Developing Secure Web Application - Cross-Site Scripting (XSS)
Download as PPTX, PDF5 likes1,007 views
This document discusses cross-site scripting (XSS) attacks. It begins with an overview of XSS and its prevalence as an attack method. It then describes the same origin policy and how XSS works, differentiating between reflected and stored XSS. The document demonstrates how to perform a reflected XSS attack and provides prevention methods, such as input validation, encoding output, and securing cookies. It aims to educate about this common web vulnerability and how to develop more secure applications.
Developing Secure Web Application - Cross-Site Scripting (XSS)
- 1. Developing Secure Web Application Cross-Site Scripting (XSS) Cezar Coca Endava 10th of November 2012
- 2. Agenda • Why? • Formal description • Same Origin Policy • How to perform an XSS attack • Demo • Prevention of XSS attacks
- 3. OWASP Top Ten (2010 Edition) http://www.owasp.org/index.php/Top_10
- 4. At first sight =
- 5. Second sight
- 6. XSS formal description Types – at least two primary flavors • Non-persistent (or reflected) • Persistent (or stored) Typical impact • Steal user’s session (hijack session) • Rewrite web page • Redirect user to phishing or malware site • Most Severe: Install XSS proxy
- 7. Same Origin Policy – Security Domain
- 8. Same Origin Policy - DOM
- 9. Same Origin Policy - DOM
- 10. Same Origin Policy - DOM
- 11. Reflected XSS Illustrated Attacker send the victim a misleading email with a link 1 containing malicious JavaScript
- 12. Reflected XSS Illustrated When the victim clicks on the link, the HTTP request is initiated from the victim's browser and sent to the vulnerable Web application. 2 Attacker send the victim a misleading email with a link 1 containing malicious JavaScript
- 13. Reflected XSS Illustrated The malicious JavaScript is then reflected back to the victim's browser, where it is executed in the context of When the victim clicks on the the victim user's session link, the HTTP request is initiated from the victim's browser and 3 sent to the vulnerable Web application. 2 Attacker send the victim a misleading email with a link 1 containing malicious JavaScript
- 14. DEMO – deployment diagram
- 15. LET’S HACK
- 16. Second sight
- 17. Prevention of XSS Attack – part 1 • Input Validation • Canonicalize data first • Prevent encoded attacks • Black list testing is no solution • Black lists are never complete! • White list testing is better • Only what you expect will pass • Regular expressions • HTML Encoding • HTML encoding of all input when put into output pages
- 18. Prevention of XSS Attack – Multiple contexts Browser have multiple contexts that must be considered! HTML HTML <STYLE> <SCRIPT> URL Body Attributes Context Context Context
- 19. Prevention of XSS Attack – Session Hijacking • Session hijacking • “HttpOnly" Cookies • "secure" Cookies. Cookies are only sent over SSL • Disable TRACE • References: • http://www.owasp.org/index.php/XSS_(Cross Site Scripting) Prevention Cheat Sheet • http://ha.ckers.org/xss.html • http://www.owasp.org/index.php/ESAPI
- 22. Diamond Sponsors Platinum Sponsors Gold Sponsors Training Partners Media Partners Other Partners