Cross Site Scripting(XSS)
Download as PPTX, PDF0 likes641 views
Cross-site scripting (XSS) allows malicious code to be injected into web applications, potentially enabling attacks like cookie theft, account hijacking, and phishing. There are three main types of XSS attacks: reflected, stored, and DOM-based. Reflected XSS tricks the user into clicking a malicious link, while stored XSS embeds malicious code directly into the website. DOM-based XSS targets vulnerabilities in client-side scripts. XSS remains a significant threat and proper input validation and output encoding are needed to help prevent attacks.
Cross Site Scripting(XSS)
- 1. Presented by: Nabin Dutta 3rd Year , IT Class Roll: 44 Mentor: Mrs. Suparna Seal
- 2. Sl. No Topic 1 What is XSS? 2 Diagram of Typical XSS attack 3 XSS attack used for: 4 Types of XSS 5 Reflected XSS 6 Attack Scenario of Reflected XSS 7 Stored XSS 8 Attack Scenario of Stored XSS 9 DOM-Based XSS 10 Attack Scenario of DOM Based XSS 11 Steps to an XSS attack 12 Protection 13 Conclusion
- 3. Cross-site scripting or XSS is defined as a computer security vulnerability (weakness) found in web applications. It allows a variety of code to be injected by a malicious user into a webpage The code is written in JavaScript, VBScript, ActiveX, HTML, or Flash It can cause Installation of Trojan horse programs the CSS attack involves three parties – the attacker, a client and the web site. During an attack “everything looks fine” to the end user, but in actuality they are subject to an endless amount of threats
- 5. Hijacking Accounts(stealing their private information) False Advertising & inserting hostile content Cookie theft(stealing other user’s cookies) /poisoning & defacing websites Changing of users settings Conducting phishing attacks performing actions on behalf of other users Spying on user’s web browsing habits.
- 6. 1. Non-Persistent (Reflected) 2. Persistent (Stored ) 3. DOM-Based (Local)
- 7. Most common type An attacker convinces a user to follow a malicious URL which injects code into the resulting page Now the attacker has full access to that pages content
- 9. The user comes in contact with a malicious link, form, or a malicious redirection. The Web application is requested prepared the call by the Bank. The XSS-code is an XSS vulnerability of the banking application, inserted into the page. The infected page with XSS code is sent to the user. The XSS-code context of the page arrived at the user and thus bypassing the "Same Origin" security setting of the Web browser. XSS-code sends stolen data to the server of the attacker.
- 10. JavaScript supplied by the attacker is stored by the website (e.g. in a database) Doesn’t require the victim to supply the JavaScript somehow, just visit the exploited web page More dangerous than Reflected XSS
- 12. The Web application of the bank is called with the XSS code. The malicious code enters into an XSS vulnerability in the application and is stored there. A user calls the Web application of the Bank. The malicious code is installed from the memory to the website. The infected Web page is sent to the user. The XSS code context of the page arrived at the user, and thus bypassing the "Same Origin" security setting of the Web browser. The XSS code sends stolen data to the server of the attacker.
- 13. Occur in the content processing stages performed by the client DOM-Based (Local) Document Object Model Standard object model for representing html or xhtml Problem exists within the page’s client side script If an attacker hosts a malicious site, which contains a vulnerable website on a clients local system, a script can be injected Now the attacker can run the privileges of that users browser on their system.
- 15. The Web application is requested by the Bank prepared the call. The XSS-code inserted in the cookie. The cookie with the malicious code is sent to the user and stored with him. The user calls the Web application of the Bank. The malicious code is installed from the cookie in the Web page. The infected Web page is sent to the user. The XSS code sends stolen data to the server of the attacker.
- 16. Select a target Find an XSS hole, and look if it has any cookies If it has a cookie, then you have found a target Testing Insert code or script pointing to the vulnerability Make sure the page does not appear broken XSS Execution Send your crafted URL to launch it More experienced attackers would do a few redirects to steal cookies, return to site, then attack them harder Decide what to do with the data After collecting data, it is possible to perform an attack
- 17. • The simplest form of XSS protection is to pass all external data through a filter (in server-side). • It is recommended to use libraries that has been tried and tested by the community. • XSS techniques keep changing (your filters will need to be updated periodically).
- 18. XSS is defined as the number one and utmost prevalent website vulnerability on the internet No one is ever completely safe from XSS Can not be expected to write flawless code or have round the clock personnel to answer all possible vulnerability issues As XSS vulnerabilities continue to grow, the best way to protect yourself from it is to be careful and be aware of its existence