Random Facts about Web App Security

Preview:

Click to see full reader

Citation preview

Random facts about

Web Apps SecurityŁukasz Wójcik @ Lumesse

XSS

Simple example (http://localhost:9090/)- persistent- not persistent

http://localhost:9090/

Stealing SESSION (using XSS)

- sending cookies to 3rd party host- using this cookie - we are in :)

Prevention against XSS

- simple solution (<c:out value="${variable} escapeXml="true">)

- sanitize data- store encoded (yyy..?)

Prevention against stealing cookie

- making it HTTP only (and secure)- fingerprint as an implicit 'secret'- token must not by sequential (randomly distributed)

Open redirect

- what and how?

Passwords

- how should we store passwords in DB- MD5 vs SHA1- pros and cons of above

Maybe better… make it BF proof

- make it computation intensive (1024 iteration of calculating SHA1 takes time)

- user better algorithms (BCrypt)- use masking

Last Question:

What is http://3585379724 ?or http://mb@nk.pl ?or even worst http://mbank.pl@3585379724 ??

THX

Sources : https://github.com/muciu/webappsecurity.git

https://github.com/muciu/webappsecurity.git

Recommended

RANDOM FACTS - Kids Activities Blog...RANDOM FACTS Tha wo’ be re You fart on average 14 ti a day, and each fart travels from your body at 7 m. Kangaroos can not wa baws. Whi u s
Documents
Determining the Facts: Vocabulary Jeopardy! Overview ... the Facts...game. • The game will begin with a random team starting play by choosing a category and point value. The teacher
Documents
60 Random Facts about Digna
Self Improvement
Facts Behind High Costs of App Development
Technology
Random-Walk Interpretations of Classical Iteration Methods · 2016. 12. 15. · values where the random variable is a function of a random walk. We now review some facts about expected
Documents
APP FACTS WSN802 Building Automation · 2019-02-01 · DNT2400 APP FACTS Automation systems can provide important data related to building performance that help facility managers
Documents
Random Nle Facts
Documents
9 random facts about model united nations
Education
Random I Random II Random III Random IV Random V
Documents
Probability Revieaarti/Class/10701/recitation/prob_review.pdfPlan I Facts about sets (to get our brains in gear). I De nitions and facts about probabilities. I Random variables and
Documents
7 Random Facts About How the World's Workers Collaborate
Documents
Random Facts
Technology
Argentina Random Facts
Documents
The stylized facts: some typical time seriesfinance.martinsewell.com/stylized-facts/Stylized_Facts.pdf · random walk, if no further assumptions are made other than further assumptions
Documents
SharePoint Fun Facts - toddklindt.com August 2013/SharePoint Fun... · SharePoint Fun Facts Todd Klindt & Shane Young Level: ... • Creates the content web app based on the server’s
Documents
21 Random Stats and Facts about Google Adwords...21 Random Stats and Facts about Google Adwords At least 95% of Google’s total revenue comes from advertising Google rakes in 33%
Documents
Who I Am! Shanté Aisha Allen. Introducing Me A couple of random facts.... :: I love Diego and Arthur.…
Documents
Social Media APP FACTS Parent & Student Information · Social Media APP FACTS Parent & Student Information . the foundation. 00 oo You Tube . APP FACTS SNAPCHAT 13+ is a app that
Documents
10 Lehmer Random Number Generator. A case study Fast ...users.monash.edu/~app/CSE3142/Lnts/Crng.pdf · • The Lehmer random number generator was used in some software packages, specifically
Documents
University of Warwick · Contents 0 Basic facts of probability theory ii 0.1 Probability measure . . . . . . . . . . . . . . . . . . . . . . . . ii 0.2 Random variables
Documents