View
523
Download
0
Category
Preview:
DESCRIPTION
Learn how AJAX is being used for good and evil. See where to find vulnerabilities (hint: not just in the code). Discuss methods others are using to overcome challenges and methods for securing AJAX-based applications.
Citation preview
What is XSSCross Site Scripting
What is Cross Site ScriptingCross Site Scripting (XSS) is a security exploit where malicious scripts are injected into the URL (query strings?) or form fields of a site and then run by unsuspecting victims.
Reflected StoredLocal
Email with Malicious Link
Hacker
Victim
What is XSSNon-Persistent/ReflectedHacker Persuades Victim to click on a URLVictim Clicks LinkScript Embedded in URL Steals Sensitive Info
MaliciousWeb Page
What is XSSNon-Persistent/Reflected- Example
<HTML> <HEAD><TITLE>Search Example</TITLE> <META http-equiv="content-type" content="text/html; charset=utf-8"> </HEAD> <BODY> <H1>Search Results</H1> for
<SCRIPT>alert("Running!")</SCRIPT> <BR> <BR> <h2>Sorry, no results were found.</h2> <BR> <FORM name=search> <INPUT type=text name="keyword" value=“<SCRIPT>alert("Running!")</SCRIPT> <INPUT type=submit value="Go"> </FORM> </BODY> </HTML>
http://myserver/search.aspx?keyword=<SCRIPT>alert("Running!")</SCRIPT>
What is XSSNon-Persistent/Reflected- Defenses
Input ValidationClient side??Request Validation Attribute
Output EncodingHTMLEncode – Black listingMicrosoft Anti-Cross Site Scripting Library - Whitelisting
Guest BookName
Greeting
Guest BookName
Greeting
Hacker
Victim
What is XSSPersistent/StoredHacker Injects Script to DatastoreWhen Victim visits, it is run on their machine
First Name
Last Name
Comments
What is XSS Persistent/Stored - Example
<script> Anything</script>
What is XSS Persistent/Stored - Defenses
Input ValidationClient side??Request Validation Attribute
Output EncodingHTMLEncode – Black listingMicrosoft Anti-Cross Site Scripting Library - Whitelisting
What is XSSDom Based/Local
Email with Malicious Link
Hacker
Victim
Local Page
Hacker Injects Script to DatastoreWhen Victim visits, it is run on their machine
XNever goesTo server
What is XSSNon-Dom Based\Local - Example
<HTML><TITLE>Welcome!</TITLE>Hi<SCRIPT>var pos=document.URL.indexOf("name=")+5;document.write(document.URL.substring(pos,document.URL.length));</SCRIPT><BR>Welcome to our system…</HTML>
http://www.vulnerable.site/welcome.html#name=<script>alert(document.cookie)<script>
What is XSSNon-Dom Based\Local - DefensesJavascript Hardening
Analyze Dom ModificationsdocumentwindowEval() (don’t use)
Regular ExpressionsRemember
Hacker can see your javascriptUse a JSON Parser instead of Eval() (www.json.org)
© 2007 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,
it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
Recommended