, 2014
QualysGuard WAS Getting Started Guide Version 3.3 March 21, 2014 Copyright 2011-2014 by Qualys, Inc. All Rights Reserved. Qualys, the Qualys logo and QualysGuard are registered trademarks of Qualys, Inc.
More informationEnhancing JavaScript Engine to Detect and Prevent XSS
The Interdisciplinary Center, Herzliya Efi Arazi School of Computer Science Enhancing JavaScript Engine to Detect and Prevent XSS M.Sc. Thesis Submitted by Tsvi Cherny-Shahar Under the supervision of Dr.
More informationChallenges of Automated Web Application Scanning
1 Challenges of Automated Web Application Scanning "Why automated scanning only solves half the problem." Blackhat Windows 2004 Seattle, WA Jeremiah Grossman (CEO) WhiteHat Security, Inc. 2 Speaker Bio
More informationØredev 2006. Web application testing using a proxy. Lucas Nelson, Symantec Inc.
Øredev 2006 Web application testing using a proxy Lucas Nelson, Symantec Inc. Agenda What is a proxy? Setting up your environment Pre-login tests Post-login tests Conclusion A man in the middle proxy The
More informationANNEXURE-1 TO THE TENDER ENQUIRY NO.: DPS/AMPU/MIC/1896. Network Security Software Nessus- Technical Details
Sub: Supply, Installation, setup and testing of Tenable Network Security Nessus vulnerability scanner professional version 6 or latest for scanning the LAN, VLAN, VPN and IPs with 3 years License/Subscription
More informationSmart (and safe) Lighting:
Smart (and safe) Lighting: An Overview of Cyber Security October 29, 2015 Jason Brown CISO, Merit Network Agenda 2 The New Normal Discuss Methodologies of Security Recap Q & A Target Hack 3 40,000 credit
More informationWeb Application Vulnerability Scanning. VITA Commonwealth Security & Risk Management. April 8, 2016
Web Application Vulnerability Scanning VITA Commonwealth Security & Risk Management April 8, 2016 1 Terms Threat A thing that can cause harm Vulnerability A flaw that can be exploited to cause bad things
More informationIntegrated Network Vulnerability Scanning & Penetration Testing SAINTcorporation.com
SAINT Integrated Network Vulnerability Scanning and Penetration Testing www.saintcorporation.com Introduction While network vulnerability scanning is an important tool in proactive network security, penetration
More informationSecurity Tools - Hands On
Security Tools - Hands On SecAppDev 2014 Ken van Wyk, @KRvW! Leuven, Belgium 10-14 February 2014 Caveats and Warnings This is not a sales pitch for any product(s) If you want to talk to a sales person,
More informationSecurity features of ZK Framework
1 Security features of ZK Framework This document provides a brief overview of security concerns related to JavaScript powered enterprise web application in general and how ZK built-in features secures
More informationSecurity Model for the Client-Side Web Application Environments
Security Model for the Client-Side Web Application Environments May 24, 2007 Sachiko Yoshihama, Naohiko Uramoto, Satoshi Makino, Ai Ishida, Shinya Kawanaka, and Frederik De Keukelaere IBM Tokyo Research
More informationAjaxScope: Remotely Monitoring Client-side Web-App Behavior
AjaxScope: Remotely Monitoring Client-side Web-App Behavior Emre Kıcıman emrek@microsoft.com Ben Livshits livshits@microsoft.com Internet Services Research Center Microsoft Research Runtime Analysis &
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationArcGIS Server Security Threats & Best Practices 2014. David Cordes Michael Young
ArcGIS Server Security Threats & Best Practices 2014 David Cordes Michael Young Agenda Introduction Threats Best practice - ArcGIS Server settings - Infrastructure settings - Processes Summary Introduction
More informationRobust Defence against XSS through Context Free Grammar
Robust Defence against XSS through Context Free Grammar 1 Divya Rishi Sahu, 2 Deepak Singh Tomar 1,2 Dept. of CSE, MANIT, Bhopal, MP, India Abstract JavaScript is one of the world s most widely adopted
More informationWeb Application Exploits
Monday, November 10, 2014 Resources: see final slide CS342 Computer Security Department of Computer Science Wellesley College Web Evolution o Static content: Server serves web pages created by people.
More informationWatch What You Write: Preventing Cross-Site Scripting by Observing Program Output
Watch What You Write: Preventing Cross-Site Scripting by Observing Program Output Matias Madou, Edward Lee, Jacob West and Brian Chess Fortify Software 2215 Bridgepointe Pkwy, Suite 400 San Mateo, CA,
More informationPerformance Testing for Ajax Applications
Radview Software How to Performance Testing for Ajax Applications Rich internet applications are growing rapidly and AJAX technologies serve as the building blocks for such applications. These new technologies
More informationHacking Web Apps. Detecting and Preventing Web Application Security Problems. Jorge Blanco Alcover. Mike Shema. Technical Editor SYNGRESS
Hacking Web Apps Detecting and Preventing Web Application Security Problems Mike Shema Technical Editor Jorge Blanco Alcover AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO
More informationA Multi agent Scanner to Detect Stored XSS Vulnerabilities
A Multi agent Scanner to Detect Stored XSS Vulnerabilities E. Galán, A. Alcaide, A. Orfila, J. Blasco University Carlos III of Madrid, UC3M Leganés, Spain {edgalan,aalcaide,adiaz,jbalis}@inf.uc3m.es Abstract
More informationCSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities
CSE598i - Web 2.0 Security OWASP Top 10: The Ten Most Critical Web Application Security Vulnerabilities Thomas Moyer Spring 2010 1 Web Applications What has changed with web applications? Traditional applications
More informationCross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis
Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis Philipp Vogt, Florian Nentwich, Nenad Jovanovic, Engin Kirda, Christopher Kruegel, and Giovanni Vigna Secure Systems Lab Technical
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection 2
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationHow to Build a Trusted Application. John Dickson, CISSP
How to Build a Trusted Application John Dickson, CISSP Overview What is Application Security? Examples of Potential Vulnerabilities Strategies to Build Secure Apps Questions and Answers Denim Group, Ltd.
More informationComplete Cross-site Scripting Walkthrough
Complete Cross-site Scripting Walkthrough Author : Ahmed Elhady Mohamed Email : ahmed.elhady.mohamed@gmail.com website: www.infosec4all.tk blog : www.1nfosec4all.blogspot.com/ [+] Introduction wikipedia
More informationNational Information Security Group The Top Web Application Hack Attacks. Danny Allan Director, Security Research
National Information Security Group The Top Web Application Hack Attacks Danny Allan Director, Security Research 1 Agenda Web Application Security Background What are the Top 10 Web Application Attacks?
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationJVA-122. Secure Java Web Development
JVA-122. Secure Java Web Development Version 7.0 This comprehensive course shows experienced developers of Java EE applications how to secure those applications and to apply best practices with regard
More informationNoSQL, But Even Less Security Bryan Sullivan, Senior Security Researcher, Adobe Secure Software Engineering Team
NoSQL, But Even Less Security Bryan Sullivan, Senior Security Researcher, Adobe Secure Software Engineering Team Agenda Eventual Consistency REST APIs and CSRF NoSQL Injection SSJS Injection NoSQL databases
More information