Random facts about

Web Apps SecurityŁukasz Wójcik @ Lumesse

XSS

Simple example (http://localhost:9090/)- persistent- not persistent

Stealing SESSION (using XSS)

- sending cookies to 3rd party host- using this cookie - we are in :)

Prevention against XSS

- simple solution (<c:out value="${variable} escapeXml="true">)

- sanitize data- store encoded (yyy..?)

Prevention against stealing cookie

- making it HTTP only (and secure)- fingerprint as an implicit 'secret'- token must not by sequential (randomly distributed)

Open redirect

- what and how?

Passwords

- how should we store passwords in DB- MD5 vs SHA1- pros and cons of above

Maybe better… make it BF proof

- make it computation intensive (1024 iteration of calculating SHA1 takes time)

- user better algorithms (BCrypt)- use masking

Last Question:

What is http://3585379724 ?or http://mb@nk.pl ?or even worst http://mbank.pl@3585379724 ??

THX

Sources : https://github.com/muciu/webappsecurity.git